Even as the cloud becomes increasingly popular, security, the inherent bane of cloud computing, remains as big a risk as before.
Enterprises flock to public clouds primarily due to their pay-per-use model, wherein they may rent the infrastructure as required, and scale it as needed. With cloud, the enterprise does not need to invest in servers or go with the hassles associated with maintaining the infrastructure. However, the cloud provider will share the server space among many enterprises. The security implications of a file stored in such a shared server, outside the company’s firewall and at an unknown place may be too large, and very often outweighs the benefits that such remote storage brings about.
A private cloud is an exclusive on-premise storage array, with the cloud storage nodes installed at the company’s data center. This offers complete control and does away with much of the security risks associated with public clouds. However, the trade-off is flexibility. Private clouds, even when managed by a remote third party, are meant to be exclusively for the enterprise, and therefore costly. The offering may not be as flexible or easily scalable as a public cloud, and most of the benefits associated with public clouds are not available with private clouds.
On the face of it, a hybrid cloud deployment model, which mixes and matches the capabilities of the public cloud and the private cloud, offers the best of both worlds. Most cloud vendors such as Accellion, Citrix, and Oxygen Cloud offer such a capability.
The three major components of a hybrid cloud solution are the public cloud, the private cloud, and a cloud gateway or API offering a transparent connectivity between the public and private storage clouds. The API allows shifting data back and forth between the private and public cloud automatically, as required.
The possibilities with hybrid clouds are endless. The enterprise may choose to retain its sensitive or confidential files within the private cloud, and place generic files in the public cloud. The enterprise may place frequently accessed data on the private cloud, for quick access, while pushing archives and rarely accessed files to the cloud. A hybrid cloud may also be used to replicate data, for back-up purposes.
Many enterprises, even when not migrating to the cloud due to the obvious security risks, could adopt a hybrid cloud model, to acquire additional capabilities that unexpected spikes or seasonal peaks in demand may require. They can similarly downgrade when required, just as easily. The time-consuming and arduous process of adding capacity otherwise may leave such companies unable to meet the extra demands of storage or bandwidth.
The biggest challenge of a hybrid cloud model today is the issue of finding the perfect hybrid cloud provider. Most providers do not offer all the three components: private cloud, public cloud, and API in-house, and outsource one or more of these key components. This would leave unanswered the issues related to accountability and security, vital when selecting a cloud service partner.
Such concerns notwithstanding, the hybrid cloud is a good option for enterprises who would do well by migrating to the cloud, but are hesitant to do so because of the security implications.