Avoid BYOD cloud sprawl and greasy fingers with a private cloud

Avoid BYOD cloud sprawl and greasy fingers with a private cloud

Summary: A private cloud is more secure than public ones for your users and your company's data and is your answer to the inevitability of mobile device-induced cloud sprawl. You want fries with that private cloud?


It's true. Private cloud solutions are better than public ones. Now, that might sound like a classic sweeping generalization to you, but private clouds are better as far a security, privacy, and control. Of course, the cost is not better. But, when you consider your data's value, the cost becomes negligible compared to losing it completely. I'm not saying that public clouds are inherently insecure or that they lack privacy controls. Most public clouds are acceptably secure but they're not as secure as private clouds. And, they never will be.

Consider the following food-related analogy for illustrative purposes.

If I own a single restaurant, Ken's Awesome Burgers, located at a busy intersection in a large city, I might be able to serve 1,000 people per day. It's open 24 hours per day. Ken's Awesome Burgers is like a private cloud. You have to come to it, it's always available and it has lots of patrons (users) but its scope and range are fairly limited. It probably has a dedicated, local following. Again, think private cloud here.

Now, Jason decides to open a chain of burger joints, Jason's Ultra Burger, plus he's going to have mobile kitchens puttering around the city, parking in various locations to scoop up a broader customer base. He serves more than 20,000 people per day and operates 24 hours per day. That is a public cloud.

Which operation has more control over quality, freshness, contamination, and, yes, even security?

Obviously, the single, non-mobile location.

Which one serves more patrons?

The one that's public. By design, Jason's has more exposure.

I can take the analogy even farther by saying that not only is the single location more secure but it's also more intimate. I might only serve 1,000 patrons per day but I know most of them. The service is better, in other words.

Why is the single location more secure?

Because to rob it, a thief would have to come to the location, enter through the door, make his way through the patrons, find the safe, and then rob it. Or, at least rob one of the registers. Sure, a collective attack would make it easier to achieve success but the risk is much greater.

Jason's multiple locations and certainly his mobile restaurants are far more vulnerable to attack because of their more public nature. They're more exposed. Greater access creates a larger attack vector. It is this very fact of a public cloud's larger attack vector that makes many security professionals cringe at the mere thought of using a public cloud provider.

Both Jason and I serve our patrons. We serve different patrons. Private clouds serve a limited group and public clouds serve everyone.

There's nothing particularly wrong with public clouds, multiple-location burger joints, or mobile burger kitchens. But, for companies that value their privacy and security, there's no question of which option provides better service to its patrons. Same argument applies to hamburger restaurants.

If I just want something fast and don't care about customer service or particularly high quality, I'll eat anywhere that's cheap and convenient--and store files in public clouds too. When I want to sit down and dine or use a very high-quality cloud service, I'll opt for the more intimate version every time.

And, although we all want to keep our private cloud private, it's also nice to be able to call in a "to-go" order once in a while from our favorite burger haunt. For the private cloud, I'd like to be able to access it from home as well. And on my mobile devices wherever I happen to be. And, yes, I do want fries with that.

What do you think of private clouds for keeping private files private? Are private clouds the only option for businesses or can public clouds be trusted? Talk back and let me know.

Editorial comment: How long before someone starts a company named Burger Cloud or Cloud Burger? Is there a possibility of a combination cloud storage and burger bar on the horizon?

Topics: Security, Cloud, Privacy, Bring Your Own Device


Kenneth 'Ken' Hess is a full-time Windows and Linux system administrator with 20 years of experience with Mac, Linux, UNIX, and Windows systems in large multi-data center environments.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Private clouds for everyone?

    So if private clouds are more secure, why wouldn't people want their own publicly accessible private cloud?

    For example, I have a small server at home. Admittedly, I'm a network administrator so me having a server or six at home is not surprising. But one of those servers is accessible to the outside world. With appropriate software, it could easily work as a private cloud. Wouldn't that be better for me than using a public cloud? What would the pros and cons be of this approach? Comments?
    • Exactly

      That's exactly what I'm describing. Private cloud with access everywhere for its users.
    • Advantage of Public Clouds

      As a network administrator, you must know that it takes time to make sure your services are available 24/7. Like sometimes having to get up in the middle of the night. Using a public cloud moves that responsibility to another party. Second, there is no initial cost of hardware. Third, public clouds offer nearly infinite redundancy. So, if your service is slashdoted, the existing Amazon or Google infrastructure is capable of handling such growth without physical hardware purchase and configuration. Fourth, you will be maintaining your own bandwidth, so your service will always be limited by the caps you have paid for. Using a public cloud has no pre-determined bandwidth limitations. Fifth, the cloud services offer worldwide replication, so someone requesting your service from China will probably be serviced by a server in Asia. Sixth, using the cloud, a company does not need a network administrator... so they can save all the money they would have paid to you.
      Pea Wormsworth
  • Private VS. Public Clouds.

    I'm with Ken on this one. No one cares more about your Data than you do bottom line. And while I use cloud based storage I also have local copies of everything on my home server. I'm also a network manager, and from my standpoint cloud services are good for some things but not others. I like having local control. I like being able to have one of my people fix something thatn to have to pick up a phone and hope that the guy on the other end of the line can resolve my issue. And most importantly I don't like the idea of being at some cloud provider's mercy if I need to move my data.
  • You should use both

    I disagree with the statement that private clouds is more secure than public clouds. Private clouds are run by corporates who are always looking for was to slash the IT budget. Public clouds are run by companies specializing in providing those services, and as security is high on their list, they will spend the money to get the security experts that corporates won't spend.

    I don't think any corporate CEO will employ a security expert that earns more than him, it just won't happen, while public cloud companies will do it because it is their reputation on the line.

    For me there is place for both. In private clouds you have more control, so you can easier comply with legislation, especially around customer data and financial data. But there is a lot of your data and processes you can migrate to the public cloud and save on the economies of scale and the ease of maintenance.

    It should not be Private VS Public clouds, it should be Private & Public clouds, where to use which better.
  • Does Netgear router plus exteranl drive equal private cloud?

    I have a netgear router that allows me to connect a USB drive to it. That drive is available to me anywhere in the world. I sync both my phones and my tablet to it. When I am using my my laptop out of town, I can easily grab any work file or music file from it if I need to. It does everything that I was paying Dropbox for but I have one tera-byte and NO monthly fees.
    So does that qualify as a private cloud?

    Do public clouds offer more options/security/security than what I am doing?
    All my has is a user name and password
    Just Curious
    • Router vulnabilities

      Several routers got known and unknown vulnerabilities, so your data can be compromised if unlucky. Also just using a password and username can be hacked by trojans, man-in-the-middle attacks and people watching you type. Some cloud services offer two factor authorization, so they more secure in that way. Public cloud providers may hand over your data to governments, companies etc if they feel they need to. Indirectly that also means your data can be for sale. Police, government workers etc that have access to your data may be bribed by journalists, companies, criminals
      • Vulnerabilities

        Thanks for the thoughts. I use it mostly for photos and promotional peices I am working on.
        Guess I won't keep any sensitive data on it.
  • Another advantage

    Following your analogy, lets assume both burger companies have customers that want to add turkey burgers to the menu. That's an easy thing to do with a single location, not so easy with multiple locations and mobile outlets. (Shipping, logistics, storage, etc.) In fact the single outlet owner may only have 50 people out of the daily 1000 that want turkey but it's still fairly easy to do while with multiple locations it would be more trouble than the sales justify.

    The same holds true with cloud solutions. With a private cloud I can tailor it (and the software) exactly the way I want it and change it rapidly if I choose too. With a public cloud I have to use what is made available (only beef burgers) and changing what is available takes a great deal of time and then only if enough of the other customers agree with you.
  • Private VS. Public Clouds

    Public Clouds have 2 missions, data storage and data mining. Private clouds have one mission, the clients data. Everyone talks about security, from whom, other users or the corporation sponsoring the cloud storage who are highly motivated to mine that data for other revenue streams. Cloud storage is the honey-pot necessary for mining to occur. This is about as much of a no-brainier as Facebook's or Google's corporate mission. And we all know how Mr. Z feels about his "clients", the dumb F'ers as he put it. Gmail isn't secure enough to send the wife the grocery list to her cell phone without risking a dozen UN-solicited email offers. Security. I think we need to have an entire conversation on the definition of that word before we can have this cloud discussion. I think we will find that the spectrum ranges from "as long as my friends can't see the smack I'm talking behind their backs", that's security, while others may have an issue with that company mining their data, watching their purchase histories etc. Security can mean so many different things to different people. To me, every single packet of data should be treated like a letter in the US Mail. It's content should be 100% protected and a warrant should be necessary to view its contents. That should be the default position of the internet at large unless otherwise agreed to by all parties involved. Unfortunately the reverse is the reality we have found ourselves left with.
    • Gmail should use public key encryption

      I agree with you about encrypting email. I installed PGP and setup my local email program to use it, then I instructed friends and family on how easy it is for them to add it to their email. But you know what... no one will do it. People are lazy and dont want to be bothered installing software and clicking one extra button when the system already works to provide the service they expect. Most do not want to think about what happens in the background.

      There is no reason that public mail services like Gmail couldnt automatically configure their services to use public key encryption. Especially for email sent locally from gmail to gmail accounts. This could be installed without any change in user functionality. This would not even require a general consensus of protocol standardization.

      IMO, the reason email service providers are not securing the content of your email is two fold:
      1) they want to read/parse the content of your emails in order to generate revenue. Say for placing content targetted advertisements on the page.
      2) they want to sell your content when requested. Say if there is a court order or other legal way to sell your unencrypted data.

      I dont like too much government regulation in regard to the Internet, but this is one area where I wish the government would step in and instruct online email service providers to stop putting our private information at risk in order to maximize their revenue streams.
      Pea Wormsworth
  • Over Simplification

    I think you've oversimplified this quite a bit to the point of my disagreeing. There are public clouds that are just as secure if not more secure than a private one. Think services like Merrill Datasite or even Cloudsafe where all files are stored by account and encrypted with separate encryption keys by client.

    The challenge is most private businesses don't have the skill sets or resources to adequately keep a system as secure as it could or should be. Especially from an ongoing basis perspective due to limited resources.

    Now, if you're talking about consumer oriented cloud services, then I agree. Consumer oriented cloud services like free Google Docs or Dropbox are two examples.
  • There are NO private clouds

    The term "private cloud" is a PR marketing campaign slogan. It is not real. It is designed to take advantage of the fact that most managers do not understand technology and instead gravitate to buzz words.

    There is in fact something that operates as a public cloud. It is called "Intranet" and "web servers". And they has been around much longer then when cloud services took their name. Reality is, that if you are just running your own hosting service, then it really isnt a "cloud" now is it! Its what it always has been, only now, its been renamed in order to take advantage of limited understanding of what a REAL cloud service actually offers.

    Let me remind everyone of what a real cloud provider offers that makes it REAL:
    1) you do not buy or configure your own hardware
    2) you do not buy or manage bandwidth yourself
    3) you do not buy or sell hardware as demand for your service goes up and down
    4) you do not need to pay a System Administrator
    5) you do not need to pay for database administration

    So... what used to require a large team of specialized employees, now becomes primarily a set of programmers with general limited understanding of system and database administration. Furthermore, although backup is required, it becomes less burdensome since a cloud service that randomly loses all your data due to hardware failure or acts of god will not be in business very long.

    That said, there are some kits that allow you to mimic the same set of services offered by public cloud companies. One standard is called "OpenStack". But this is nothing more then a standard set of web services tied together to make deploying web and intraweb services easier to create and grow. But really, this is just a standard grouping of software packages that have always been around. The advantage to using OpenStack locally or other products that mimic a REAL cloud service is that you can easily move existing code from your local systems to a real cloud service or vice-versa. Also, these local cloud copy systems are generally easier to scale. But scaling is something all service software strives for regardless of the cloud moniker.
    Pea Wormsworth
  • yeah, and next we can have Personal Clouds!

    Then each person can have their own Personal Cloud, safe and secure on their own computer. This is the kind of innovation that makes us great.
  • Virtualization + Truecrypt = best of both

    1. Create a VM which can be run locally or in the cloud
    2. Create one or more Truecrypt containers which can be synced from local to cloud & back
    3. Make sure the VM is shut down on the local server when you aren't using it (to avoid physical access)
    4. Use two factor authentication for logins

    This puts data at a high level of encryption wherever it is, and since VMs can move while running (or be restarted in seconds) the data is always highly available. Also, since the data is synced rather than accessed remotely, it is only ever decrypted in local memory.

    Call this a "virtual hybrid cloud" I guess. Some form of this is necessary if even one node of a corporate network connects out, since nothing that touches the internet is truly private. With this approach, you get the best of public wrapped around the best of private.
  • Desktop to Cloud - Browser Migration in the Enterprise

    stay away from the cloud you can put you stuff in it but you can not take it out i payed for a game and it is one of the ea games install it and turned off all of the cloud stuff but it made a accout in my ea games cloud that i had turned off and all so at the apple icloud and i was buying the ipad at a pawn shop at the time it was made and i was told by apple and the ea games people that they can not take it out or off the server at all they hope in the future but they can not take it out now and i did not made these accouts at all i will not use the cloud at all and when they make us do it will i will have my internet turned off for good and they will tell you it is so safe what a lie and i read on the net companys are getting of the cloud because it is so unsafe and do not back up you computer on line hackers love it you are giving they your info for free stop it go buy a ext. hard drive and back it up that is safer then on line