Every SaaS provider runs a private cloud

Every SaaS provider runs a private cloud

Summary: The paradox at the heart of 'public' cloud provision is that any provider has to own and manage their own private cloud to deliver a secure, reliable service.

SHARE:

One of the highly misleading assumptions built into the term 'private cloud' is the notion that there's no privacy in the public cloud. People talk as though cloud providers don't use firewalls or private networks or encryption. But of course they do. In most cases, the technology infrastructure they use is far more secure than any private enterprise infrastructure.

In fact, the paradox at the heart of 'public' cloud provision is that any provider has to own and manage their own private cloud to deliver a secure, reliable service. Does anyone imagine for a moment that Salesforce.com doesn't guard the backend of its infrastructure at least as assiduously as any bank or government department? The crown jewels of its infrastructure run on physical servers that it owns and manages itself. Google is even more extreme, having its servers and data centers tailor-made to its own custom designs.

Even if a service sits on public cloud — such as Salesforce.com subsidiary Heroku, which runs on Amazon EC2 servers — the access into that virtual infrastructure is as locked down as any enterprise server pool. The fact that any Web visitor can set up an account and log into the public face of Heroku doesn't detract from the security that governs back-end access into the server instances that make up the underlying platform. If anything, it guarantees that the provider will take extra steps to keep the back-end ultra-secure. Nor do I really understand why an enterprise infrastructure that includes publicly accessible web servers is somehow inherently more secure and hack-proof than a SaaS provider's infrastructure. The track record of countless security breaches at banks, retailers and telecoms providers tells me the opposite.

So next time you log into your private on-demand shared instance of Salesforce.com, NetSuite, Google Apps, WebEx, PayPal or whatever, ask yourself why sharing the infrastructure with users from other organisations should make it any less safe than an application that runs on your own PC or on your organization's own servers. The only difference is that the separation in a public cloud infrastructure is logical — implemented with software — rather than physical. But that logical separation in any reputable provider's infrastructure is going to be as solid as cast-iron. Provided you take sensible precautions to protect your login credentials, there's no reason to suppose you're any less safe on shared infrastructure. On top of that, it comes with all the benefits that public cloud confers: enormous economies of scale, super-hardened resilience and boundless connectivity into the global resources of the connected web.

For many years, apologists for cloud-averse enterprise networks have hijacked the notion of privacy and set it up as a straw-man argument against running cloud computing on public infrastructure. Don't let the simplistic terminology confuse you: public cloud infrastructure can support just as much privacy and security as any private enterprise network.

Topics: Emerging Tech, Cloud, Enterprise Software, Hardware, Security, Servers

Phil Wainewright

About Phil Wainewright

Since 1998, Phil Wainewright has been a thought leader in cloud computing as a blogger, analyst and consultant.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

12 comments
Log in or register to join the discussion
  • Bravo

    Phil,

    Best laid out argument I heard in years to dismantle the stupidity some call private cloud. Bravo!

    Esteban
    Esteban.Kolsky
    • RE: Every SaaS provider runs a private cloud

      @Esteban.Kolsky - that's a pretty harsh perspective Esteban - do you deny any validity to the private model?
      benkepes
      • RE: Every SaaS provider runs a private cloud

        @benkepes yes, i always have and always will. private clouds violate the principles of what it is to work in a cloud: open, interconnected, replaceable components, three-layer-model, etc. just by definition of cloud computing architecture, private clouds are an oxymoron (to say the least), used by lazy vendors and lazy CIOs to pretend they are addressing an issue they are not addressing: embracing cloud computing architecture. just because you deploy internet technology does not mean you deployed a private cloud. similar to calling the internet "the cloud" which lots of people do -- true cloud computing relies on the internet as a transport layer, but they build the three-layer-model on top of it -- not focusing on the commercial web or the internet as the destination, rather the transport.

        while i understand why vendors use private cloud to justify their lack of investment or belief in the real cloud computing model, i feel that the lack of education on what cloud computing can really do (and how) is damaging to the companies that don't have the resources to dig very deep. i wish we could get rid of the concept of the private cloud so those spending money in that useless model could instead spend it in properly deploying secure cloud computing architectures.

        this is one of the hot buttons with me. i have been following distributed architectures in the many different models for the past 25+ years and am happy to see that we are finally getting to a point where a true cloud model can be leveraged and used properly - the private cloud is just another point against it, would like to erradicate the concept as quickly as possible.
        Esteban.Kolsky
  • RE: Every SaaS provider runs a private cloud

    Phil.... hmm, I don't really get what you're saying here. You're saying that there is no validity to the private cloud but using SaaS providers (who run their apps primarily on private clouds) as examples. Surely the extension of your argument is that sfdc, netsuite et al are wrong to do what they do on their own infrastructure?
    benkepes
    • RE: Every SaaS provider runs a private cloud

      @benkepes What I'm saying is that the vocabulary is misleading. Public cloud services have to be built on private cloud infrastructure (sometimes it's virtual private, sometimes its physical private) but the result is still a cloud-scale, highly connected public resource.

      The same term, private cloud, is used to describe enterprise-centric architectures that shy away from connection and are populated with application stacks incapable of operating at cloud scale.

      These two forms of private cloud are completely different animals from one another and it is the second category with which I have a problem.
      philwainewright
  • RE: Every SaaS provider runs a private cloud

    Exactly, what is Public to me is Private to the infrastructure host. If credentials are compromised data is not safe in any environment.

    Ultimately infrastructure security and availability will take priority over many other things. Huge infrastructure spending is the result of Xenophobia, and the Cloud I feel has no meaning if it is physical private!.

    SaaS companies do need to be credited for creating an environment of trust where Private cloud is looked at as not just integrating and maintaining an Application stack and utilization of infrastructure, but because they created a model which paved way for the Private cloud. Ultimately companies will flock to hosts that have a record of accountability, responsibility and trust, and no shareholder will buy into the in house security argument then.
    spynkz
  • RE: Every SaaS provider runs a private cloud

    Great article, and I do agree with the concept that public cloud will be more secure than private cloud, they have more to loose on a data breach.

    That does not take away the need for private clouds however, this will be more in-line with legislation, I don't think any government will allow their banks to have financial information about citizens in what is perceived to be the public cloud.

    The solution to this however would be that big corporations rather implement a cloud infrastructure on their premises from one of the public cloud providers, not from some vendor that only wants to sell more tin.
    nicopretorius
  • RE: Every SaaS provider runs a private cloud

    The concern may not necessarily lie with the sharing of the infrastructure, but trust that the vendor does not have control or can view the data being placed in that cloud.<br><br>For example, government (citizen) data. Those responsible for that data seek to safeguard it from those unauthorized to view it (say a tax return) and do not necessarily trust that Cloud vendors will adhere to strict compliance. Hence, "private cloud".<br><br>
    raydepena
  • RE: Every SaaS provider runs a private cloud

    Ultimately infrastructure security and availability will take priority over many other things. Huge infrastructure spending is the result of Xenophobia, and the Cloud I feel has no meaning if it is physical private!.
    <H1><a href="http://www.yabanci-diziler.com/">yabanci diziler</a></H1>
    halilturker
  • RE: Every SaaS provider runs a private cloud

    Privacy regarding certain personal information for security will always be an issue. Whether this development is a good thing or not, as long as it keeps hackers away,it's good. Security is very important, it's <a href="http://www.similar.ca">similar</a> to installing a lot <a href="http://www.spycameravideo.net">spy camera video</a> in your <a href="http://www.torontohomevalue.ca">Toronto homes</a> for security reasons. Who would want to be hacked by any one.
    biancaann
  • Link building service

    Thanks for sharing this powerful article with us. I've been doing some research for my own <a href="http://linkdominators.com">link building service</a> business, and I found your article by accident.
    alencoder2011@...
  • RE: Every SaaS provider runs a private cloud

    That is true ....
    Today most of the people and organizations use the two words "open source" and "free" for just marketing their real product...
    Thanks..
    Denon DHT-391XP