Every SaaS provider runs a private cloud

The paradox at the heart of 'public' cloud provision is that any provider has to own and manage their own private cloud to deliver a secure, reliable service.

One of the highly misleading assumptions built into the term 'private cloud' is the notion that there's no privacy in the public cloud. People talk as though cloud providers don't use firewalls or private networks or encryption. But of course they do. In most cases, the technology infrastructure they use is far more secure than any private enterprise infrastructure.

In fact, the paradox at the heart of 'public' cloud provision is that any provider has to own and manage their own private cloud to deliver a secure, reliable service. Does anyone imagine for a moment that Salesforce.com doesn't guard the backend of its infrastructure at least as assiduously as any bank or government department? The crown jewels of its infrastructure run on physical servers that it owns and manages itself. Google is even more extreme, having its servers and data centers tailor-made to its own custom designs.

Even if a service sits on public cloud — such as Salesforce.com subsidiary Heroku, which runs on Amazon EC2 servers — the access into that virtual infrastructure is as locked down as any enterprise server pool. The fact that any Web visitor can set up an account and log into the public face of Heroku doesn't detract from the security that governs back-end access into the server instances that make up the underlying platform. If anything, it guarantees that the provider will take extra steps to keep the back-end ultra-secure. Nor do I really understand why an enterprise infrastructure that includes publicly accessible web servers is somehow inherently more secure and hack-proof than a SaaS provider's infrastructure. The track record of countless security breaches at banks, retailers and telecoms providers tells me the opposite.

So next time you log into your private on-demand shared instance of Salesforce.com, NetSuite, Google Apps, WebEx, PayPal or whatever, ask yourself why sharing the infrastructure with users from other organisations should make it any less safe than an application that runs on your own PC or on your organization's own servers. The only difference is that the separation in a public cloud infrastructure is logical — implemented with software — rather than physical. But that logical separation in any reputable provider's infrastructure is going to be as solid as cast-iron. Provided you take sensible precautions to protect your login credentials, there's no reason to suppose you're any less safe on shared infrastructure. On top of that, it comes with all the benefits that public cloud confers: enormous economies of scale, super-hardened resilience and boundless connectivity into the global resources of the connected web.

For many years, apologists for cloud-averse enterprise networks have hijacked the notion of privacy and set it up as a straw-man argument against running cloud computing on public infrastructure. Don't let the simplistic terminology confuse you: public cloud infrastructure can support just as much privacy and security as any private enterprise network.