Cloud Computing Security
Is a Private Cloud Secure?
One of the private cloud characteristics that make them attractive is that the degree of cloud computing security (the degree of trust) can be controlled completely by the organization that uses that facility. If cloud computing security is implemented properly, a private cloud should be no less secure than the data center in which it runs. If an organization wants to implement greater security or to relax cloud computing security in a private cloud, it can. It can also audit and manage the implementation of security for the private cloud much in the same way it audits and manages security in a data center.
Fundamentally, cloud computing security is a matter of policy specification and implementation. A private cloud must be able to allow organizations to specify (and change) cloud computing security policies and implement those policies using for resources it controls.
This question is always one that is motivated by a comparison of public and private cloud computing security characteristics. Private cloud proponents claim that private clouds are more secure than public clouds. In fact, it is possible to deploy a private cloud in a way that has far less cloud computing security than the current batch of public clouds. This happens because it's possible to deploy any infrastructure in an insecure way. Moreover, the public clouds are almost assuredly exposed to a constant barrage of very clever attacks. To withstand these threats they must constantly implement the state-of-the-art in countermeasures.
The real motivation for this question, is not about the degree of cloud computing security that a private cloud offers over a public one, but the degree to which security policy can be controlled, monitored, and changed in response to the needs of the organization. Because public clouds must serve a vast set of competing needs, they are necessarily limited in their ability to allow their users to customize them, particular with respect to the implementation of security policy.
Conversely, a private cloud must support local cloud computing security policy definition and customization and hence there is a perception that they are "more secure."
At Eucalyptus, we take cloud computing security very seriously. We aim to take immediate action to address serious security-related problems that involve our private cloud products or services.