How Securing Public Clouds and Private Data Centers Differ
Here we provide guidance on which security challenges organizations should focus on in public clouds or in private data centers.
Cybersecurity threats abound whether you deploy workloads inside your own data center or use a public cloud. But the nature of the threats, and the main risks you'll want to focus on, vary widely between data centers and the cloud.
Top cloud security risks
In the cloud, major security risks that users have to manage include:
Insecure access controls for cloud services: Attackers could abuse insecure permissions settings to exfiltrate sensitive data or disrupt operations.
API attacks: Because cloud workloads depend heavily on APIs to integrate cloud services and applications, API vulnerabilities are a particularly prevalent risk in the cloud.
Network-based attacks: Cloud workloads are almost always connected to the Internet, at least indirectly, which makes network security especially challenging in the context of the cloud.
Unmanaged sprawl: The ease with which infrastructure and workloads can be spun up in the cloud increases the risk that users inside an organization might deploy cloud resources that are not properly managed or monitored, leading to heightened security risks.
These threats can exist inside private data centers as well, but they're more likely to pose special challenges in the public cloud given the nature of cloud workloads and deployment patterns.
Top security risks for private data centers
In contrast, if you deploy workloads on servers you own within your own data center, the security challenges you'll want to be particularly vigilant of include:
Physical security: Generally speaking, major public clouds do a very good job of preventing unauthorized physical access to their data centers. Physical security controls inside private data centers can vary more widely in quality and depth, so they're an area that requires special care.
Infrastructure security: In the public cloud, cloud providers secure physical servers as part of the shared responsibility model. But if you deploy servers inside your own data center, it's on you to keep those servers secure and up-to-date.
Denial-of-service attacks: Denial-of-Service attacks (in which attackers disrupt data center operations) can occur in the public cloud, but typically only via network-based attack vectors. In contrast, with a private data center that lacks the physical security protections of public clouds, attackers can disrupt operations in other ways – such as by disabling a power supply – if they want to cause harm to a company that depends on the data center.
These risks, too, are not totally unique to private data centers; they can also impact public clouds. But they're more acute in the context of private data centers.
Security advantages and data centers vs. public clouds
It's worth noting as well that in certain ways, public clouds and private data centers offer unique security advantages.
In a private data center, one of the main security advantages that organizations can optionally leverage is the ability to "air gap" workloads, which means disconnecting them entirely from the network, in order to eliminate network-based threats. That's not possible in the public cloud, where workloads are connected to the Internet by definition.
More generally, private data centers also give users more control over how their resources are secured. Businesses can decide exactly which security settings to enforce, which security monitoring tools to use and so on. Making these decisions requires more effort, but it also means that it's possible to enforce even tighter security standards in a private data center than you could achieve in the public cloud, where customers are typically limited to the security tooling and configuration options that their cloud providers support.
On the other hand, the public cloud offers the security advantage of the shared responsibility model, which takes many security responsibilities out of customers' hands. That's advantageous for businesses that lack the staff or expertise to manage security across all layers of their stack on their own.
Securing the cloud vs. securing your data center
To sum up, if you use the cloud, you need to work harder to manage security risks related to APIs, access control and permissions settings, the network and unmanaged workloads. The upside is that you won't have to worry about securing underlying cloud infrastructure, because your cloud provider does that for you.
With a private data center, you face special security risks related to physical access and denial of service, and you have to secure all layers of your stack on your own. But you also have more control over your environments, including the ability to air gap them in some cases.
About the Author
You May Also Like