If having private cloud still means having the cost of hardware and software, not to mention the security issues. Is it worth to move to public cloud to save costs?
This is really very interesting question and i try my best to elaborate the differences.
The public cloud should have adopt approach (off-premise IT capabilities or applications, provided by others) and private cloud should opt (on-premise enablement of cloud capabilities with existing IT).
The pro-public crowd has long argued that the ability to consume IT and related services on a pay-per-use model, the speed of access to resources, and the flexibility to add and drop capacity make their approach the only way to go.
The pro-private camp is quick to remind clients that enabling private cloud capabilities — either on site or in a private hosted environment — provides the highest levels of management visibility, control, security, privacy, and physical data proximity. The peace of mind of knowing exactly where your key business and client data resides at all times
These are five key factors to consider before deciding whether private cloud or public cloud is the better fit for your company [http://www.networkworld.com].
1. Budget
If you run a small business that has a tight budget, you should consider a public cloud provider, because you only pay for what you need. Plus, you probably lack the funds to invest in hardware, software, and staff necessary to set up a private cloud.
If you're at a large organization with a bigger budget, it might be cheaper to invest in a private cloud than rent a lot of public cloud resources in order to run long-term projects. You will have complete control over security, compliance, hardware, virtual servers, failover algorithms, and Service Level Agreements (SLAs).
2. Security and compliance
If your organization has Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA), and/or Payment Card Industry Data Security Standard (PCI DSS) compliance requirements to meet, you should choose a private cloud to process or store sensitive documents. You know where in the private cloud the documents are when you want them. Also, your organization has certain security controls that a public cloud provider doesn't have.
The public cloud is more suitable for processing and storing non-sensitive data (you don't care where they are in the cloud). You will likely be satisfied with a public cloud provider's security controls.
3. Hardware and virtual server control
Software as a Service (SaaS) users and Platform as a Service (PaaS) developers have no control over hardware and virtual servers; the only control a SaaS user has is to access an SaaS application. PaaS developers have control over the SaaS application life cycle; they decide what stress testing methodology to use and what operating system to run on the platform. Only the provider has the control over hardware and virtual servers.
If your organization wants complete control over hardware and virtual servers, you should consider a private cloud. If your budget is limited, I recommend looking for a public cloud provider. You can rent a SaaS application or develop simple applications on the PaaS of your choice.
4. Failover control
If you choose to set up a private cloud, you will have complete control over a failover plan to ensure the cloud service will be available to users. You specify which healthy servers can automatically take over when a server's connection fails, or when the server experiences sudden loading spikes. You can test your failover algorithms in different scenarios to make sure they will work properly when a server begins to fail.
A public cloud provider has complete control over a failover plan -- the provider doesn't share its proprietary failover algorithms with you. The public cloud is the right choice if you don't care about the location of any server or which healthy servers would take over.
5. SLA management
A private cloud helps an organization have complete control over SLA management. Your business can see how direct and indirect SLAs are related and what metrics are used in each SLA to measure service availability at given points of time.
A public cloud provider has control over SLAs with all tenants. As a public cloud subscriber, your organization should be allowed limited negotiation on the terms in a SLA, including an exit clause. The provider will not let you view SLAs it has with other tenants and vendors.
Conclusion
If you have sufficient funds, have compliance requirements to meet, and want complete control over security, hardware, failover, and SLA management, a private cloud is your best bet. Otherwise, I advise you to opt for a public cloud provider.
Any data in public cloud will be available to governmental advisors, as it is required by law in most countries, and will become a requirement soon in others. Private cloud is same as your private computer, you can unplug it from the Internet and nobody will access it.
Private cloud can be very cheap - Hadoop installs on a bunch of typical computers (less than $1000 per machine) joined by local network, and it is free software. If you have specialists who perform the calculation you need, they should be able to use all free software in a private cloud.
I think main difference between private vs public cloud is "control". In terms of costs between private vs public, we need to compare case by case basis & apple to apple as there are many ways to reduce costs. But came across security policy of some companies e.g. banks & regulatory compliance enforced by governments can render companies to stick to private cloud in which cost saving may not be the focus. For some banks, costs might not be an issue but control / security / reputation is the utmost importance. For some governments, they make it mandatory that civilian / bank customer's data must stay within the country so that they have more control - hence opting for public cloud might not be the answer.
Public Cloud is definitely the cheaper option in terms of operation costs, but expensive in terms of security and vice versa for Private Cloud. I think the main factor to consider is the security issues associated with the data you want to store....for high security data, its better to incur the hardware cost and use the Private Cloud.
In public cloud, it is pretty clear that security and privacy is a fundamental obstacle to cloud computing’s success. However, when cloud is promoted there is always assurance that any private IT setting would not have the security tools that public cloud computing provided by IBM, Amazon, Google and others!
Thank you all for your valuable input . If I may summarize the discussion, the difference between private and public clouds would be mainly the security and suitability in private cloud; on the other hand, public clouds are less in terms of cost and no hardware required.
This is really very interesting question and i try my best to elaborate the differences.
The public cloud should have adopt approach (off-premise IT capabilities or applications, provided by others) and private cloud should opt (on-premise enablement of cloud capabilities with existing IT).
The pro-public crowd has long argued that the ability to consume IT and related services on a pay-per-use model, the speed of access to resources, and the flexibility to add and drop capacity make their approach the only way to go.
The pro-private camp is quick to remind clients that enabling private cloud capabilities — either on site or in a private hosted environment — provides the highest levels of management visibility, control, security, privacy, and physical data proximity. The peace of mind of knowing exactly where your key business and client data resides at all times
These are five key factors to consider before deciding whether private cloud or public cloud is the better fit for your company [http://www.networkworld.com].
1. Budget
If you run a small business that has a tight budget, you should consider a public cloud provider, because you only pay for what you need. Plus, you probably lack the funds to invest in hardware, software, and staff necessary to set up a private cloud.
If you're at a large organization with a bigger budget, it might be cheaper to invest in a private cloud than rent a lot of public cloud resources in order to run long-term projects. You will have complete control over security, compliance, hardware, virtual servers, failover algorithms, and Service Level Agreements (SLAs).
2. Security and compliance
If your organization has Sarbanes-Oxley Act (SOX), Health Insurance Portability and Accountability Act (HIPAA), and/or Payment Card Industry Data Security Standard (PCI DSS) compliance requirements to meet, you should choose a private cloud to process or store sensitive documents. You know where in the private cloud the documents are when you want them. Also, your organization has certain security controls that a public cloud provider doesn't have.
The public cloud is more suitable for processing and storing non-sensitive data (you don't care where they are in the cloud). You will likely be satisfied with a public cloud provider's security controls.
3. Hardware and virtual server control
Software as a Service (SaaS) users and Platform as a Service (PaaS) developers have no control over hardware and virtual servers; the only control a SaaS user has is to access an SaaS application. PaaS developers have control over the SaaS application life cycle; they decide what stress testing methodology to use and what operating system to run on the platform. Only the provider has the control over hardware and virtual servers.
If your organization wants complete control over hardware and virtual servers, you should consider a private cloud. If your budget is limited, I recommend looking for a public cloud provider. You can rent a SaaS application or develop simple applications on the PaaS of your choice.
4. Failover control
If you choose to set up a private cloud, you will have complete control over a failover plan to ensure the cloud service will be available to users. You specify which healthy servers can automatically take over when a server's connection fails, or when the server experiences sudden loading spikes. You can test your failover algorithms in different scenarios to make sure they will work properly when a server begins to fail.
A public cloud provider has complete control over a failover plan -- the provider doesn't share its proprietary failover algorithms with you. The public cloud is the right choice if you don't care about the location of any server or which healthy servers would take over.
5. SLA management
A private cloud helps an organization have complete control over SLA management. Your business can see how direct and indirect SLAs are related and what metrics are used in each SLA to measure service availability at given points of time.
A public cloud provider has control over SLAs with all tenants. As a public cloud subscriber, your organization should be allowed limited negotiation on the terms in a SLA, including an exit clause. The provider will not let you view SLAs it has with other tenants and vendors.
Conclusion
If you have sufficient funds, have compliance requirements to meet, and want complete control over security, hardware, failover, and SLA management, a private cloud is your best bet. Otherwise, I advise you to opt for a public cloud provider.
The difference between public and private cloud can be thought through in a different way.
Is there a transactional, 3rd party cloud vendor involved in enabling the cloud service? - Then it is a PUBLIC CLOUD.
IS there a monthly / periodical pay out involved for the utilization of a 3rd party hosted cloud facility? - Then it is a PUBLIC CLOUD.
Are there multiple clients / customers using the same cloud facility / infrastructure / platform / application? - Then it is PUBLIC CLOUD.
The corollary of all this is that when I am having my own, non shared systems up in a configured cloud, when my space has only me and is not 'sublet' to other users and the only pay outs for me would be a sort of maintenance upkeep payment to the vendor who has designed my cloud for me (and not a monthly payout for utility-type usage), then that cloud space is a PRIVATE CLOUD.
Coming to risk elements that we normally associate with cloud, many of the 'risks' that are mentioned in literature are typically applicable to the public cloud space only. Take a look at this list.
Lack of Governance and Control - Applies only to public clouds. In private, I am not letting go my IT governance.
Vendor Lock in - There is no such vendor in a private space, except the vendor who enables the creation of the private cloud space.
SLA Adequacy - Same as above
Data Center Location - For a public cloud, I would be concerned whether the data center is located in a risk free zone because my data is hosted in that data center. But my private cloud does not necessarily have such an associated fear.
The list of risk elements that have a different meaning between public and private clouds is longer. I am giving only a few indicative elements.
To put it simply, the "Cloud" is a next-generation virtualization technology with built-in mechanism which allows automated scaling-out when needed. Three things to keep in mind:
- virtualization allows you to "overbook" the hardware. This works very well if you have a large number of users and if you can assume that most of these users will not make much use of their cloud ressources for most of the time.
- there is the overhead for maintaining the infrastructure. Huge overhead per virtual machine for small installations, tiny overhead per virtual machine for huge installations. So a private cloud for a small company will be much less efficient (business-wise) than for a big one and still less efficient than for a big public cloud provider.
- The advantage of having better control over own ressources (security!) in a private cloud is the same for all players, but the importance of this advantage can vary depending on sensitivity of your data.
A small company with highly security sensitive applications may even be a better off if the security of its applications and data is handled by TRUSTED cloud provider. In extreme case, your reasoning may be:
- I have 2 IT guys here. One works on product development, the second one maintains all infastructure. Neither of them is a security expert.
- Provider X has 200 IT-experts. They all work on infrastructure mainteinance and half of them are bussy just with assuring no-one breaks into the system.
And: weather I host it or someone else, we are hooked on the interenet and my service is offered as SaaS.
In this setting, the "Provider X" will certainly be able to provide much more *secure* environment.
Weather I can trust this provider or not is another story. European providers will probably have an advantage over US ones here, due to differnt legal situation. Countries such as Swiss or Germany are a good bet.