Public clouds are not the answer but private clouds(virtualization) is a good idea. Sometimes a public cloud is a good idea but most times workloads can be easily virtualized in house with more security and control than the public clouds can offer. With internal clouds you can control access, security, and maintain positive knowledge of who is accessing what on your network. I know the big push is to put EVERYTHING into the public cloud but it really isn’t a good thing if you have something that is covered by security and/or privacy regulations. I have talked about the cloud insecurities and disadvantages many times. I wonder how many mega-breaches it is going to take or how many SMB shutdowns it will take for this fad to die? There’s file deletions, various security issues in many areas, vendor lock-in, and the loss of the ability to get your data when your internet connection fails as many do not have offline access capabilities. There are some good and bad as i outlined in my essay outline. However the very foundation of cloud computing is based on a fundamentally insecure architecture.
The public cloud is good for a few things:
1. E-mail. E-mail is not a secured medium so it is perfect for the cloud
2. Backups/DR. As long as pre-egress encryption is employed then cloud storage for offsite backups is a good idea.
I know I am going against the prevailing trends and risk getting run over by the stampede of businesses heading to the cloud. I have no intention of stopping to sound the alarm nor changing which products i recommend and how I encourage clients to use said technology. That being said if one of my clients is determined to use the cloud (and I have one who has gone mostly to the cloud)I’ll make it happen and guide them through the security morass that is the cloud to the best of my ability.