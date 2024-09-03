Private or Public Cloud: What to Choose?

September 2024 by Patrick Houyoux LL.M. ULB, Brussels, Trinity College, Cambridge, UK. President – Director PT SYDECO

In December 2023, Patrick Ruiz revealed a significant data breach at Okta, Inc., a San Francisco-based company specializing in identity and access management software for businesses utilizing Cloud-based services. This breach, along with prior incidents like Google Drive’s data loss, reignites concerns about the reliability and security of Cloud service providers.

While Ruiz acknowledges the undeniable advantages of Cloud computing—such as cost-efficient infrastructure maintenance, reduced energy consumption, rapid deployment of applications, and accessible backup solutions—he omits the significant risks and costs that accompany these benefits.

Conversely, David Heinemeier Hansson, co-founder of Basecamp, disputes the cost-effectiveness of Cloud services. In October 2022, Hansson revealed that Basecamp spent over $3.2 million on Cloud services, prompting their shift to on-premise hosting. This move is projected to save $7 million over five years, requiring only a $600,000 investment in hardware, amortized over the same period.

Ruiz’s emphasis on Cloud benefits overlooks critical security concerns, including weak access management, insecure APIs, system vulnerabilities, internal and external threats, data loss, and challenges in cost optimization.

Recent statistics from Check Point Research show a 48% surge in Cloud-based network attacks from 2021 to 2022, corroborated by Kaspersky’s prediction that Cloud technology will become a prime target due to increased digitization. Apple’s December 2023 study underscores this intensifying threat, revealing that over 80% of breaches involve Cloud-stored data, with 2.6 billion records compromised over the past two years.

Given these security risks, the article questions the perceived advantages of Cloud computing. Is it wiser, as Basecamp did, to invest in secure, cost-effective in-house solutions rather than entrusting sensitive data to external Cloud services?

Not only is the cost exorbitant for government, public, or private entities relying on public

Cloud services, but the security of the Cloud remains perpetually in question. Among the top threats in the Cloud, we find:

• Misconfiguration and inadequate change control

• Identity and Access Management issues

• Insecure interfaces and APIs

• Inadequate selection/implementation of Cloud security strategy

• Insecure third-party resources

• Insecure software development

• Accidental Cloud disclosure

• System vulnerabilities

• Limited Cloud visibility/observability

• Unauthenticated resource sharing

• Advanced Persistent Threats

The Private Cloud Solution

The prognosis for the future is equally concerning. Gartner predicts that by 2024, 60% of infrastructure and operations leaders will experience public Cloud cost overruns, negatively affecting available budgets. Consequently, data sovereignty is becoming an essential criterion.

"Digital sovereignty is the main topic in 2024, and sovereign Cloud services are becoming the number one target for businesses. The ICD report mentions that 79% of global government agencies have started revising their IT strategy with digital sovereignty in mind. As of early 2023, 17% of public entities were already using sovereign Cloud services, and 30% plan to adopt similar technologies by 2025."

Given these concerns, the benefits of having a private Cloud at home are increasingly compelling, especially in terms of control, security, and customization. Here’s a detailed breakdown of these advantages:

1. Enhanced Security

o Complete Control Over Data: Full control over your data’s location, access, and use, reducing risks of unauthorized access or breaches.

o Customization of Security Measures: Tailor security protocols to your specific needs, including advanced firewalls, encryption, and monitoring.

o Isolation from External Threats: A private Cloud is isolated from the broader internet, reducing exposure to malware, ransomware, and APTs.

2. Cost Efficiency in the Long Run

o No Recurring Fees: Avoid ongoing subscription fees or unexpected usage charges, with potential long-term savings.

o Scalable Infrastructure: Scale your private Cloud as needed, without worrying about escalating costs.

3. Customization and Flexibility

o Tailored Environment: Create a customized environment aligned with your business processes and compliance needs.

o Dedicated Resources: Enjoy consistent performance with dedicated resources, free from the impact of shared environments.

4. Improved Performance and Reliability

o Reduced Latency: Local hosting minimizes data transfer speeds and latency, ideal for real-time processing.

o Greater Uptime Control: Direct control over maintenance and upgrades ensures minimal downtime.

5. Data Sovereignty and Compliance

o Full Compliance Control: Comply with local regulations and data protection laws, with full control over data storage and processing.

o Audit and Reporting: Implement your own auditing mechanisms for transparent and accountable Cloud operations.

6. Enhanced Privacy

o Data Confidentiality: Ensure your data remains private, without sharing with third-party providers.

o Personalization: Control who has access to your Cloud environment.

7. Operational Control

o Direct Management: Manage all aspects of your private Cloud, from hardware to software, ensuring efficient operations.

o Customization of IT Policies: Implement IT policies without constraints, perfectly aligning your Cloud environment with your goals.

8. Disaster Recovery and Backup

o Tailored Backup Solutions: Design backup and disaster recovery plans that meet your specific needs.

o Localized Recovery: Faster recovery in case of failure, managed in-house without dependency on external providers.

9. Long-Term Investment

o Asset Ownership: Invest in infrastructure with long-term benefits, upgrading as needed to extend its lifespan.

PT SYDECO’s Solution

PT SYDECO proposes SydeCloud©, a highly secure private Cloud solution, protected by the next-generation ARCHANGEL© 2.0 firewall and accessible only via VPN, with the server also protected by ARCHANGEL© 2.0.

SydeCloud©, PT SYDECO’s online file-sharing system, offers an enticing alternative. By housing data and security infrastructure within the organization, it ensures a controlled environment for processing, storing, transmitting, and accessing data securely, without relying on external interventions.

SydeCloud© gathers all the benefits of having a private Cloud.

Conclusion

While Cloud computing presents undeniable benefits, the escalating security risks prompt a reevaluation of its true advantages compared to in-house solutions. The choice between cost-effectiveness and data security remains a critical consideration for businesses in today’s digital landscape.