As I meet with customers, some ask: public or private cloud – which has more security risk? Actually, there are different sets of risks depending on the organization and their compliance needs.

A private cloud is a pool of computing resources controlled by a particular enterprise.  Private clouds deliver a standardized set of services that are specified and architected, for the organization. The path to a private cloud is often driven by the need to maintain control of the delivery environment because of application maturity, performance and/or regulatory requirements, and business differentiation.

The opportunities offered by cloud computing requires a thorough assessment of benefits and risks.

Here are a few reasons why you might prefer a private cloud:

– A regulatory or security concern prevents you from allowing even encrypted data to reside in a public cloud.

– An in-house, customized application requires greater reliability or speed, potentially optimized through your own network rather than relying on the Internet.

– You want control over your assets, including physical possession of the hardware on which your data resides.

A Microsoft private cloud solution creates a layer of abstraction over pooled IT resources.  Private clouds offer the scalability and pooled resources of cloud computing based on the organization’s terms, within dedicated resources in their own datacenter or perhaps in a service provider’s datacenter.

The following key attributes are common across both public and private cloud deployment models:

Pooled Resources
In a private cloud, core resources such as computing, storage, and network are implemented as a resource pool. This enables dynamic provisioning of applications and services.

Once resources are pooled, applications and resources are delivered as services. Consumers of these services can request, configure, and manage these IT services as they see fit through an administrative portal that allows automated provisioning.

Because resources are pooled, they can be expanded or diminished through automation or workflow processes resulting in an environment with resources that scale up or down to meet changing business or usage needs.

With resources as services, usage can be metered so that one only pays for the resources that are actually being consumed.
Taking time to evaluate your security risk tolerance and potential exposures will provide the context to pick and choose the best options for your organization and deployment.

To learn more about Microsoft private cloud, I recommend please read this white paper and exploring the following resources TechNet article: Blueprint for Private Cloud Security.