How to Create a Public Cloud - 4 Security Essentials for a Smooth Transition

How to move from a private to a public cloud infrastructure while retaining the highest levels of security

By Dipti Parmar

By Dipti Parmar September 11, 2019

Moving enterprise software and services to the cloud is no longer a question of “why,” but “when” and “how.” Cloud technology providers aren’t waiting around for companies to get on board the cloud bandwagon anymore, because the benefits are obvious. According to Gartner, a third of technology providers will go from offering cloud-first software to cloud-only software by the end of this year. If the last decade is anything to go by, the rest of the industry won’t lag far behind. 

From highly regulated industries like insurance to largely unregulated industries like services and hospitality, the trend towards the public cloud from private ones has been both rapid and inexorable.

Application programmer working at her laptop.


The lure of the public cloud 

The many benefits of the public cloud have engendered fervent converts among app developers and software providers. It’s these developers who’ve led the push towards a less-private, more-public cloud mix that a majority of industries now use. 

Minimal investment in hardware, licenses, maintenance and other upfront expenses make the public cloud a viable option attractive to both IT and finance departments. The speed and reliability of public clouds make them ideal ecosystems for hosting apps and software that demand consistently high performance capabilities. 

Competition among public cloud providers keeps the public cloud an innovation-driven landscape. To a certain extent, this allows developers to build on pre-existing infrastructure so companies can minimize investments with less frequent upgrades. Cloud services also allow businesses to scale up or down their cloud footprints, based on changing workload and budget needs. 

It’s not cloud-cuckoo land

 These benefits come gift wrapped with some warnings about using the public cloud to run a business effectively and efficiently. While the public cloud offers instant scalability, it also takes away control from company IT administrators and plugs data and systems into Cloud Service Provider (CSP) policies. 

Businesses can usually select geographical regions where their apps would run and where their data would live on the public cloud, but aren’t always able to choose exact locations like specific countries or cities. Having critical services and apps on the public cloud exposes businesses to downtime, whenever there’s a server issue or outage at the CSP.

Data that lives on the public cloud is only as secure as the most vulnerable gateway on the CSP’s network. As more sensitive business data—like customer, healthcare and financial details—is held in public clouds, CSPs become irresistible targets for hackers.

Sometimes the problem can be entirely out of your control. A co-tenant’s error in securing his systems can result in security threats or breaches to your data, for no fault of your own. 

How to venture into public cloud without getting rained out 

The public cloud and hybrid cloud are here to stay because the benefits of these solutions far outweigh any challenges or threats they may pose. With the right combination of policy and execution of cloud infrastructure, most threats can be controlled and mitigated. 

1. Rethink security models for the cloud

 The hangover of legacy ideas in developing security systems for cloud operations is a real bane of this transitional era in cloud computing. What worked for traditional on-premise applications and infrastructure will not work in the cloud, especially not the public cloud. 

Unlike an on-premise system, the public cloud limits the extent of control and customization you have over how you protect your assets in the cloud. It’s a good idea in such a scenario to rejig application architectures to make them more secure, knowing that they’re going to live on a public cloud network. Another approach is to clearly define perimeters of the network to limit exposure to data and applications.

 2. Avoid the temptation to DIY

Cutting costs is often one of the chief reasons for moving to the public cloud from a private, on-premise or hybrid setup. In the enthusiasm to cut costs, too often IT administrators resort to a slap-dash, DIY process guided by homespun strategies that may not be the safest or most responsible way to handle data, applications and associated infrastructure.

 A McAfee study shows that nearly 50% of businesses are delaying the move to the cloud due to a paucity of cybersecurity professionals with the right skill sets. No matter how deceptively simple the transition may seem, trust professionals with the task. Alternately, deploy a dedicated app like Nutanix Move to do all the heavy-lifting involved in a cloud transition in a seamless, automated manner. 

3. Shared responsibility is a reality 

“Unless companies and CSPs clearly divide all the responsibilities for cybersecurity in public cloud environments, some responsibilities could fall through the cracks,” according to a McKinsey report on public clouds. Over the past half-decade or so, CSPs and their customers have reached an unspoken agreement that the onus of securing the cloud network was on the CSP.

 CSPs offer multi-factor user authentication to regular analytics on system usage and real-time security alerts. On the other hand, the client would be responsible for maintaining adequate security controls for all its data on the cloud, by hashing and salting passwords and PII. Similarly, making sure app architecture is designed with security front and center gives clients a degree of control over their cloud resources.

 4. Unify control across private, public and on premise resources 

It’s extremely common for businesses to have some of their applications run on private clouds, some on public clouds, some on-premise and even others on a combination of all of these. However, as we’ve seen, the security methods required to manage each ecosystem are unique in their own way and trying to force-fit one method on an unrelated cloud or on site network is a recipe for disaster. 

Investing in a comprehensive, cross platform security suite is a great way of securing all your assets, whether on the public cloud or otherwise. Nutanix Beam is an example of a multi-cloud security solution that not only gives IT admins complete visibility across all cloud data, applications and infrastructure; it also helps identify and fix security vulnerabilities in real-time.

The 2019 State of the Cloud Survey reveals that while a whopping 84% of enterprises have a multi-cloud strategy, the average business juggles at least five different public and private clouds as part of their IT ecosystem. 

Spelling out and putting into practice a clear and well thought out cloud security policy in a world as rapidly transforming as this is not just important, it’s imperative.

 Dipti Parmar is a contributing writer. She has written for, Entrepreneur, and Inc. Magazine. Follow her on Twitter @dipTparmar.

© 2019 Nutanix, Inc. All rights reserved. For additional legal information, please go here.