Page 266 -
P. 266
Q6-6 How Can Organizations Use Cloud Services Securely?
VPN 265
Private Cloud
Users
Figure 6-23 Organization’s Private
Accessing Private Cloud over Computing Infrastructure
a Virtual Private Network
might balance processing for its different product groups and on different continents, but it is
difficult to imagine that, in doing so, it would save money or time. A company like Falcon Security
is very unlikely to develop a private cloud.
Microsoft, Amazon.com, Oracle, IBM, and other major cloud service vendors employ
thousands of highly trained, very highly skilled personnel to create, manage, administer, and
improve their cloud services. It is unimaginable that any noncloud company, even large ones
like 3M, could build and operate a cloud service facility that competes. The only situation
in which this might make sense is if the organization is required by law or business custom
to maintain physical control over its stored data. Even in that case, however, the organiza-
tion is unlikely to be required to maintain physical control over all data, so it might keep
critically sensitive data on-premises and place the rest of the data and related applications
into the facilities of a public cloud vendor. It might also use a virtual private cloud, which we
consider next.
Using a Virtual Private Cloud
A virtual private cloud (VPC) is a subset of a public cloud that has highly restricted, secure
access. An organization can build its own VPC on top of public cloud infrastructure like AWS or
that provided by other cloud vendors. The means by which this is done are beyond the scope of this
text, but think of it as VPN tunneling on steroids.
Using a VPC, an organization can store its most sensitive data on its own infrastructure and
store the less sensitive data on the VPC. In this way, organizations that are required to have physi-
cal control over some of their data can place that data on their own servers and locate the rest of
their data on the VPC as shown in Figure 6-24. By doing so, the organization gains the advan-
tages of cloud storage and possibly cloud processing for that portion of its data that it need not
physically control.
In some cases, organizations have obtained permission from regulating bodies to store
even their very sensitive data on a VPC. For example, Case Study 6 (pages 277–278) discusses
FinQloud, a VPC set up and managed by NASDAQ OMX, the owner of the NASDAQ and other
financial exchanges.
