Amazon, Google, Azure,...all three public cloud providers were forced to inform their clients and shareholders about vulnerabilities in the software they use and make available to their customers.
Nobody will deny that cloud services offer a lot of advantages compared to on-premise systems and software. Not surprisingly however, security is the biggest challenge and the major obstacle for a lot of enterprises to move their data and applications partly
or entirely to the cloud, justly so!
An argument often heard from public cloud defenders is "do you believe that AWS or Google would ever take compromises on security?" Good question! Wilfully? probably not....unwilfully? absolutely! We've seen it in the last days couple of days.
Does that mean that the cloud will bleed to death? Of course not! Nobody is free of potential vulnerabilities in their systems and software.
A simple statistical truth is : the more individuals accessing a system or application, the higher the likelihood that somebody has bad intentions. Obviously. Another simple statistical truth : the easier it is to become a subscriber to a particular cloud
provider, the higher the likelihood that adventurers and fiddlers are attracted to play around.
What about a private cloud?
Does it exclude security issues? No, certainly not! Does it mitigate the risk of those being exploited significantly? Yes, it does! Strictly controlling the access channels to the cloud environment and running isolated servers, even shared ones, in a very
much controlled and monitored environment, statistically reduces the risk of malicious individuals to a large extent.
Is private cloud affordable?
Surprisingly enough private cloud solutions often are very price competitive with public cloud solutions. I strongly encourage every enterprise, in particular every company in financial services, start-up, scale-up, mature...to give private cloud what it
deserves : a lot of attention and serious consideration!