Intelligent Machines

A More Secure, Trustworthy Cloud

Virtual private clouds bridge real and virtual computing infrastructure.

Oct 1, 2009

After weeks of testing, Amazon.com is preparing to bring out of beta a service that will let customers merge their own computer systems with its cloud-computing services.

Amazon’s Virtual Private Cloud (VPC) service, currently in beta testing, integrates remote, virtual resources with physical computers, giving customers the option to use cloud computing while keeping sensitive information on one of their own machines. Amazon’s service is the latest part of a larger trend in cloud computing: creating secure connections between real and virtual machines. Similar offerings are available from other cloud-computing companies, including CohesiveFT, IBM, and Enomaly.

Cloud computing allows companies to perform feats of computation that would otherwise have been impossible, or at least prohibitively expensive. However, cloud computing has generally lacked the security features typically required by small and medium-sized enterprises.

Amazon’s technology enables cloud-based resources to appear as part of a regular local network of servers. It uses Internet Protocol Security (IPsec) to establish a secure connection with existing data centers. Servers in the cloud can then be assigned specific network addresses and mapped onto an existing network.

Previously, computer network concepts could not easily be realized within the cloud, because the network itself was not virtualized–just the processing and storage. Amazon’s VPC offering goes some way toward allowing the virtualization of this infrastructure. “I can take a machine that’s lived for 10 years at one [address] in my data center and give it that same address on Amazon,” says Patrick Kerpan, CTO of cloud-computing software vendor CohesiveFT.

One of the reasons why there has been so much demand for VPCs, says Kerpan, is that enterprise IT teams are so comfortable with legacy computer networks. “The world of network thinking–the tools, the subnets, et cetera–if you’re a networking team, you’re using skills you’ve mapped to the network in order to solve problems,” says Kerpan. “They build maps in their head and in their tools.”

However, Reuven Cohen, founder and CTO of cloud-computing company Enomaly, argues that no VPC can ever be as secure as a physically isolated network. “It provides an extra level of security from your neighbor seeing your data,” says Cohen, “but it doesn’t address one fundamental problem: the idea of trust. If you’re using Amazon, you inherently have to trust them.”

James Comfort, vice president of integrated delivery platforms at IBM, says that VPCs are only one solution in a spectrum of potential secured cloud offerings. “VPC is a bit of a misnomer,” says Comfort. “In our mind, the difference between the private and the public cloud is a business model.” The difference is that a private cloud is run internally by a company, solely for its own use, while a public cloud consists of leased resources from a cloud service provider.

For large companies, it may be safer, and cheaper, to rely entirely on internal infrastructure. According to a McKinsey & Company report issued in April, moving a large company’s data center architecture to a cloud-computing platform can as much as double costs.

For small and medium enterprises, however, virtual private cloud offerings from Amazon and others may prove more attractive. “You can tell customers–millions of IT people worldwide–you need to relearn everything [so that you can move your infrastructure to the cloud,] or you can make the migration as easy as humanly possible,” says Kerpan. “If people have learned a set of skills, we try to figure out how we can make it natural for them to continue to use those skills.”