ABSTRACT
The move to private cloud may be an opportunity for Security practitioners' rearchitecting security framework from the ground up. Cloud computing pushes the economy of scale, and that is typically achieved by setting up a single virtual cluster for all computing needs. In the private cloud design, the decision to physically or logically segregate practitioners' various production and nonproduction environments has cost and functional implications. Physical separation ensures that revisions or deficiencies in core cloud infrastructure do not impact the entire environment and allows for one cluster to fall back on a different physical cluster. In practitioners' private cloud implementation, segmentation rules might apply around systems that have high compliance requirements. A more stringent set of security policies and control should apply to this segment. Furthermore, choosing the right segmentation technology to use, be it physical or virtual, will also have a downstream effect to the cost, adaptability, fault tolerance, and security of implementation.
