Cloud Storage Only as Risky as You Make it
Is Cloud Storage Risky for Users? Several vendors already closed doors.
In other words, an organization that's planning on storing
data in the cloud needs to take specific steps to make sure their data is safe.
In this column we will walk through each of the concerns that the
storagenewsletter.com article raised and provide you ways to address them.
Confidentiality and Security
Confidentiality and security are always top concerns when
an organization considers leveraging the cloud to store their information, and
certainly legitimate ones. To address this the organization can make sure that
the data it chooses to put into the cloud is always encrypted. This means it
must be encrypted while in transit to the cloud storage provider but also
encrypted while at rest in the cloud.
But encryption is only the first step. Just as important for
the organization is managing the encryption keys. Ideally the organization would
be the sole owner of the keys and its authorized employees would be the only
ones who can unlock the data. If the organization chooses to let the provider
hold the keys then the provider has the ability to deliver the organization's
data to outside authorities, if pressured to do so.
Key ownership does complicate things. For example, if the key
is lost and there is no way to recover it then access to the data may be lost
with it. Also, if all data is encrypted then the provider is limited to what
they can do to assist the organization. For example, if the organization is
backing up its data to the cloud and the provider has the keys, the provider can
assist with restores and backup jobs. Without those keys it can't. But there are
ways around this. Some solutions have the ability to give the provider a
temporary key that expires after a certain period of time.
Data Ownership
The third item cited by the storagenewsletter.com article,
is also addressed by a complete encryption strategy. If the data is encrypted
prior to being sent to the cloud and while it is stored, then the cloud provider
really has no access to it, so it doesn't matter if they claim ownership or not.
Slow Internet Connection, Especially for the
First Backup
The speed of
an internet connection is typically more of a concern for backup than it is for
file sharing. As the storagenewsletter.com article states, a backup solution has
to get that first backup job completed, it also has to get a full restore
completed in case of a server failure. The in-between jobs are easily handled
thanks to compression, changed-block level backups and deduplication. Completing
the first job is generally best accomplished by a seeding process where HDDs or
tape drives are sent to the provider, followed by a quick-sync once that initial
baseline of data is loaded onto the provider's storage.
Recovery can be handled the same way, as it will often be
faster to ship the data than trickle it through an internet connection. Another
option is DR as a Service (DRaaS), in which the recovery happens in the cloud
and no data needs to be sent back to the organization until the immediate return
to operations demand is meet.
Cloud Interruption
For both backup and file sharing situations there is also
the concern of the provider's service being interrupted for one reason or
another. This can come from an internet connection issue or a problem with the
provider's infrastructure. The best workaround for this problem is to have a
hybrid type of solution that keeps the most active data set local, or in backup
terms the most recent data copies local. Assuming interruption of service is
short, the local appliance should see the organization through.
Service Suspension
As the storagenewsletter.com article correctly points out
very few cloud storage providers have actually closed their doors. But as the
market matures it is reasonable to expect that the organizations chosen provider
may cease operations. There are two methods to address this challenge. The first
is to mirror data between two providers. This not only protects against a
failure of either provider it also will protect against a temporary outage as
described above. The chosen solution to backup or share data via the cloud would
need the ability to support a dual cloud back end. Many of the solutions on the
market today do not. There is also the obvious cost disadvantage, since using
two providers means that affordable cloud storage just doubled.
The alternative is to be prepared to scramble in the case of
an outage. While this does not sound like planning it can be a viable
'strategy'. In every case of provider shutdown there was time for companies to
get their data out of that provider and move it either on-premises or to another
provider. While not a strategy to brag about, it so far has proven to work and
it is certainly more cost effective than the mirrored cloud option.
Storage Take
The downside to all of the above steps is that each makes
the cloud a little more complicated and expensive. But they do make storing data
in the cloud a lot more tenable for organizations. What extent the organization
will go to to address these challenges is largely dependent on the
organization's data sensitivities. That said: for almost any organization an
appropriate cloud design can be created to securely store the most sensitive of
data sets.
One challenge is the cost of the cloud. While the monthly cost
of capacity may be attractive, the on-going cost may become too much over time.