Feeds

How can the storage industry prevent cloud bursts?

Out of sight, out of mind - but not out of harm's way

Beginner's guide to SSL certificates

Comment If you send your data to the cloud today you might be sure of a big surprise: it could vanish. SwissDisk users know this and T-Mobile Sidekick users know that Microsoft is quite capable of losing their data, too.

Stephen Foskett is Director of Consulting at cloud storage provider Nirvanix. He writes:

Subpar offerings from flaky vendors hurt the whole industry... The truth is... not all managed storage services are created equal. In fact, lots of them are, to put it bluntly, not worth much. Many cloud backup and archiving services use bare un-protected disk drives to store data, have no redundancy built into the system, and try to scrape up every cent by using home-brewed hardware. This is especially true in the consumer space, where bargain-basement (or even free) pricing has driven a race to the bottom in terms of quality. No business should use junky consumer solutions.

That's clear enough, but his brickbats are not restricted to the consumer space:

Even service providers that presume to sell in the enterprise market often miss the mark. Forgetting the inappropriate per-month credit card billing method and laughably poor support services, many providers adamantly refuse to comply with basic corporate governance principles.

How can this be done? How can we ensure that cloud data protection isn't cloud data destruction?

Dealing with potentially poor suppliers

One approach is to expect poor quality service and deal with it. Cloud storage supplier LiveDrive’s general manager, Dominic Cross said:

I think businesses just need to be intelligent in how they use cloud storage services – as they do with any third party they deal with. A business that uses a single courier, or has no backup payment processor, or relies on just one web server, is likely to have problems along the way. Redundancy and diversification at every stage is a key business concept – and cloud storage actually helps businesses achieve that simply and cheaply by reducing the reliance on internal architecture only.

But if the cloud isn't a valid replacement for local data backup then a large part of its value goes away. So you need a safeguard.

Verification

EMC RSA's approach to the issue is to verify by inspecting the service provider. Here is a section of its documentation (pdf) on the issue:

Trust cannot be granted on the cloud provider’s reputation alone; it should be validated through thorough assessments to determine if the cloud provider needs to take additional steps to comply with the organization’s information security requirements and policies. Furthermore, performance conditions and standards must be written into SLAs and managed services agreements.

RSA goes on to talk about seeing a supplier's activity logs, understanding its audit rights and physically inspecting their data centres.

Nirvanix's Foskett is a big believer in openly available verification:

Managed services must allow auditors to verify their claims. I am a car nut, so I definitely wouldn't trust a garage who whisked my car off to an undisclosed location so unseen mechanics could work on it. I wouldn't eat at a restaurant that didn't allow the health department to inspect it. So why would I put blind faith in a managed service provider who held my critical data? Cloud vendors must perform their own security and operations audits and allow their customers to do the same. You can't pass the buck on governance: If you require SAS70 or PCI or a third-party audit, then your service providers must step up and allow it, too.

Clearly only large customers would have the clout to insist on verification of an unwilling supplier, and the internal ability to undertake and assess candidate cloud storage service providers in this way. It's not reasonable to suggest that SMEs and consumers should all do the same thing, but verification facilities should be made available to them, so that they can if they wish.

Top 5 reasons to deploy VMware with Tegile

Next page: SLA protection

More from The Register

next story
Just don't blame Bono! Apple iTunes music sales PLUMMET
Cupertino revenue hit by cheapo downloads, says report
The DRUGSTORES DON'T WORK, CVS makes IT WORSE ... for Apple Pay
Goog Wallet apparently also spurned in NFC lockdown
Cray-cray Met Office spaffs £97m on VERY AVERAGE HPC box
Only 250th most powerful in the world? Bring back Michael Fish
Microsoft brings the CLOUD that GOES ON FOREVER
Sky's the limit with unrestricted space in the cloud
'ANYTHING BUT STABLE' Netflix suffers BIG Europe-wide outage
Friday night LIVE? Nope. The only thing streaming are tears down my face
IBM, backing away from hardware? NEVER!
Don't be so sure, so-surers
Google roolz! Nest buys Revolv, KILLS new sales of home hub
Take my temperature, I'm feeling a little bit dizzy
prev story

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.