Feeds

How can the storage industry prevent cloud bursts?

Out of sight, out of mind - but not out of harm's way

Intelligent flash storage arrays

Comment If you send your data to the cloud today you might be sure of a big surprise: it could vanish. SwissDisk users know this and T-Mobile Sidekick users know that Microsoft is quite capable of losing their data, too.

Stephen Foskett is Director of Consulting at cloud storage provider Nirvanix. He writes:

Subpar offerings from flaky vendors hurt the whole industry... The truth is... not all managed storage services are created equal. In fact, lots of them are, to put it bluntly, not worth much. Many cloud backup and archiving services use bare un-protected disk drives to store data, have no redundancy built into the system, and try to scrape up every cent by using home-brewed hardware. This is especially true in the consumer space, where bargain-basement (or even free) pricing has driven a race to the bottom in terms of quality. No business should use junky consumer solutions.

That's clear enough, but his brickbats are not restricted to the consumer space:

Even service providers that presume to sell in the enterprise market often miss the mark. Forgetting the inappropriate per-month credit card billing method and laughably poor support services, many providers adamantly refuse to comply with basic corporate governance principles.

How can this be done? How can we ensure that cloud data protection isn't cloud data destruction?

Dealing with potentially poor suppliers

One approach is to expect poor quality service and deal with it. Cloud storage supplier LiveDrive’s general manager, Dominic Cross said:

I think businesses just need to be intelligent in how they use cloud storage services – as they do with any third party they deal with. A business that uses a single courier, or has no backup payment processor, or relies on just one web server, is likely to have problems along the way. Redundancy and diversification at every stage is a key business concept – and cloud storage actually helps businesses achieve that simply and cheaply by reducing the reliance on internal architecture only.

But if the cloud isn't a valid replacement for local data backup then a large part of its value goes away. So you need a safeguard.

Verification

EMC RSA's approach to the issue is to verify by inspecting the service provider. Here is a section of its documentation (pdf) on the issue:

Trust cannot be granted on the cloud provider’s reputation alone; it should be validated through thorough assessments to determine if the cloud provider needs to take additional steps to comply with the organization’s information security requirements and policies. Furthermore, performance conditions and standards must be written into SLAs and managed services agreements.

RSA goes on to talk about seeing a supplier's activity logs, understanding its audit rights and physically inspecting their data centres.

Nirvanix's Foskett is a big believer in openly available verification:

Managed services must allow auditors to verify their claims. I am a car nut, so I definitely wouldn't trust a garage who whisked my car off to an undisclosed location so unseen mechanics could work on it. I wouldn't eat at a restaurant that didn't allow the health department to inspect it. So why would I put blind faith in a managed service provider who held my critical data? Cloud vendors must perform their own security and operations audits and allow their customers to do the same. You can't pass the buck on governance: If you require SAS70 or PCI or a third-party audit, then your service providers must step up and allow it, too.

Clearly only large customers would have the clout to insist on verification of an unwilling supplier, and the internal ability to undertake and assess candidate cloud storage service providers in this way. It's not reasonable to suggest that SMEs and consumers should all do the same thing, but verification facilities should be made available to them, so that they can if they wish.

Secure remote control for conventional and virtual desktops

Next page: SLA protection

More from The Register

next story
729 teraflops, 71,000-core Super cost just US$5,500 to build
Cloud doubters, this isn't going to be your best day
Want to STUFF Facebook with blatant ADVERTISING? Fine! But you must PAY
Pony up or push off, Zuck tells social marketeers
Oi, Europe! Tell US feds to GTFO of our servers, say Microsoft and pals
By writing a really angry letter about how it's harming our cloud business, ta
SAVE ME, NASA system builder, from my DEAD WORKSTATION
Anal-retentive hardware nerd in paws-on workstation crisis
Microsoft adds video offering to Office 365. Oh NOES, you'll need Adobe Flash
Lovely presentations... but not on your Flash-hating mobe
Cray heaves out even mightier, Lustre-ous Sonexion 2000
Met Office and Los Alamos bomb boffins are apparently among its fans
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.