Making the Leap to Cloud Storage
Companies have experienced many challenges managing security for data located on their premises. While they may be able to breathe a sigh of relief that they don't have to worry about a crate of tapes falling off a truck, data breaches in cloud storage have equally serious or even worse consequences. Companies should therefore make sure that data is secured both in-flight as well as at rest.
More and more, we are seeing tablets and smartphones becoming integral to user access. Coupled with the ever-increasing burden of managing or even seeking to lower storage costs, this has become a major challenge for IT departments.
Public cloud storage -- also known as "Storage as a Service" -- makes a compelling case for companies looking to establish a distributed storage system to support their ever-changing IT infrastructure.
Public cloud services allow companies to reduce their capital expenses and lower their ongoing maintenance costs. A pay-as-you-consume model means that companies can maximize the efficiency of storage that is consumed.
In other words, the investment-to-consumption ratio can be maintained. However, financial benefits do not tell the whole story, and companies therefore should not make an investment in cloud storage without first evaluating the risks posed by such services.
Know Your Limits - Back Up Your Investment
Cloud storage by itself offers limited use cases for companies who choose to retain their compute infrastructure in-house. Such use cases are limited to unstructured data types, where the underlying assumption is that performance is not critical when accessing it.
In this case, cloud storage is often accessed over the company's shared Internet connection, and the latency to access this storage is similar to accessing websites via a browser. Some storage providers that offer caching services make the access faster, but this is beneficial only when the same content is accessed over and over again.
Companies that can live with the above limitations should be careful when using the cloud to store the primary (and only) copies of their data. As recent outages at Google and others have shown, cloud services are not immune from outages and data loss.
In many cases, if companies do not have a backup copy of the data, they are at the mercy of the cloud provider to restore the data to its last-known quality state after an outage or accidental data loss.
While there are no guarantees that such outages or data-loss scenarios can be short-lived, companies that depend on such data for revenue purposes should have a reliable "Plan B" in place.
A successful plan B often requires a backup copy at an alternate location (could be at a different cloud provider) and mechanisms in place to refresh it to a point in time that is acceptable to the business -- i.e., in line with the stated recovery-point objective -- and to do so in a time frame that is dictated by the business, i.e., in line with the stated recovery time objective.
A Risky Move?
Data security is another topic that cannot be taken lightly. Companies have experienced many challenges managing security for data located on their premises. While they may be able to breathe a sigh of relief that they don't have to worry about a crate of tapes falling off a truck, data breaches in cloud storage have equally serious or even worse consequences.
Companies should therefore make sure that data is secured both in-flight as well as at rest. Naturally, they should therefore err on the side of paranoia when it comes to cloud storage security.
Compliance and e-discovery are also important topics to factor in while evaluating cloud storage. By inserting data into the cloud, companies are essentially extending their corporate dictums. Once inputted to the cloud, all data policies must follow suit.
With data living locally or on tape locally, companies are generally used to enforcing these policies, but enforcing them in the cloud may be tougher than usual. In such cases, co-operation from the cloud service provider is imperative and almost mandatory.
Companies should inquire as to how this collaboration will work and whether the service provider may balk at it, given the impact to other tenants sharing the same service and/or platform.
In short, companies should put cloud storage to the same rigorous tests as storage housed in their own facilities. Cloud storage providers are not super-human; while offering Storage as a Service offers economies of scale in a multitenant environment, it does not make this storage immune to risks.
Tackling the Initiative
Companies making the leap to cloud storage for the first time are better served by deploying cloud storage to store a tertiary copy of their data. Backup applications are slowly cozying up to cloud storage as an alternative to offsite storage, and the integration is fairly seamless in most cases.
Companies will appreciate the fact that this has the potential to significantly lower their data backup costs by eliminating or minimizing their dependence on tape. As an added bonus, since most backups occur after hours, the impact of data transfers on shared Internet connections is generally not noticed by users.
The next step in cloud storage is to deploy storage for remote office users or roaming users who require their data to be backed up to the cloud, and have the need to restore their own files as needed without having to call up the IT help desk.
These solutions are generally secure and allow IT administrators to have a hands-off approach to data protection in a distributed environment by retaining control of the backup and retention policies, while not having to worry about scheduling or day-to-day maintenance issues.
Some companies are beginning to deploy cloud storage for user home directories. There may be some merit to such a deployment if the data stored on the home directories can be accessed and stored in a secure fashion, deployed under the same security and authentication mechanisms the user is ordinarily subject to, and if the data stored by the user is not business-critical.
If such data is business-critical, then companies must invest in mechanisms to ensure that it is protected beyond the cloud provider's domain and has the same controls in place that would have been deployed to protect it from the employee's lifecycle.
Cloud storage in the long run offers great hope for companies to offload tertiary, secondary and eventually primary copies of their data. These benefits, coupled with the other aspects of Infrastructure as a Service and ever-improving technologies -- such as faster Internet connectivity and security -- offer companies multiple reasons to evaluate and include public cloud services as a part of their storage-tiering strategy.