In a recent article our friends over at storagenewsletter.com asked an important question, “Is Cloud Storage Risky for Users?”. Our answer is that cloud storage is only as risky as you make it. In other words, an organization that’s planning on storing data in the cloud needs to take specific steps to make sure their data is safe. In this column we will walk through each of the concerns that the storagenewsletter.com article raised and provide you ways to address them.
Confidentiality and Security
Confidentiality and security are always top concerns when an organization considers leveraging the cloud to store their information, and certainly legitimate ones. To address this the organization can make sure that the data it chooses to put into the cloud is ALWAYS encrypted. This means it must be encrypted while in transit to the cloud storage provider but also encrypted while at rest in the cloud.
But encryption is only the first step. Just as important for the organization is managing the encryption keys. Ideally the organization would be the sole owner of the keys and its authorized employees would be the only ones who can unlock the data. If the organization chooses to let the provider hold the keys then the provider has the ability to deliver the organization’s data to outside authorities, if pressured to do so.
Key ownership does complicate things. For example, if the key is lost and there is no way to recover it then access to the data may be lost with it. Also, if all data is encrypted then the provider is limited to what they can do to assist the organization. For example, if the organization is backing up its data to the cloud and the provider has the keys, the provider can assist with restores and backup jobs. Without those keys it can’t. But there are ways around this. Some solutions have the ability to give the provider a temporary key that expires after a certain period of time.
Data Ownership, the third item cited by the storagenewsletter.com article, is also addressed by a complete encryption strategy. If the data is encrypted prior to being sent to the cloud and while it is stored, then the cloud provider really has no access to it, so it doesn’t matter if they claim ownership or not.
Slow Internet Connection, Especially for the First Backup
The speed of an internet connection is typically more of a concern for backup than it is for file sharing. As the storagenewsletter.com article states, a backup solution has to get that first backup job completed, it also has to get a full restore completed in case of a server failure. The in-between jobs are easily handled thanks to compression, changed-block level backups and deduplication. Completing the first job is generally best accomplished by a seeding process where hard drives or tape drives are sent to the provider, followed by a quick-sync once that initial baseline of data is loaded onto the provider’s storage.
Recovery can be handled the same way, as it will often be faster to ship the data than trickle it through an internet connection. Another option is Disaster Recovery as a Service (DRaaS), in which the recovery happens in the cloud and no data needs to be sent back to the organization until the immediate return to operations demand is meet.
For both backup and file sharing situations there is also the concern of the provider’s service being interrupted for one reason or another. This can come from an internet connection issue or a problem with the provider’s infrastructure. The best workaround for this problem is to have a hybrid type of solution that keeps the most active data set local, or in backup terms the most recent data copies local. Assuming interruption of service is short, the local appliance should see the organization through.
As the storagenewsletter.com article correctly points out very few cloud storage providers have actually closed their doors. But as the market matures it is reasonable to expect that the organizations chosen provider may cease operations. There are two methods to address this challenge. The first is to mirror data between two providers. This not only protects against a failure of either provider it also will protect against a temporary outage as described above. The chosen solution to backup or share data via the cloud would need the ability to support a dual cloud back end. Many of the solutions on the market today do not. There is also the obvious cost disadvantage, since using two providers means that affordable cloud storage just doubled.
The alternative is to be prepared to scramble in the case of an outage. While this does not sound like planning it can be a viable ‘strategy’. In every case of provider shutdown there was time for companies to get their data out of that provider and move it either on-premises or to another provider. While not a strategy to brag about, it so far has proven to work and it is certainly more cost effective than the mirrored cloud option.
The downside to all of the above steps is that each makes the cloud a little more complicated and expensive. But they do make storing data in the cloud a lot more tenable for organizations. What extent the organization will go to to address these challenges is largely dependent on the organization’s data sensitivities. That said, for almost any organization an appropriate cloud design can be created to securely store the most sensitive of data sets.
One challenge that the storagenewsletter.com did not address is the cost of the cloud. While the monthly cost of capacity may be attractive, the on-going cost may become too much over time, and will most likely increase. We will discuss this challenge in a future column.