The State Of Cloud-Based Storage – Is It Ready? Are You? (Part 3)

By guest author Bob Shinn, with an introduction by guest author Shaloo Shalini

Open Issues with Cloud Storage Adoption

Many enterprises are sensitive as to where the data is actually stored in cloud; for example, a U.S. company doing business globally cannot store client data in China or a host of other countries. Legislation and regulations such as the EU’s Data Protection Directive describe conditions to regulate handling and processing of personal data to protect personal privacy. The United States, on the other hand, takes a less restrictive approach to handling personal data, although stringent rules govern export of software containing encryption algorithms. The ‘Framework for Global Electronic Commerce’ proposed under the Clinton administration suggests that the private sector lead the way in ensuring data protection and security. Data breaches have prompted various branches of government to implement regulation, but to date no overarching construct or regulation is in place that governs placement of data in the cloud. Businesses would do well to follow the recommendations of Booz & Company’s ‘Eyes Wide Open – Mitigating Risk in Cloud Computing’ report and demand contract clauses that address security and privacy by “asking cloud vendors for location guarantees that use geographic limitations and local partnerships to control cross-border data transfer and to take operational responsibility for applications by following the same procedures used internally.”

In regions where regulations are lax or nonexistent and laws governing privacy of data are immature, cloud storage is in the early, pre-chasm adoption cycle. Entrepreneurs and enterprises considering cloud storage in Southeast Asia, India and even some BRIC countries would be well-advised to work only with large, established global providers.

Entrepreneurs and SMBs can address availability, security and privacy issues on their own by focusing on a set of requirements for cloud storage providers:

• Availability: Set requirements for uptime and availability and negotiate penalties into the contract. Beware of contracts that lack a financial penalty or for which the remedy is a service ‘credit.’
• Security: Define requirements for data security, and make determinations about which applications or data to put in the cloud using those requirements. Not all data and applications should be in the cloud. Ask your cloud provider about the inherent security of its cloud and the practices it employs to protect your data.
• Privacy: If your business handles or processes private user information, think twice about using a public cloud. It’s possible to design and provision a private cloud without breaking the bank. If you determine that a public cloud provider can meet your requirements for ensuring private data remains private, make sure your contract includes stiff penalties for a breach – and be transparent with your users about your privacy policies.
• Zoning: Cloud storage is by definition geographically dispersed. Most cloud providers maintain multiple data centers in different countries and regions. If you are launching a global business and using the cloud as a way to control IT costs, try to negotiate cloud ‘zones’ where your data will be stored, or consider working with an adviser who can implement advanced encryption as a way to control access to your data.
• Community cloud: It may be that the solution you seek for security, privacy and availability is not to be found in a public cloud and perhaps too difficult or expensive to implement as a private cloud. Consider partnering with a business (or businesses) with similar requirements to build a community cloud that meets your specific needs.

Cloud Storage: Potential Blue-sky Opportunities

Entrepreneurs can add value to existing cloud services to their own business use of the cloud, or [they can] build a cloud business. Holes in the cloud that need attention include:

Security: Encryption is an evolving science, and it’s not the only important form of security. Identity, authentication, access control and auditing are also important. There’s plenty of room for improvement here and value to offer to customers and businesses. For data stored in public clouds, encryption in transit is a must. Once it’s in the cloud, stored data’s security depends upon your deal with your cloud storage provider – it may be that encryption is overkill. But with sensitive data, overkill is a best practice.

Cloud zones: A variation on a community cloud, a cloud zone could be a geographically-based cloud service or a market sector, (e.g., financial services) cloud service built around specific needs, regulatory requirements and SLAs. But zones may still not meet compliance requirements if one (you or the provider) can’t prove (see) where the data is.

APIs: Legacy architectures, applications and data types may not be cloud-friendly. Consider new ways to construct APIs to link existing architectures, applications and data to cloud storage architectures. Look for standardized environments to minimize lock-in and dead ends. While Amazon S3 might be the de facto standard, it is still de facto. Open source initiatives from Rackspace (Open Cloud) may address some of these opportunities. Nevertheless, cloud storage API creation is a big opportunity for entrepreneurs. Startup Apigee, for example, is creating an ‘API economy’ for the cloud, building off open source.

This segment is part 3 in the series : The State Of Cloud-Based Storage – Is It Ready? Are You?
1 2 3 4