TwinStrata

by Greg Roody

I’m not sure why, but people seem to like lists.  I suppose it’s the same reason presenters like to use PowerPoint, it simplifies the discussion in a controlled way.  But whatever the reason, I was asked recently to give my opinion on the top 5 items that should be considered when sorting through the seemingly endless choices customers face when considering how and why to use Cloud Storage.

So without any further ado, here are points 1&2 in my non-partisan and completely unbiased opinion.  Points 3, 4, and 5 will come in a follow-up post

1.      Portability

This may seem like an odd choice, but it really gets to the heart of why people consider a move to Cloud Storage in the first place, especially when they consider BC and DR as part of their rationale.

Portability in this case refers to your ability to quickly restart your Cloud San gateway from another location, or from the Cloud itself, in the event of a site disruption, relocation, or even just moving locations within a data center.  Hardware based appliances won’t provide any level of portability unless you keep spares on hot standby either in the data center or at another facility (or both).   Additionally, some Software based appliances don’t provide the flexibility to “split” a configuration, with some devices being moved to one location or instance and others being moved to a different location or instance.

You might also need to connect new platforms, such as Windows, Unix/Linux, Novell, or even Macintosh servers (or any combination of them at once) to your Cloud Storage devices. Your gateway should be flexible enough to cover any configuration at any location.

As a Virtual Machine that can be run on VMware, Hyper-V, Citrix XEN or Amazon EC2, CloudArray™ is fully portable and highly available, and can be deployed in minutes at any site needing access to the data stored in the Cloud, including snapshots of the data.  CloudArray also has a “one button” backup/restore capability which can be used in conjunction with restarts in a new location.  Additionally, CloudArray provides a mechanism to export specific volumes to other instances of CloudArray.  It is not an “all or nothing” architecture, and this is what we refer to as “Compute Anywhere”™ .

2.      Security

As a CISSP, I have some unique perspectives on security and the cloud.  A lot has been written about Cloud Security, and it is all valid, but a great deal of it is written from a perspective of running your entire compute infrastructure in the public cloud.  In the broader domain of Public Cloud Computing, all of your systems are vulnerable because more doors exist, the walls become a lot lower and a lot more porous, and you have a lot less direct control or even oversight.

In the case of data center connecting to protected Cloud Storage however, especially where the gateway is safely within your firewall and data center control, the unique security concerns become much more narrowly focused.   You now become primarily concerned with the transport and storage of your data; traditional concerns over the access controls, leakage prevention, audit, scanning, and other infosec controls will still be covered by your internal policies and systems.

Here, you can get by with a single compensating control:  encryption.

If the data you store at a Cloud Storage Provider is encrypted and you hold the keys on-premises, then there is no risk of loss or disclosure through the Cloud itself.  In fact, every public-sector regulation that controls the loss of private data has a provision to exclude the loss of encrypted data from disclosure requirements or penalties.    Certain government agencies have different requirements of course, notably those dealing with State Secrets and Military/Intelligence data, but that data would never be stored on a public cloud anyway.

With encrypted data, it doesn’t matter who the other tenants of the CSP are, it doesn’t matter where they (the CSP) store your data, it doesn’t matter what they do with their failed disk drives, it doesn’t matter whether or not they sanitize their drives before re-assigning them someone else, and it doesn’t matter how well they audit what their administrators are up to.

Keep in mind that if the keys are managed not by you, but by your CSP or by the infrastructure of the Gateway provider, you could lose data if they have a security lapse on their end. Also, encrypting your data doesn’t relieve you of having a well planned and well implemented Security Policy within your data center itself, but you need that regardless of whether you use Cloud Storage

CloudArray supports AES 256 bit encryption (with HMAC) for data in flight and at rest, SSL for data in flight, and IPsec for local communication security.  All keys are managed and controlled locally.   You control the front door from within your data center and there is no back door.

Be sure to verify that you can backup and secure your keys.  Losing the keys to encrypted data, or having them lost on your behalf, won’t do much for your professional well being.

Coming up:

3.       Performance and Consistency

4.      Scalability

5.      Flexibility and Ease of Management

Bookmark to:
Del.icio.us | digg | Twitter | MySpace |
FaceBook | reddit | Stumble Upon |

Tags: Cloud Storage, CloudArray, portability, security

This entry was posted on Thursday, June 17th, 2010 at 6:36 am and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.