In my blog Cloud Control to Major Tom I talked about the top five reasons enterprises don’t leverage cloud technology. This month I want to focus on the first bullet on that list: data privacy concerns. While many people consider this as a top inhibitor to cloud adoption, the reality is that most businesses are already using cloud technology for critical business operations. Think about it. Is your company payroll managed and serviced by ADP? Does your sales organization leverage the power and analytics of Salesforce.com? Is your MS Exchange server or other business application running at service providers like SunGard or Xerox . If you said “yes” to any of these questions then you’re already utilizing and realizing the benefits of secure cloud technology.
Don’t feel bad if you answered yes and didn’t already know where you are data was living. In a recent study by Wakefield Research, 54% of Americans claim to never use cloud computing. However, 95% of this group actually does use the cloud and just never equated the applications and cloud technology together. For the cloud and application providers, on the other hand, data security and privacy have always been the number one priority. That’s because in most public or hybrid cloud deployments, the cloud infrastructure (hardware and software) is a shared or “multi-tenant” approach. Remember, cloud infrastructure that is sold in a utility-based cloud pricing model typically becomes economically feasible when a service provider can “divide up” hardware and software across several paying customers. Multiple customers could be running their backups on the same Avamar storage grid or Exchange instance on the same server running a different virtual machine. As you would imagine, customers sharing any of the cloud infrastructure will never know about any other customer using the same hardware or software applications. And that’s exactly the number one priority for any cloud provider – 100% data privacy.
If I haven’t convinced you by now that cloud security is not just good, but is very good, and ready for prime time in any large enterprise, then I recommend you check out some of the industry initiatives. The global RSA Conferences starting the week of February 25th, 2013 has several sessions on Cloud Security. There are also industry cloud organizations such as The Cloud Security Alliance driving standards and are even certifying cloud providers with a STAR registry (Security, Trust & Assurance). All of these industry initiatives are forecasting a much better cloud-filled outlook so check them out.
Imagine you’re driving down the highway rocking out to Kelly Clarkson (don’t worry, I won’t tell) and all of a sudden the person in front of you hits their brakes and you quickly slam yours to try not to hit them. Your heart is now racing, but unfortunately you weren’t able to brake fast enough and you end up getting into an accident. Fortunately for you, you have a seatbelt on, so you didn’t lose anything more than your bumper. The key point here is that you were protected because you bought a car with a seatbelt – but who wouldn’t?
Certainly your life is precious and needs to be protected, but isn’t your company’s data as well? So just like you wouldn’t buy a car without a seatbelt, why would you buy protection storage without data integrity checking? When something goes wrong with your primary data like a corrupted database (the equivalent of an accident on a highway), you want to ensure your data can be quickly and reliably recovered, right?
Unfortunately, since the standard backup and archive storage medium for decades was tape, your standards may be significantly lower than necessary. The good news is they don’t have to be – protection storage should be built as the storage of last resort and put the integrity of your data above all else. The bad news is that not all disk systems are created equal – just because its disk doesn’t mean it’s better than tape. For example, standard NAS systems were built for primary storage – not for protection and do not ensure recovery.
So how can you tell your backup and archive storage is built for protection? Ask how the storage platform verifies the integrity of data as it’s written to disk. Ask how it will continuously ensure data stays correct and how it corrects errors before they become a problem. Finally, ask how the system will ensure data that’s recovered is identical to the data that was originally stored. To save you some time, we’ve done some of the homework for you. Check out this paper and video that explore how Data Domain systems meet these requirements with the Data Domain Data Invulnerability Architecture.