Wednesday, 12 May 2010

Storage in the Cloud

Many organisations are now looking to store their data in the Cloud to take advantage of the many benefits that Cloud storage can offer. However, this move is one that should not be taken without serious consideration.

Before moving any data to a Cloud Storage solution, customers should examine their data closely; check their internal security policy, and any compliance or regulatory requirements they may be subject to. Customers should ask themselves the following questions:

* Why move data to the Cloud?
* Are you trying to store data offsite for a specific reason – e.g. as a backup, for DR purposes, to allow remote access, to enable easy scaling of data?
* What is contained within the data – is it confidential information? Is it subject to regulations or compliance?
* How critical is this data – if it was irrevocably lost or compromised, would this affect your business?
* What data protection regulations are your data subject to?
* Are you legally able to store this data outside of the country your business is based in?
* Who do you want to access the data?
* How do you want to access this data?
* How securely do you need to store this data?
* Are you willing/able to encrypt this data?
* How will you move your data to the Cloud?

Cloud Storage has many advantages; not least of all is the utility pricing and on-demand scalability. Being able to store gigabytes of data for pennies and without ever having to worry about upgrading disks to cope with growing data is a huge draw. However, not all Cloud Storage solutions are created equal, so not all will be suited to every customer. Indeed, some customers may not be able to find a valid use for Cloud Storage within their organisation if they are subject to strict data protection regulations or compliance standards.

If the data being transferred the Cloud is simply a backup of your data, then software that transfers your data using AES-256 encryption and enables you to easily share your data with colleagues. Automated backups can be configured and fully customised, and users can simply drag and drop data to their Cloud Drive as easily as moving data between folders on their PC. The ability to access files remotely via a web portal means that as long as you have a PC or smartphone you are never without your files again!

If the data is simply being uploaded for DR purposes, then this type of backup software allows you to configure files and folders stored on local PCs/servers to be automatically uploaded to the Cloud as changes occur.

If transferring files for a website that will be accessed by users across the globe, then a Cloud Storage solution that includes Content Distribution Network (CDN) functionality should be considered. Some Cloud storage providers have partnered with some of the world’s leading CDN providers to give customers a global experience for their users without the usual headaches associated with such systems. A CDN caches data in end-points in most major cities across the world as users request it, giving them fast access to the files without being affected by peak usage in other areas. Data can also be uploaded to the Cloud using online control panels, desktop software or even programmatically via solution provider's API.

If the data that will be moved to the Cloud is confidential or is subject to compliance regulations (e.g. PCI DSS for credit card information) then Cloud Storage may not be the right solution. It is very difficult to comply with PCI DSS and other standards in the Cloud as most Cloud solutions are hosted on shared infrastructure.
The UK Data Protection Act states that personal information should not be “transferred to other countries without adequate protection”, so if the data that will be transferred to the Cloud comes under this regulation then encryption prior to transfer is one way of providing protection. Other countries may have different regulations in place that prevent certain types of data from being removed from their country of origin.

Storage in the Cloud can only be a good thing for most organisations, especially in these times of economic strife. However, look before you leap feet first into the Cloud. Encrypt your data, and make sure that you are able to access it and upload/download using the tools of your choice. Don't be afraid of the Cloud - as long as you protect your data, you could find some cost savings there.

Thursday, 6 May 2010

Security and the Public Cloud

Should we panic, or is it much ado about nothing?

I had the pleasure of meeting and speaking with a number of Rackspace customers at a recent customer event, and unsurprisingly, the big topic that all of them wanted to talk about was the Cloud. What is the Cloud? What’s the difference between Public and Private Cloud? What’s all the fuss about, and can I really host my data on the Cloud without it being hacked and compromised?

Firstly, just what is the Cloud? Well, it’s certainly nothing new. Many of us have been happily using the Cloud for some time now, but without realising it. Do you have a Hotmail or Gmail account? If so, your email is hosted in the Cloud. The simplest definition of public Cloud is that it is a shared computing resource or service, accessed via the public Internet and paid for on a utility basis (i.e. hourly).

The concept of utility computing is not a new one – it was originally suggested back in 1961 by John McCarthy at MIT. He had the idea that one day computing power and specific applications could be sold through the utility business model. This was an idea that faded in popularity during the 1970s when it became apparent that the technology of the day could not fulfil this dream. However, in the 1990s, the rise of application service providers (ASPs) proved that this concept could become a reality. As the speed and reliability of the public Internet improved, more people started using Software as a Service (SaaS) offerings, such as SalesForce and hosted email platforms. The concept made a lot of sense – why purchase the hardware and software licenses and employ a team to build and support an infrastructure when you could simply pay a third party a low monthly fee and get a readymade service, often complete with support?

Private Cloud is very different to Public Cloud – Private Cloud is simply another term for server virtualisation. Offering the security of dedicated servers, but with a cloudiness in terms of flexibility when creating and deleting virtual servers and adding capacity combined with the ability to customise the infrastructure. A simple metaphor that explains the difference between Private and Public Cloud is that Private Cloud is like purchasing a house, or apartment. You pay for it on a reasonably expensive, long term basis. You can customise it – knock down walls, redecorate, change the curtains. But at the end of the day, it’s the place you go to eat, sleep and live. Public Cloud is like a hotel room – you pay for it on a utility basis, and while you cannot customise your environment, change the curtains or redecorate, you can do most of the same things that you would want to do in your house.

So what’s all the fuss about, and can you safely host your data in the Cloud? Well, the main reason for the fuss is the global recession. Everyone wants to cut costs, and reduce their operating expenditure, and the Cloud is one such way to do that. For start-ups, it’s a great way to get a business going for little to no initial investment, so many Venture Capitalists may see the number of start-ups approaching them start to dip. For existing businesses, it allows them to reduce capital expenditure and host a website, email solution, share documents or access applications like CRM systems with minimal operating costs.

Is the Cloud secure – should you be worried about the security of data stored in the Cloud? Really, is anywhere truly secure? With government agency websites and global software companies being hacked and compromised, it’s apparent that if a hacker wants to access your data, they almost certainly will get to it. Security in the Cloud is not a new fear – as long as you’re sensible around what you store and how you store it, you’ll be fine. For example, don’t store completely confidential, critical data in the Cloud. Use encryption for any data that you’re storing in a Cloud solution; install and configure software firewalls on any Cloud servers; install anti-virus software and configure regular scans. Essentially, treat the Cloud the same way you would a server in your office. Take the necessary precautions to protect your data, and ensure you’re using the right tool for the right job.

Security in the Public Cloud is not a new concern. It’s just regular IT security for data stored in a different location.