DATA



Autor: Alexander Eichhorn


Cloud Storage

Use Cases, Features and Security of Cloud Storage.

Cloud storage is a model of digital data storage where data is stored with an external hosting provider or cloud operator. Physical storage hardware is owned and operated by the hoster while the customer (tenant) buys or leases storage capacity on a per-capacity-per-time basis. The cloud storage operator protects and runs the service and may offer a guarantee to keep the data available and accessible under a service level agreement (SLA).

Cloud storage can be accessed through a Web service API or special desktop applications offered by the storage provider. A customer can create multiple storage pools (buckets) with individual security and access control configurations. Internally cloud storage is based on object stores that either belong to the storage operator or are again leased from other 3rd party cloud operators, for example Amazon S3, Microsoft Azure Storage or Google Cloud Storage. Dropbox for example stores all data in Amazon S3. 

Cloud Storage Use Cases

Typical business cases where the cloud is an economically and operationally better place than on-premise operations are:

  • content distribution to a large and geographically spread audiences
  • multi-side collaboration where workflows span multiple remote facilities that require online access to shared data
  • business continuity where in case of a disaster you need to quickly set up a new infrastructure to recover operations
  • off-site backups to aid disaster recovery by storing business critical data in a remote location

Cloud storage features

Cloud storage offers multiple business-critical features that are not as easy and cheap to get when operating traditional storage systems:

  • elastic capacity: cloud storage is quickly and easily scalable up and down and practically unlimited (i.e. only bound by fiscal limits)
  • throughput: data transfers between cloud storage, cloud computing and content delivery networks is very high because internally the storage scales over many well connected servers (usually equipped with 10 GigE links)
  • latency: data can be easily moved between storage tiers inside a cloud and quickly made available to consumers at the edge of content delivery networks
  • de-duplication: duplicate files are automatically detected based on content checksums and do not occupy additional storage space
  • versioned copies: buckets can be configured to retain a limited or unlimited number of previous versions of a file
  • high availability: cloud storage combines the inherent fault-tolerance and redundancy of object stores geographic distribution of mirrors across multiple data centers

Most of these cloud storage features stem from the fact that highly scalable object stores are used internally. That means the same features can be achieved when operating object stores on-premise. However, this requires a level of operational experience the available personnell in an organization may not have. 

Security

When you do not encrypt your data before you store it in the cloud it will be readable by the cloud operator and by any third party that gains legal or illegal access to the operator's infrastructure.


The decision of using an external data host depends not only on economic factors. It's important to also assess the security requirements of different data sets and the risks involved with hosting data on-premise and off-premise. In some instances the cloud may be a more secure place for data because cloud operators are expected to have more operational experience in securing datacenter access. Many cloud operators also have security clearances and certifications (PCI for storing credit card data, MPAA clearance for entertainment data) that a smaller business may lack.

Cloud platforms typically offer extensive security features and multi-level security controls for online data access as well as state-of-the-art physical security of all data center facilities. Security features are usually explained on the cloud operator's website. Operators also undergo regular security audits. Certificates for the latest audit are available upon request. However, cloud operators will also always fulfil legal law inforcement requests in their jursidiction.

An argument for on-premise storage may come from national regulations in privacy or data retention laws that may explicitly forbid off-site or off-shore data hosting. If in doubt consider encrypting your data on-premise before sending it to a cloud operator. Multiple appliances for transparent data encryption and hybrid on-premise/cloud data hosting exist that automate this process.

Related Articles: