Cloud storage services offer virtually unlimited capacity, no infrastructure installation or support, and flexible payment options for organizations large and small. But these positives are often overshadowed
"There's a perception barrier that the market is going through on cloud security," said Rob Commins, director of product marketing at 3PAR Inc., which counts cloud providers as customers for its storage systems.
Commins said those concerns are often misplaced, considering measures taken by cloud providers to keep customer data safe.
"Performance, scalability, security -- all those things are the cloud providers' business," Commins said. "If I'm in the business of making toothpicks, I'm only spending 5%, maybe 10% of my company's budget on technology. These guys are spending 100% of their time on technology."
Still, customers are smart to raise those concerns before committing to the cloud. Jeff Boles, senior analyst and director, validation services at Hopkinton, Mass.-based Taneja Group, said security administrators have three main security concerns when it comes to third-party cloud infrastructure providers:
- External threats, mainly from hackers and spammers
- Internal data center threats, which include data center employees and other data center customers
- Enterprise users, who could easily screw something up within the organization's cloud space
Cloud service providers deal with external threats at the high end of the software stack. Boles said they have to balance security with access and administration. "The biggest issue, though, has been making the security flexibility within a cloud able to support the multiple needs of an enterprise," he said.
Storage administrators typically have a user directory for IT assets within the organization, but those options aren't always available with cloud service providers.
"The enterprise needs totally flexible ways of working with data that's in a cloud because more people are accessing it than ever before," Boles said. "It's almost like a SharePoint repository on steroids because you can access it from around the world."
The administrator also has to allow for cloud service access by multiple enterprise divisions, branch offices and remote offices, as well as business partners. "How do they easily and efficiently manage permissions, assign accounts and control access across accounts when that cloud repository is totally separate from their existing enterprise practices?" Boles asked.
Existing security solutions
Enterprise storage vendors are bringing out cloud-based services that incorporate advanced security features while providing as much administrative flexibility as possible. These massively scalable systems address internal data center threats, as well as enterprise user issues.
Scale-out NAS vendor Ibrix Inc. – acquired last month by Hewlett-Packard (HP) Co. – last October launched Cirrus, a software layer that runs on Ibrix's Fusion file-serving software infrastructure. Customers who subscribe to an Ibrix-based storage service provider can create users and groups with varying access levels, and have full management capabilities to manage, share, encrypt and protect their data.
3PAR rolled out its Cloud-Agile Partner Program for its InServ T-Class storage arrays last month. The program is based on the company's Virtual Domains technology that creates virtual arrays that provide secure and segregated users, hosts and application data.
EMC Corp. brought out Atmos onLine in May for its policy-based cloud storage Atmos platform. Atmos onLine lets customers federate on-premise data to an online cloud while retaining policy-based user control and retention.
Like many aspects of the cloud, security features will continue to evolve as storage vendors and service providers get a better idea of customer needs and preferences. "We're still seeing users figure out how they're going to use the cloud, and what the dominant usage patterns are going to be," Boles said.