Data protection implications with cloud services

More companies are moving to a cloud model that lets them outsource the underlying cloud infrastructure, and that model has widespread implications for users and data protection.

More companies are moving to a cloud model that lets them outsource the underlying cloud infrastructure, and that model has widespread implications for users and data protection.

The cloud today is a veritable alphabet soup of choices. And regardless of the cloud services option selected, there are data protection implications to consider.

First, let’s understand what we’re talking about. Here are a few definitions to get you started:

  • Infrastructure-as-a-Service (IaaS) is a computing model in which the equipment -- including servers, storage and networking components -- used to support an organization’s operations is hosted by a service provider and made available to customers over a network, typically the Internet. The service provider owns the equipment and is responsible for housing, running and maintaining it. In this model, cloud resources are virtual rather than physical, and can be consumed as needed rather than on a contractual basis. Payment is typically made on a per-use basis. IaaS consumers have no control over the underlying cloud technology.
  • Platform-as-a-Service (PaaS) is the delivery of a computing platform and solution stack as a service. End users leverage a PaaS to build and deploy Web applications/services available over a network, typically the Internet. Basically, PaaS provides the capability to build or deploy apps on top of IaaS.
  • Software-as-a-Service (SaaS) is a software distribution model in which applications are hosted by a vendor or service provider and made available to customers over a network, typically the Internet. With SaaS, consumers outsource the entire underlying technology infrastructure to a SaaS provider, and have no responsibility or management oversight for SaaS-based IT components.

Research by Enterprise Strategy Group (ESG) found that 82% of surveyed organizations have plans to leverage cloud-based services to some extent over the next five years. Adoption of cloud deployment models varies, however. Today, exclusive SaaS usage significantly outpaces exclusive IaaS usage by a 5-to-1 margin. While the current scope of SaaS usage is relatively limited within most organizations, a significant shift is expected to occur over the next 36 months. Specifically, while 28% of organizations deliver more than 20% of applications using SaaS today, nearly two-thirds (59%) expect SaaS will be responsible for providing at least 20% of apps to their users by 2014.

When organizations move from a “buy” to a “lease” model, there are implications for data protection. The traditional model of on-site app deployment means that IT organizations are responsible for the infrastructure, as well as the necessary people, processes and technology to enable the redundancy and recovery needed to meet service-level agreements (SLAs) for applications and data.

Moving from an on-site Exchange implementation to Google Gmail, for example, or choosing instead of on-site Microsoft Dynamics CRM, offloads the overhead of an in-house solution. Eliminating backup servers, storage, backup software licenses and portable media are only some of the costs associated with a move to the cloud. The OpEx cost and time savings of displacing high availability, backup/recovery and disaster recovery (DR) processes could be significant, depending on the scope of the solution. In fact, the savings could greatly influence a decision to outsource.

That said, there are other considerations to evaluate. Specifically, will the service provider do as good a job of meeting SLAs as in-house solutions, people and processes? What’s the amount of uptime they’ll guarantee? What safeguards are implemented to meet them? How frequently are copies made? How long are copies retained? What are the parameters for restitution should service levels not be met?

When answering these questions, things like multi-tenancy, which prevents co-mingling of data and encryption to ensure there’s no unauthorized access to data, will provide some peace of mind. But it’s clear many IT professionals still aren’t convinced that corporate data residing outside the corporate firewall is secure.

Cloud service models are sure to be disruptive to the status quo over the next few years. Companies that embrace change and have a high-risk/high-reward adoption profile are already dabbling with these delivery models. Organizations lagging in adoption will likely try the model using applications with a lower risk or less strategic stature. Surprisingly, according to ESG research, customer relationship management (CRM) software and email are the top applications companies are willing to apply when leveraging a SaaS model, and these are often key productivity systems for companies.

In the end, IT practitioners may not have a choice. Recent ESG research indicates that the loudest advocates for SaaS within an organization are non-IT executives and business unit owners. More than 40% of survey respondents conceded that decisions regarding the use of alternative application delivery models are being made -- or at the very least, influenced—by their business constituents. That means there will be continuing pressure to investigate cloud services to cut costs even while concerns about data protection persist. And data storage managers will have to work with their platform and service providers to ensure key questions about data protection are answered.

BIO: Lauren Whitehouse is a senior analyst focusing on backup and recovery software and replication solutions at Enterprise Strategy Group, Milford, Mass.

Dig Deeper on Cloud storage management and standards