When a crisis like the recent COVID-19 pandemic hits, few IT organizations were fully prepared for the sudden shifts in network traffic, resource usage and support calls as they became 100% work-from-home organizations. Demands on remote access infrastructure, such as internet-facing systems, VPN gateways and virtual desktop infrastructure servers, exploded. Simultaneously, application and file-sharing performance plummeted because few organizations had infrastructures designed for the remote workloads and high-latency connections of the new WFH environment.
While network administrators quickly tried to add VPN capacity, IT architects looked to cloud services, particularly for mature, widely used enterprise systems like office suites, email services, group collaboration, file sharing and storage. The ability to almost immediately scale cloud resources to match increased demand makes them invaluable during periods of rapid change and extreme disruption. In a universal WFH environment, cloud storage performance, in particular, can mean the difference between uninterrupted data access and service outages or slowdowns.
However, companies have a number of challenges as they transition from traditional on-premises storage systems to cloud services while maintaining security, service performance and data access controls. What follows is practical advice about cloud storage for storage managers as they help their organizations deal with a crisis.
The many facets of cloud storage
Cloud storage isn't a monolithic product category. It includes a range of applications that fall into two categories:
- IaaS, typically from the big three -- AWS, Google Cloud and Microsoft Azure -- include object stores such as S3 (for brevity, we'll use AWS for the examples), network file storage such as Amazon Elastic File System (EFS); network file shares such as Amazon FSx; block storage such as Amazon Elastic Block Store; and cold, archival storage such as Amazon S3 Glacier.
- Storage-as-a-service (SaaS) file sync-and-share products, such as Apple iCloud Drive, Box, Dropbox, Google Drive and Microsoft OneDrive.
Optimizing cloud storage performance
One of the advantages of SaaS is its simplicity; there aren't many configuration options that might change performance. For both SaaS and IaaS, internet connectivity is the most significant factor affecting performance. In a WFH environment, that's beyond IT's control. That said, the exploding popularity of streaming video services has prompted broadband providers to upgrade their services so that most U.S. households now have 100 Mbps internet service.
Other factors influencing cloud storage performance include the provider's system design and infrastructure implementation, which means IT organizations should test the performance of several SaaS products before buying. Look for providers with a global footprint that have data centers in every region and points of presence near major metropolitan areas.
For example, several years ago when Dropbox installed proxy servers in all regions, it cut download times by 40% and boosted upload speeds by 90%. Vendors can also improve their UI speed and usability through software optimizations, such as doing server-side rendering for document previews and optimizing their document indexing software to reduce search times.
IaaS storage provides IT with more freedom in configuring resources, with each type of service having different factors and configuration options that affect performance. General factors include:
- the number of deployed instances for scale-out services like object storage;
- size and performance tiers (for example, AWS EFS offers General Purpose and Max I/O performance modes); and
- storage features that are enabled, such as background snapshots, RAID configuration (for block storage) and replication.
Providers often have cloud storage performance tips in the documentation for each service.
Coping with cloud security
While both IaaS and SaaS require buyers to establish and implement security policies and configurations, IT has more control over things like object, block and file resources than it does with packaged file sync-and-share services. However, in both cases, IT must understand the shared security model and division of responsibilities common to all cloud service providers.
In the shared model, the provider is responsible for the security of the cloud itself. That includes the facilities, networks, systems and software used to deliver cloud resources and services. SaaS providers also manage application software.
The cloud customer, on the other hand, is responsible for security in the cloud, which, for IaaS, includes the software and OSes running on cloud resources as well as VPNs. For both IaaS and SaaS, the customer is responsible for identity management, user authentication and data stored in cloud services.
In practice, the shared security model requires cloud users to plan four areas of security controls.
- Data protection includes defining and configuring role-based access controls (RBAC) for various stored resources and configuring at-rest data encryption. For organizations not wanting to rely on a provider's built-in encryption features, it might mean providing and managing private keys.
- Network isolation and traffic controls connect storage resources to enterprise virtual private clouds and define and configure virtual firewall rules to restrict access.
- Identity management, authentication and authorization include creating groups to limit user access to various storage resources and assigning users to the appropriate RBAC roles. This also covers encryption key management for privately managing keys. For IaaS storage, identity access management and key management are typically done using a cloud provider's native service, such as AWS IAM and Key Management Service (KMS) or Azure Active Directory and Key Vault. However, some organizations prefer integrating an on-premises directory and KMS.
- Service monitoring and logging means configuring storage services to log metrics and alerts to a cloud provider's monitoring service, such as AWS CloudWatch and Azure Monitor.
Life beyond the crisis
The COVID-19 crisis, and resulting WFH fire drill, has left IT strategies and budgets in tatters. A recent update from IDC suggested that IT spending in all areas except software will contract this year, but where money remains available, cloud services, security and remote access technology will be priorities.
Wise investments in cloud, internet bandwidth, remote access connectivity such as software-defined WAN and security will yield benefits in the short and long terms. Now isn't the time to hastily introduce cloud services, but rather take time to research the alternatives and plan a holistic cloud-network-storage system that will be ready for the next crisis.