It has been a very interesting week for me. I have been talking to a number of analysts, listening to and reading to research on the cloud market space.
Nearly all organisations have a Disaster Recovery (DR) strategy and historically this has been done on tape that is stored offsite. This thing about disasters is that by their nature you can't predict them. One (great) analyst had two great stories about disaster recovery. The first was about 911. At the time the strategy to get a tape to a company quickly was on a plane. Suddenly this disaster meant that a company was down for days as a tape could not be flown to them. The second was Katrina - the tapes were safe but in a flooded mine that could not be accessed. What is important about DR is that you test your processes before a disaster happens and DR testing should be easy and not massively disruptive your organisation.
The cost of cloud storage today makes DR to and from the cloud a no-brainer for many organisations. At the consumer level it makes sense and at the Enterprise level where the volumes are much larger is makes just as much sense. What is key here is also managing security and performance which typically needs a hardware appliance that performs deduplication, tiering, compression and encryption.
The CIO View and Cloud Economics
I was at a TechTarget conference this week. What is interesting is when you look at adoption it is clear most companies will have a hybrid strategy - a mix of public, private and SaaS that is driven by the characteristics of the application and the stage of usage - development, production, DR etc. Enterprises also need to plan for the changes in network traffic and have strategies for minimising WAN traffic and latency.
Cloud computing in the U.S. shows momentum
Among 210 IT executives in U.S. businesses, roughly one-third currently uses only private cloud computing, while another one-third uses both private and public clouds. Roughly 1 in 10 uses only public cloud computing, and almost one-quarter uses no cloud computing option at all.
The key drivers for cloud computing are reducing capital expenditure, reducing costs and driving new capabilities.
Research: Cloud Computing a Prime Opportunity
“Cloud Computing: Pulling Back the Curtain" shows that mid-sized companies are adopting the technology fastest – 64 percent reported involvement with cloud computing compared to 36 percent of small companies and 58 percent of larger firms.
For the most part, respondents are looking to cloud computing technology to reduce their capital expenditures (85 percent) and drive down costs (84 percent). But an impressive 81 percent said they are using cloud computing as a way to add new capabilities not available in current IT models, which suggests an incredible opportunity for solution providers.
The survey, conducted in August by Harris Interactive and sponsored by Novell, indicates that 43% of IT executives with decision-making authority foresee increased use of both public and private cloud platforms in the future. Roughly 29% expect more use of private-cloud platforms, while 5% expect increased use of public clouds. Another 5% have "no plans" regarding use of cloud computing, and 7% said they are not sure.
When asked if the use of cloud computing will increase as current IT platforms need to be replaced, 92% of the IT execs answered either "strongly agree" or "somewhat agree." At the same time, almost 9 in 10 agree that cloud computing will occur alongside, instead of replacing, company-owned data centers.
When asked about possible barriers to adoption of private-cloud computing, 53% said the initial cost is a barrier, and half expressed security concerns as well.
Cloud computing brings drastic changes to IT departments
Since the cloud separates customers from business-critical information, latency and network bottleneck issues can slow down data recovery. The problem can be overcome by upgrades to a businesses broadband network, but adjusting to the potential problem before adopting the cloud is crucial to maintaining production.
The Telegraph had a great article on Cloud Computing and Microsoft discussing this once in a decade shift. Every CxO needs a cloud strategy. Again the US is leading the way and Microsoft is investing $9.5bn in R&D on cloud computing.
Cloud computing: will Microsoft and its rivals find a silver lining?
“The shift to cloud computing is huge. It’s one of those shifts that happen in technology once a decade or so,” said Sarah Friar, an analyst at Goldman Sachs in San Francisco. “It’s not something that anyone of any size can afford to ignore.” And it’s no longer just the preserve of theory, either. It’s shaping strategy in boardrooms, has fuelled the boom in technology deals this year and will help define the technology industry’s next generation of winners and losers.
North America has led the way on spending on cloud computing, accounting for 58pc of total spend this year, according to research firm Gartner, compared with 24pc for western Europe.
The numbers Microsoft gives suggests its bet is a real one. By next year, the Seattle-based company plans to be spending 90pc of its annual $9.5bn research and development budget on cloud computing. It already has a range of web-based software products, including Office Web Apps and Windows Azure, and 70pc of the 40,000 of its staff who work on software are in this field.
Global sales of cloud computing services climbed 21pc to $56.3bn last year, according to Gartner.
The research firm is forecasting that the size of the market will grow to $150bn in 2013.
A recent survey by research firm Vanson Bourne, found that 52pc of companies cited security when explaining why they were steering clear of cloud computing.
But it’s not just about the price. Experts say the ability for companies to radically increase or cut their computing power quickly is attractive, and can generate cost savings of its own. Investment banks, for example, make a surge in demands on their networks when option trades are calculated at the end of each quarter, but that paid-for computing capacity typically lies unused the rest of the time.
Bob Muglia was also interviewed on Microsofts cloud strategy
Q&A: Microsoft's Bob Muglia details cloud strategy
Virtually every customer that we're working with on e-mail is having a conversation about [whether it] is time for them to move those workloads into a cloud service. Many are choosing yes.
When we talk to readers about cloud, management is always an issue; security's always an issue. Can you talk about what Microsoft is doing to address those big worries about cloud computing?
The cloud is kind of a misnomer. It's more like multiple clouds. What is Microsoft doing to drive interoperability and standardization across different cloud platforms to make it easier for customers to bridge them?
Featured Azure Case Study
Government, Particularly in the US continues to forge ahead
Open Government Vision Continues to Flourish Through Data.gov
Synteractive, a leader in strategy consulting and business solutions, has been tapped to partner in building a new cloud-based dataset hosting solution for Data.gov using Microsoft's technology Windows Azure, SQL Azure, SharePoint 2010, and Bing.
Berkley who wrote one of the seminal papers on the cloud are continuing to invest.
Berkeley Lab Taps Google, Tests Amazon Cloud Services
Lawrence Berkeley National Laboratory is emerging as one of the federal government's leading adopters of cloud computing. The lab is in the final stages of implementing Google Apps; it's testing Amazon's Elastic Compute Cloud service; and it's deploying a mega private cloud.
Featured Blog Posts
Ready For Primary Cloud Storage?
Cloud storage has moved out of the experimental mode and into some form of production for many organizations. To date most of the use cases are either to backup data to the cloud or to archive data to the cloud. Now though the move is on to provide leverage the cloud for primary data storage. If successful it could change the way many businesses buy storage.
Download a whitepaper on hybrid cloud storage
Follow me on twitter.com/drianhowells
Many organizations are considering use of cloud storage to help simplify their data storage environments, improve data protection, and reduce overall costs. However, many challenges still exist with using cloud storage natively for traditional on-premises applications that drive businesses today, and security remains as a concern in terms of data privacy, confidentiality, and control.
A number of cloud storage on-ramp, or cloud storage gateway, devices have emerged, each promising to turn elastic, on-demand, low-cost cloud storage services into capacity that can be utilized by your on-premises servers while eliminating concern.
While the cloud storage on-ramp/gateway market is still nascent, customers should weigh out a number of factors before trusting their application environment and storage needs to such a system. Like other vendors, we have an opinion on what those factors are, and why they're important. When considering a cloud storage gateway, we encourage customers to consider:
- Performance - when using cloud storage, you are effectively injecting Internet latency, bandwidth, and packet loss in between your server and its storage. Gateway devices mitigate this, and an understanding of the architecture - and quantification of the system's performance - will help you understand whether or not the solution is applicable in your particular application environment
- Caching vs Tiering - many devices provide a "caching" architecture, where the cloud storage service is effectively your primary storage. StorSimple provides a "tiering" architecture, where the on-premises appliance is your primary storage. The differences are subtle, but substantial when viewed through the lens of data integrity, coherency, performance, and availability. We'll write more on this one later
- Security - devices should provide protection for both data in motion (over the network) and also data at rest (as stored in your cloud storage service provider network). Keys should never be shared with your cloud storage provider, as that can fundamentally put your control of your data at risk in the event of litigation/subpoena
- Data Protection - devices should simplify data protection and help you - when possible - eliminate multi-tiered backup and restore architectures. The fundamental unit of data protection in the enterprise today is the snapshot, and the longer you can extend the usefulness and liveliness of a snapshot-centric architecture goes a long way in minimizing operational complexity when you need to restore data
- Application Awareness - some devices claim to be "application aware", while also claiming to support everything including the kitchen sink. The vendor should take a pragmatic and focused approach to specific applications, with the necessary technology integrated to provide compelling value for specific applications rather than broad brush strokes that make their approach seem applicable to a broad array of applications. Our assertion - better to be the best at a small number of things than to fail at all of them
- High Availability - people deploy storage in a highly-available manner today, and when you move to a cloud storage-centric model, this should not change. Devices should provide you with the availability characteristics you expect from your current storage systems, and not require you to undergo configuration gymnastics or ridiculous server-side changes to meet your availability metrics
We'd love to get your feedback on criteria that should be considered; please feel free to leave a comment and let us know if these are valid considerations or if there are some that we missed!
In our last blog post, episode 1 - "what the heck is cloud storage?", we discussed what cloud storage is and some of its attributes. Based on those, it's apparent why many corporations are interested in being able to take advantage of cloud storage. It's elastic, inexpensive, and there's less headache in maintaining complicated storage infrastructure.
So why hasn't cloud storage taken off?
The truth is, cloud storage isn't consumable by most traditional applications in your data center. As it is accessed over a WAN (for public cloud storage) using APIs (more often than other access methods), cloud storage has done quite well for custom-built applications where the source code is readily accessible - both in the data center and for applications running on public compute clouds. However, this is not the case when the application expects to speak directly to disk storage using block protocols that carry SCSI, such as iSCSI, FC, and FCoE.
Additionally, many people are nervous about cloud security. In a sense, when you use cloud storage, you're giving control of your data to a third-party (unless of course you use a private cloud) and introducing a new availability concern (availability being part of the triad of security: confidentiality, integrity, availability). Naturally this brings up questions such as
- "what if my provider loses hardware?"
- "what if my provider's data center is compromised?"
- "how isolated is my data from the rest of my provider's customers?"
- "what if my provider is asked to turn over my data?"
- "what if my provider has an outage?"
- ... and many more
Alongside the communication issues and security issues are performance issues. Accessing cloud storage involves communication over a network - potentially, the Internet, which is the case in public cloud storage services. All networks - even data center networks - introduce latency, packet loss, bandwidth limitations, congestion, and other issues, all of which can impact performance. Most applications enjoy very high performance access to their storage systems today, because generally speaking the storage is accessed over the local network where these issues are only noticeable in extremely high-throughput environments.
Cloud storage services also lack in the realm of data protection. Many of them will automatically replicate your data to two or more locations, but replication does not solve the issue of providing a consistent copy from a point-in-time in the past. Virtually all companies today rely on snapshots as the foundation of their backup and restore strategy, which when used correctly can create application-consistent, crash-consistent point-in-time copies of application data, to allow the data to be restored in the case of corruption, site failure, data loss, and so on. Cloud storage services generally do not provide this function.
Unfortunately, without addressing these issues, it's difficult for I/T organizations to take advantage of cloud storage for many of the applications they rely on to power their business.
In the next episode, we'll talk about how these issues can be addressed. I look forward to your feedback on these items - where you agree, where you disagree, or points I may have missed. Please feel free to use the comments section below and speak up!
Cloud Storage and Security
I/T organizations today are examining the use of cloud storage services to take advantage of the economic efficiencies, pricing flexibility, and management simplicity that they provide. However, any discussion around cloud security inevitably ends with a serious examination of data security. Several questions are raised, seemingly without answers, including:
- Is my data secure? If so, how secure is my data?
- Who can access my data, and where can they access it from?
- What happens if our cloud storage provider is forced to release my data?
- What happens if my cloud storage provider loses a disk or tape?
- Am I in compliance, or out of compliance? How do I know?
- Can a malicious or former employee sabotage our data?
Today's storage environments require strict adherence to a well-defined set of technologies and processes. Data centers are typically locked and entry is restricted to ensure physical security. Management infrastructure access is controlled through roles based access control. Device interconnection is controlled through the use of CHAP, and authorization is managed through access control entries, zones, and virtual fabrics. Data at rest is protected through encryption to render it unusable without the appropriate key material. Data in motion is protected through SSL encryption, integrated authentication, and other mechanisms between tiers of a multi-tier application. Perimeter security is ensured through use of firewalls and intrusion detection/prevention systems. High availability is ensured through clustering, redundant network fabrics, and load-balancing. To summarize, many of the obvious points of the 'attack surface' are covered to minimize the possibility that security could be compromised. Using the traditional definition of the word security, this includes:
- Confidentiality - can an unauthorized user access my data, whether it is in flight from a user to an application server, between application server tiers, or at rest on a spindle
- Integrity - can an unauthorized user or node access and change or delete my data, whether malicious or unintentional, at any point in the overall architecture
- Availability - do single points of failure exist, or, vulnerabilities in my application architecture that - if compromised could impact availability of service
- Control - can my data be sent to a third party unknowingly or due to subpoena
Coming from an enterprise storage mindset it is easy to see why so many concerns exist over cloud storage security. Fundamentally an organization's data - the second most precious resource next to their employees - is being stored on a cloud storage service provider's infrastructure and maybe even accessed over the Internet. Many of the best practices for security in an environment with cloud storage can be enforced, but given the fact that a third party is involved in the equation, some of those best practices cannot.
With a background rooted strongly in storage, application delivery, and data center infrastructure, we at StorSimple feel we have a solid grasp on these concerns and understand how to overcome them (we'll be disclosing details on how we address these issues in the near future - stay tuned). We'd like to get your input on this very hot topic. What other issues do you see related to cloud storage and security?