When your data resides in cloud storage on a third party's infrastructure, some of the attendant risks may be attributable to the provider, some to you and some to both.
Data crosses multiple systems on its journey to a cloud service provider's storage and, the more waypoints there are, the greater the potential for things to go wrong.
Key to all of those issues is getting it right at the start. But if you don't, what are the five main things that can go wrong – and what should you do about them?
Too often, data is pushed out to the cloud to save money, perhaps by reducing the in-house IT function without considering the wider issues involved.
For example, many companies buy cloud storage in the hope it will result in a rationalisation of their data assets. The risk of this approach is that two processes – rationalisation and moving to the cloud – become conflated.
The top five pitfalls of cloud storage – and how to remedy them
What can happen then is that a mess that existed in-house is exported to the cloud, where lack of preparation costs money and the risk of fixing it is higher.
Instead, the organisation needs to develop a clear set of agreed success criteria to build cloud storage into its long-term strategy. For example, have the organisation's storage needs been fully re-evaluated before moving the data? Could re-organising the data have saved as much or more? Could you have made better use of existing hardware assets, before making some or many of them redundant – and has their residual value been taken into account when evaluating cloud storage?
Once in the cloud, data still needs managing. Unless IT quickly gets on top of monitoring and managing cloud-based data, there is a danger that, in the event of problems, users will bypass IT and contact the cloud provider directly to resolve issues. This will make monitoring the service-level agreement (SLA) and making valid cost-based decisions about data placement and strategy difficult if not impossible.
So the key to a successful move to cloud storage is preparation. You need to reference all the data to be transferred, plan the topology before data reaches the cloud and ensure you know exactly which data is going to the cloud, which will be held in-house and how it will be managed. Data should be prioritised so you can use tiered storage where available.
You're buying a critical service, so it is critical your storage service provider matches your needs and requirements – and also matches your risk profile and company size.
If the provider is a huge mega-corp, your medium-sized company will be 927th on its priority list, regardless of what the SLA says. If the tables are turned and you are a large enterprise, relying on a small provider is likely to be too risky, both in the small provider's lower probability of survival, and its ability to deliver all the services at the reliability levels you demand. In both cases, the service the business experiences is likely to be worse than when the in-house team provided it.
When you find a provider that fits your criteria, you need to consider their reliability record. So far as your needs and requirements are concerned, basic due diligence should include checking how much recent downtime a provider's services have suffered, and how accessible your data will be; the answer should be 24/7, of course. If the answers to these questions don't fit your criteria, look elsewhere.
Make sure too that if a misalignment of aims and objectives starts to become apparent during a contract, you can, if necessary, select another provider. The contractual terms need to be right, and you need a watertight means of extracting your data in a manner that allows you to port it to another provider or return it to your in-house systems.
The key is to be able to change service plans quickly and easily without financial penalties
It's easily done. For all but the simplest of setups in a small business, the key criteria for a cloud storage provider are likely to be formulated so that the online service at least matches the systems you already possess, in performance and functionality.
However, the cloud's added complexity drives a need to examine the provider's terms and conditions very carefully. You will need, for example, to be aware of what the SLA covers and what it does not – such as backup and encryption – and make provision accordingly.
In particular, you need to be rigorous about your capacity requirements, and calculate the costs of multiple scenarios using the service plans of your short-listed suppliers. Surprises about storage costs are unwelcome, so be realistic about future storage needs. The costs of cloud storage can add up over time to be higher than local storage, although factoring in business benefits such as universal connectivity and flexibility could mitigate these.
There may also be hidden costs that come to light only once the local storage has been removed. For example, specialists may be using old peripherals, essential to their work but only connected to local processing and storage, and finding replacements may prove costly and time-consuming. The lesson here is to consult widely among users, not just managers and IT.
The key is to be able to change service plans quickly and easily without financial penalties, a facility that should be explicit in the terms and conditions.
Once your data has left the premises, there's often a sense that you have also lost a degree of control over it. To some extent that's true.
In the worst case scenario, you might even physically lose the server it resides on. If your data resides on servers in the US, for example, it is possible for US government agencies such as the FBI to impound the hardware. This has happened. Innocent enterprise customers have lost data when agents seized a rack of servers even though only one IP address was targeted in their investigation.
Steps you can take to retain control include ensuring your data stays in the country, or at least inside the EU. This is mandatory for some classes of information, such as financial and personal data.
You also need to ensure that only those authorised to view it can do so, which means excluding the provider as well as employees with insufficient privileges. So, as well as implementing access control, you must encrypt the data.
The key – literally – is to ensure that you have an encryption key management strategy. It is easy to encrypt data only to find that, when the individuals who manage the encryption depart, knowledge of how to decrypt leaves with them, and you are left with disks containing unreadable scrambled bits.
Providers also suffer outages; every major provider has done so. Outages are among the risks you trade off against the savings and other benefits cloud can deliver. Protection measures include thorough research into the provider's policies and processes aimed at preventing such occurrences, and selecting another provider if you are unsatisfied. More practically, depending on your risk profile and your budget, a mirrored server setup can be deployed at a different provider's datacentre.
This may not, however, protect you if the provider's network goes down. So when selecting a provider, ownership of a dual network link could figure among your selection criteria if your budget allows.
The key to ensuring you retain control – no matter what happens – is not to assume the provider has taken care of it: Your data is your responsibility.
Since large data transfers cost money and take significant amounts of time, you may find that savings can be made by delivering large datasets – such as the initial upload – by courier on hard disks
Sufficient bandwidth is critical when moving data into the cloud. Your organisation will need to re-evaluate its bandwidth requirements based on a continuous stream of data in both directions.
If you are an SME, that hard-pressed ADSL link with its low outbound data rate is unlikely to cut it. However, with fibre to the cabinet becoming widespread, this is less likely to become a problem in urban environments, so check what speeds you can get. Larger organisations may find they need to move to a higher tier of their network provider's service plans.
By the same token, the storage provider's network ideally needs to be at least as fast as your upload speed, and preferably have capacity to spare. Your network needs may be cyclical, so check when the provider's network is most heavily used and see how it fits with your data usage patterns.
If you suffer internet outages, consider changing your supplier – with your company's data accessible only via the one cable, the importance of a solid, reliable connection cannot be overstated.
Since large data transfers cost money and take significant amounts of time, you may find that savings can be made by delivering large datasets – such as the initial upload – by courier on hard disks rather then over the wire.
Cloud data storage platform tips and takeaways