As we plummet down into Gartner's "trough of disillusionment", the cloud skeptics are making their voices heard. Although my professional focus is at the forefront of the cloud storage wave, I can not disagree with the content of articles with sensational headlines like "Cloud Storage: It's Strictly For Airheads" and "Why Cloud Storage Use Could Be Limited in Enterprises". The authors are doing exactly what everyone should be doing: Questioning the viability and suitability of cloud storage in the enterprise.
The truth is, although I'm not the "cloud police", not all managed storage services are created equal. In fact, lots of them are, to put it bluntly, not worth much. Many cloud backup and archiving services use bare un-protected disk drives to store data, have no redundancy built into the system, and try to scrape up every cent by using home-brewed hardware. This is especially true in the consumer space, where bargain-basement (or even free) pricing has driven a race to the bottom in terms of quality. No business should use junky consumer solutions.
Even service providers that presume to sell in the enterprise market often miss the mark. Forgetting the inappropriate per-month credit card billing method and laughably poor support services, many providers adamantly refuse to comply with basic corporate governance principles. Why would a business use a service that won't tell them where their data is, won't allow their auditors to examine both the processes and data centers in use, and won't stand up service level agreements (SLAs)? If your service is not enterprise-grade, you have no business selling to the enterprise! No wonder corporate folks are scared of the cloud.
Subpar offerings from flaky vendors hurt the whole industry. So let's take a look at what the business cloud storage skeptics are saying, and how the enterprise managed storage service providers can respond:
- Data integrity is a must. Let's say you sold buckets for a living, but one out of 12 had holes in it. How long would you be in business? Amazingly, many cloud storage solutions lack both redundancy and integrity checks and use big bare disks to hold data. These buckets have holes, and data loss is a certainty. Fixing this issue is straightforward: All cloud storage should include parity protection, redundancy, and integrity checks. Business storage systems commonly use RAID to protect against disk media failures, but massive-scale cloud solutions must do even better. Cloud storage must also save multiple copies of data, preferrably automatically distributing it geographically according to SLAs. And I wouldn't be able to sleep at night without proactive integrity checking and data scrubbing.
- Geographic dispersion of data has implications beyond data protection, though, so cloud providers must also include policy engines to drive governance and compliance. Since compliance with privacy and similar laws is based on physical location, businesses must know where their data is at all times. You can't have data growing legs and traveling, sometimes across national borders. In contrast to the old storage service providers (SSPs) of a decade ago, cloud storage systems are inherently policy-friendly. Objects, metadata, and policy-driven data management are becoming more common, enabling even better data governance than traditional enterprise storage systems. I bet your SAN or NAS system can not enforce your SLAs for geographic dispersion, keeping this data type in New Jersey and replication that other one to California but allowing only a third to cross to Europe.
- Cloud storage services must be managed and operated better than enterprise systems, not worse. I cringed when I heard tales of the T-Mobile/Microsoft/Danger servers and SAN storage "sitting in a corner" with no knowledgeable staff, no operations focus, and a looming migration. Of course it failed! From an operations standpoint, I love that a humongous and homogenous storage infrastructure can be managed by just a few focused, educated, and talented individuals. That's what cloud storage is all about! Neglected systems have no business in production, especially at a service provider.
- Managed services must allow auditors to verify their claims. I am a car nut, so I definitely wouldn't trust a garage who whisked my car off to an undisclosed location so unseen mechanics could work on it. I wouldn't eat at a restaurant that didn't allow the health department to inspect it. So why would I put blind faith in a managed service provider who held my critical data? Cloud vendors must perform their own security and operations audits and allow their customers to do the same. You can't pass the buck on governance: If you require SAS70 or PCI or a third-party audit, then your service providers must step up and allow it, too.
I'm mad, and I'm throwing down the gauntlet. I want every service provider to start now, protecting data, upholding policy, demonstrating operational excellence, and allowing audits. Anyone who doesn't is a disgrace to the industry, and their customers ought to seriously reconsider where they place their data. Mark me down as a cloud skeptic!
By the way, I work for a managed storage service/cloud storage provider, Nirvanix. But I'm a long-time enterprise storage consultant and would not work here if the company couldn't live up to these must-have requirements.