Why Use the Cloud?
"The move to the cloud” is the fastest growing trend in information technology. Cloud-based services have many benefits,including lower costs, increased flexibility and efficiency. Enterprises great and small are looking to cloud-based providers to help them improve operational productivity, reduce overhead, and provide access to special services and expertise. One segment of the cloud services market is offering offline data storage to customers as an alternative to simply adding more servers in their existing data centers. However, some system administrators and security professionals have expressed concerns about security and confidentiality in a cloud-based environment.
Is the Cloud Safe?
A lot depends on the vendor. How well have they defined offerings? These issues are particularly important when dealing with vendors offering "storage" services. Your data is your company's lifeblood. What kind of storage services are being offered? To what extent have they engineered their infrastructure to maximize the privacy and security of each customer's content against intrusion ...by outsiders.... by other customers or by the cloud's own administrators! What kind of safeguards are in place to prevent to prevent abuse or system failures?
Can We Armor The Cloud?
YES! Properly defined and properly engineered, cloud-based services can offer a level of service and security comparable to anything that can be configured in-house. COLDSTOR Data's architecture is specifically designed to secure content in transit by limiting access and adding additional security and encryption functionality “in flight.” Each customer's data is physically as well as logically separate from each other. Each customer's content is replicated at geographically separate locations. Each customer's content is managed by its own dedicated “ICETray” management system which is itself replicated. All accesses and access attempts are recorded in detail. All records are inscribed in a “write once” format that doesn't permit overwrites. Take a look at our schematics for a more detailed overview of what we do and why.
Many of our techniques are specific to our function, which is archival storage. However, providers of any cloud based service should be prepared to demonstrate how they armor their applications and provide sufficient tools to permit the customer to measure their quality of service (QoS)..
Do Quality of Security Services Vary?
Unfortunately, yes. Instead of segregating each customers content, some providers have mixed content from their customers together physically, and constructed "logical" access barriers of varying quality to limit cross-access. Others have allowed users to run any code they want within their virtual environments. As one security expert warned, "Insecure applications that run in the cloud are identical to insecure applications that run on standalone, dedicated servers.... Problems such as buffer overflows, SQL injection, cross-site scripting (XSS), command injection, and other common application-level vulnerabilities do not magically disappear." Without proper safeguards, they just have bigger targets. Compounding matters, at least vendor failed to build sufficient redundancies into their system or to advise their clients that replication of content and system redundancies are essential to securing any data store. As a result, when problems occurred, they were newsworthy.
Security And the Difference Between Cloud-based Archive And Cloud-based Storage
Archive differs from storage. Archival storage needs to conform to a number of important legal and regulatory requirements and be able to preserve content well past the lifetimes of most storage equipment. Many of the security protocols COLDSTOR Data has incorporated into its IC3E storage architecture are "Archive-specific."
Because we are an archive, our stored content is generally inactive. As a result we can generate permanent, unerasable records of all accesses to content and all access attempts,and build-in an audit system that assures such records are authentic. Because such content is inactive we can keep it effectively off-line for much of the time.
Because we are an archive, we assume that when you want access to your archives, you may want access to any or even ALL records. For this reason, (plus the added security), we keep your files physically separate. As a result, you have options. Anytime you need content we can begin to send it to you electronically, or we can physically transport them to your destination!
Because we are an archive service we assume that you may want to keep some records for a very long time, so we have created an unbreakable Chain of Custody. COLDSTOR Data's Chain of Custody can prove that records held by us are authentic and preserved intact, can demonstrate who has rights to what data elements, and that can establish such records have been been handled properly over their lifetime....even if that lifetime spans multiple generations of storage equipment.
Because we are an archive, files have to be retrieved back to our ICEBox client side appliance or another in-house location, or moved to different cloud storage location before they can be manipulated. This preserves the integrity of archived content. It also prevents others from running commands stored within archived content, which provides additional safeguards.
Keeping YOU in Control
The most important element of any cloud-based security is the customer. At COLDSTOR Data, we believe that using the cloud to help manage your archived content doesn’t mean you should lose control control over that content.
COLDSTOR Data lets you know where your files are stored and generates a Universally Unique identifier (UUID) that marks where files are located as part of its set of proofs that files haven't been overwritten or moved. All attempts to access or use a file, to audit it for authenticity, or to port it to from an older storage unit to its replacement generate a report that you get automatically.
COLDSTOR provides for a number of options as to where content is stored. Content can be stored with us or with a COLDSTOR Partner of your choosing, or placed within your private cloud or intranet environment or, replication can be split between your cloud and ours.
Call COLDSTOR Data for more information about how we can secure your content in the cloud.