Feelings of Insecurity
The most common storage-as-a-service offerings are online backup and archiving applications. Things have changed since the days of StorageNetworks, a company that couldn't make a go of hosted backup and closed its doors in 2003. The original idea behind StorageNetworks was outsourcing -- providing a service that used the same storage frames that were in the data center, says Damoulakis. Now, many cloud storage services use low-cost, commodity storage in a distributed architecture. "We've advanced very far in virtualization, the Internet, distributed computing and the grid concept," he says.
Michael Peterson, president of Strategic Research Corp., launched a storage service provider in those early years and was a business and technology adviser to StorageNetworks. He says cloud storage is a very broad term that incorporates a variety of technologies and business models. For example, some service providers use distributed, commodity storage, while others might use traditional midrange or high-end storage frames. That means that it's important to understand what you're buying.
But there is a common theme: virtualization. "[Cloud storage] includes everything and is a virtualization model," Peterson says. Cloud is a catalyst for change, not a technology, and as such, it will bring about broader use of virtualized practices, he predicts.
Cloud storage service offerings range from basic file-based storage infrastructure services, like Amazon's S3, all the way up to storage-as-a-service applications. With the exception of start-up Zetta Inc., most vendors aren't pitching the cloud for primary storage.
In the business market, remote backup has always been the real driver for cloud storage, Peterson says. Nonetheless, most large businesses remain on the sidelines.
One of the biggest concerns IT organizations have with cloud storage is data security. Many cloud storage vendors offer encryption for data in transit and at rest. Some, such as Zetta, make encryption the default setting. That's important because in a storage cloud, your data might be on the same disks as data from other users, says Ruth. If another customer's data is raided by the FBI, for example, could yours go with it? "The laws are not sufficient to protect innocent parties whose data is on the same equipment," says Ruth. To address that, some vendors keep each customer's data on a separate disk. Zetta encrypts each customer's data with a different key.
Mildenhall says he feels confident that Amazon will be around for a while, but he still doesn't trust that the data will be. If he were to entrust business data to Amazon's storage service, he says he would need a mechanism to ensure that a copy of the data was replicated back to his data center. "I'm not willing to say that the copy of data in the cloud is the only copy I've got," Mildenhall says.
Fear of vendor lock-in is another concern. Every storage service provider has its own proprietary APIs. In some situations, the user might also want to define metadata associated with a data set, such as aging information or security parameters. But storage service providers handle that differently as well, says Ruth. "These services shouldn't require specially designed interfaces to make them work," he says. Vendors are just starting to work on standards to eliminate the problem.
The lack of common APIs would create problems if a storage service provider were to suddenly shut its doors -- and that's a possibility when you're dealing with a start-up. "Once you get in bed with a service provider, you hope to heck they're not going to go out of business," Ruth says.