Special Coverage Series

Network Computing

Special Coverage Series

Commentary

Peter Long
Peter Long CEO of Lockbox

Avoid Cloud Storage Disasters: 6 Questions To Ask

Organizations could put their data at risk if they don't ask the right questions when evaluating cloud providers.

Companies of all sizes store their data on external servers every single day, whether they know it or not. This could be an organization whose employees bring their own devices and use file storage and sharing apps that the IT department isn’t aware of, or it could be a business looking to eliminate IT infrastructure costs and leverage the convenience of the cloud by moving data offsite.

One step that companies and individuals must take in order to use cloud storage is accept the provider’s terms and conditions. However, both organizations and individuals often fail to actually read those terms and conditions prior to clicking the "accept" button, putting companies in precarious positions that leave their data vulnerable to risk. What do you get in the fine print? Sometimes, it’s not as simple -- or pretty -- as you might think.

It is extremely important, regardless of company size, to understand where your data is going and what your rights are. More often than not, there are provisions buried deep within the terms and conditions that give providers rights to change, alter or even delete files. Providers also build in safeguards to absolve themselves of liability in the event of a security breach.

It's critical companies not only understand the terms of the programs their employees are using for BYOD, but also those for the cloud sharing and storage resources designated by the company. Going in with eyes wide open is the only way to fully understand your rights and protect corporate data.

Here are six questions all organizations must ask when evaluating cloud sharing and storage providers, either on a company level or for employee devices:

1. What is the service provider’s level of access and who holds the encryption keys? Many agreements call for unfettered access to data stored on a provider’s servers and most providers actually hold the encryption keys, so snoops or hackers can access encrypted data because the keys are stored alongside the files.

2. Can the provider change or alter your information? Believe it or not, when you click "accept," you are giving some providers the right to change, alter or copy your data without your knowledge. This is often positioned by providers as necessary for backup or formatting reasons.

3. Can the provider change the service at any time? Is there a clause stating that service may be changed or suspended at any time or does your provider need to give ample notice to allow you to remove/retrieve your data before changing the service terms?

4. When do fees kick in? Many providers start with freemium models, but charges can pile on quickly. Be sure to know what your needs are and the storage thresholds in order to be thoroughly prepared from a budget perspective.

5. Does the provider assume liability if its servers are compromised? In general, providers rarely assume responsibility for any consequences resulting from a security breach.

6. What happens when the contract ends? Since your data is stored remotely, you’re no longer in possession of it, so you need to be sure you can get your data back -- particularly if the provider is the one who terminates the contract.

[Read Howard Marks' analysis of the collapse of cloud storage provider Nirvanix in "The Nirvanix Failure: Villains, Heroes, and Lessons."]

Many organizations don’t realize the level of inherent trust they must put in their cloud service providers once they hit the accept button on those terms and conditions. It's extremely important that organizations understand their data rights when using someone else’s infrastructure.

The cloud is extremely beneficial and has allowed small companies to grow and large companies to accommodate a geographically diverse workforce. With those benefits come risks, and companies must ask the right questions before signing on the dotted line.



Related Reading


More Insights



Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
 

Editor's Choice

Research: 2014 State of Server Technology

Research: 2014 State of Server Technology

Buying power and influence are rapidly shifting to service providers. Where does that leave enterprise IT? Not at the cutting edge, thatís for sure: Only 19% are increasing both the number and capability of servers, budgets are level or down for 60% and just 12% are using new micro technology.
Get full survey results now! »

Vendor Turf Wars

Vendor Turf Wars

The enterprise tech market used to be an orderly place, where vendors had clearly defined markets. No more. Driven both by increasing complexity and Wall Street demands for growth, big vendors are duking it out for primacy -- and refusing to work together for IT's benefit. Must we now pick a side, or is neutrality an option?
Get the Digital Issue »

WEBCAST: Software Defined Networking (SDN) First Steps

WEBCAST: Software Defined Networking (SDN) First Steps


Software defined networking encompasses several emerging technologies that bring programmable interfaces to data center networks and promise to make networks more observable and automated, as well as better suited to the specific needs of large virtualized data centers. Attend this webcast to learn the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging.
Register Today »

Related Content

From Our Sponsor

How Data Center Infrastructure Management Software Improves Planning and Cuts Operational Cost

How Data Center Infrastructure Management Software Improves Planning and Cuts Operational Cost

Business executives are challenging their IT staffs to convert data centers from cost centers into producers of business value. Data centers can make a significant impact to the bottom line by enabling the business to respond more quickly to market demands. This paper demonstrates, through a series of examples, how data center infrastructure management software tools can simplify operational processes, cut costs, and speed up information delivery.

Impact of Hot and Cold Aisle Containment on Data Center Temperature and Efficiency

Impact of Hot and Cold Aisle Containment on Data Center Temperature and Efficiency

Both hot-air and cold-air containment can improve the predictability and efficiency of traditional data center cooling systems. While both approaches minimize the mixing of hot and cold air, there are practical differences in implementation and operation that have significant consequences on work environment conditions, PUE, and economizer mode hours. The choice of hot-aisle containment over cold-aisle containment can save 43% in annual cooling system energy cost, corresponding to a 15% reduction in annualized PUE. This paper examines both methodologies and highlights the reasons why hot-aisle containment emerges as the preferred best practice for new data centers.

Monitoring Physical Threats in the Data Center

Monitoring Physical Threats in the Data Center

Traditional methodologies for monitoring the data center environment are no longer sufficient. With technologies such as blade servers driving up cooling demands and regulations such as Sarbanes-Oxley driving up data security requirements, the physical environment in the data center must be watched more closely. While well understood protocols exist for monitoring physical devices such as UPS systems, computer room air conditioners, and fire suppression systems, there is a class of distributed monitoring points that is often ignored. This paper describes this class of threats, suggests approaches to deploying monitoring devices, and provides best practices in leveraging the collected data to reduce downtime.

Cooling Strategies for Ultra-High Density Racks and Blade Servers

Cooling Strategies for Ultra-High Density Racks and Blade Servers

Rack power of 10 kW per rack or more can result from the deployment of high density information technology equipment such as blade servers. This creates difficult cooling challenges in a data center environment where the industry average rack power consumption is under 2 kW. Five strategies for deploying ultra-high power racks are described, covering practical solutions for both new and existing data centers.

Power and Cooling Capacity Management for Data Centers

Power and Cooling Capacity Management for Data Centers

High density IT equipment stresses the power density capability of modern data centers. Installation and unmanaged proliferation of this equipment can lead to unexpected problems with power and cooling infrastructure including overheating, overloads, and loss of redundancy. The ability to measure and predict power and cooling capability at the rack enclosure level is required to ensure predictable performance and optimize use of the physical infrastructure resource. This paper describes the principles for achieving power and cooling capacity management.