When talking about the risk of storing data in the cloud, the conversation quickly turns to encrypting data, both during transport and at rest. The problem is that all the encryption in the world isn't going to help you if your encrypted data disappears because of sloppy data protection or data loss. What is your cloud storage provider doing to make sure that your data is going to be there when you need it next month, next year or in the next decade?
The typical response from a provider is that they will show you a Service Level Agreement (SLA). While this is a critical first step, that is all it is. The fact that the provider has an SLA at all, and some don't, is a good thing. The second step is for you to actually read the SLA very carefully. All of it. Some SLAs are used as a way to remove liability from the provider, and you want to make sure you understand what everyone's responsibility is.
The next step is to make sure the provider has the actual facilities, hardware, software and processes in place to actually live up to the standards that are provided in the SLA. Stopping at just the SLA is a dangerous mistake. The SLA only provides a few advantages to you. First, it means that the provider has at least thought about what is required to keep your data safe. Second, it gives you the ability to take legal action against the provider if they don't live up to the terms in the SLA. It does NOT provide the ability to actually recover data. Only the correct products and processes can do that.
Confirmation of the ability to execute the SLA is going to take some work. At least ask the provider what they have in the way of facilities, hardware and software. To do this step right, I think you really need to visit the location. Ideally the provider should allow for surprise visits (just like daycare). You want to check in on your data and make sure it is being well-cared for.
Of course, long distances might make frequent drop-ins difficult, but things change and you want to keep an eye on your data. Providers need to seriously consider a more sophisticated portal into each customer's data. I know there are some multi-tenant issues that the provider will have to resolve, but again, if they selected the right storage platform, that may not be too hard. This portal should provide information like how much data is being used, how much is available, when was the last backup taken, when was the last snapshot taken, who recently deleted data, etc... Think of it as a Nanny-Cam for your data.
Going beyond the SLA and making sure that your cloud provider has taken appropriate measures to live up to the SLA is key to making sure that your data assets are well protected. Providers need to be open and honest and go out of their way to show how carefully they are taking care of their customer's data assets.George Crump is president and founder of Storage Switzerland, an IT analyst firm focused on the storage and virtualization segments. With 25 years of experience designing storage solutions for datacenters across the US, he has seen the birth of such technologies as RAID, NAS, ... View Full Bio