What happens to data when cloud providers evaporate?
- — 27 April, 2011 05:24
Over the past year, four cloud storage service providers have said they're shutting down and Amazon's cloud services have been problematic since Thursday.
"All of these things are coming together ... to give cloud storage providers a black eye. Anyone who was on the fence about cloud storage may be off of it by now," said Gartner research analyst Adam Couture.
More importantly, the closures and outages leave users with an important question: What happens to their data when the cloud they use evaporates?
Currently, there's no way for a cloud storage service provider to directly migrate customer data to another provider. If a service goes down, the hosting company must return the data to its customer, who then must find another provider or revert back to storing it locally, according to Arun Taneja, principal analyst at The Taneja Group.
SNIA and migration
The Storage Networking Industry Association's Technical Work Group is developing an API called the Cloud Data Management Interface that would allow providers to migrate customer data from one vendor's cloud to the next -- a move aimed at alleviating vendor lock-in.
That API, if adopted by the industry, will become more important over the next several years as nearly three out of four cloud storage companies that cropped up in recent years whither and die, according to Taneja.
"There's no way for Amazon to send your data directly to another storage service provider like Nirvanix. The transfer has to happen back to the customer," Taneja said. "And, there are no rules or regulations about [cloud storage] data deletion today."
Even if you ask a cloud vendor to delete your data, it's not necessary gone -- at least, not right away. Cloud service providers use a "garbage collection" method for deleting old data. First, data is marked for deletion. Then the actual erasure or overwrite process takes place at a later date, sometimes months later, Taneja said.
That can be of particular concern in highly regulated industries such as financial services or for legal entities such as law firms.
Storage service providers dropping
Over the past year, storage service providers have been dropping quickly.
EMC last year announced it was shutting down its Atmos Online storage service because it was competing with its own resellers. At the time, EMC offered no guarantee that its customers could retrieve their data once the service closed. On the heels of the Atmos shutdown, cloud storage provider Vaultscape also closed.
Earlier this month, Iron Mountain announced it had stopped accepting new customers for its Virtual File Store service and was planning to shut it down over the next two years.
Then, last week, it was startup Cirtas Systems' turn; it announced it was leaving the market to regroup.
According to Gartner, pure-play public cloud storage service providers have had a modest level of adoption. Now, only Nirvanix and Zetta remain as pure cloud providers of network attached storage.
It's only natural that the herd of public cloud service providers is being culled, Taneja said. "The industry is overreacting. And, it's still in that overhyped stage."
With all the recent closures, Taneja said he worries there'll be a backlash against cloud storage services, even though they can offer good value in the right circumstances.
For example, Cirtas presented its services as "tier 2" primary storage with all the trimmings of an enterprise-class product, including data snapshots, cloning, thin provisioning, and WAN optimization, Taneja said. But the service didn't scale well.
"The hype is just out of sync with the reality," he said. "I'm not saying this is not the right time to be seriously looking at [the] cloud, but people have to go in with lower expectations. They must walk before them can run."
There are companies now offering "secure data deletion" in the cloud - or what amounts to crypto-erasure. That refers to the deletion of encryption keys, so that even if the data is ever accessed it can't be read in an unencrypted form.
One of the more popular services over the past year or so has been a type of hybrid storage cloud, where an appliance is placed at the customer's site, and backup data is stored there first and then replicated off to a cloud storage service provider. Examples of those are Nasuni, StorSimple and TwinStrata. Their boxes have different features, but at their most basic they store data onsite and replicate it to a major cloud storage provider such as Amazon S3, Microsoft Azure or AT&T Synaptic Storage.
Cloud storage provider Nasuni offers a NAS file server with 1TB of storage capacity that replicates compressed and deduplicated data to either AT&T's or Amazon's cloud storage service. A Nasuni customer gets an appliance onsite, and after an initial compressed backup to the cloud, the service takes ongoing data snapshots and sends them off to the online storage provider of choice. Each time data is sent over, it's encrypted and the keys are stored on customer's file server.
If the customer requests the data be deleted, the encryption keys are erased, leaving the data unreadable in the cloud.
"The file server is a gateway to the cloud," said Andres Rodriguez, CEO of Nasuni. "We're caching to the cloud. You can have 1TB of data in an appliance managing a much bigger amount of data in the cloud."
Nasuni customers can also choose a policy that allows them to retrieve deleted encryption keys, so that if they're mistakenly deleted, they're not permanently removed.
Like the latter vendors, Cirtas sold appliances for data centers that accelerated data transfers to cloud storage providers. The company had only come out of quiet mode last September and had raised $32.5 million in venture funding.
Cirtas is not the first heavily-financed storage service provider to hit difficult times. A decade ago, StorageNetworks Inc., which offered online primary storage, got more than $200 million from Dell, Compaq Computer and others in venture funding and another $243 million from an initial public offering. Three years later, it closed.
Officials at Iron Mountain, Amazon S3, and AT&T could not immediately be reached for comment.
Lucas Mearian covers storage, disaster recovery and business continuity, financial services infrastructure and health care IT for Computerworld. Follow Lucas on Twitter at @lucasmearian or subscribe to Lucas's RSS feed. His e-mail address is firstname.lastname@example.org.