FeaturesOpinionsData managementInfrastructure

Explaining cloud disappointments: DR readiness, data security

By Carol Ko 08-Jul-2011

Sam Tong, security consultant, Symantec Hong Kong
On June 17, Symantec released the findings of a new global survey on cloud computing projects, and found huge gaps between the project goals and realities in both the disaster readiness in private storage, and the security levels in private/hybrid cloud environments.

Two "gaps" that were particularly noteworthy were: 1) The gap (down 67%) between the expected and realized goals of disaster recovery (DR) readiness in private storage, and 2) The gap (down 55%) between the expected and realized goals of security in hybrid/ private cloud computing.

In the following interview with Asia Cloud Forum, Symantec Hong Kong Security Consultant Sam Tong (pictured) explains the possible reasons that brought disappointments to these enterprise cloud users in the Asia Pacific, and what can be done to improve the performance of these cloud-based solutions -- DR in private storage and hybrid/private cloud security.

1. DR in private storage


Asia Cloud Forum: Why is there a huge gap (down 67%) between the expected and realized goals of disaster recovery readiness in private Storage-as-a-Service (private storage)?

Sam Tong: Cloud computing is still very new. It's natural that the technology and best practices beyond virtualization are still developing. Unfortunately marketing is moving faster than expertise and experience can deliver.

What are the major concerns of DR for private cloud storage users?

Tong: Where an enterprise outsources its DR to a private cloud storage provider, the organization needs to ask questions around three scenarios:
  1. Network resilience: If the network at the primary site of the cloud storage provider goes down, what is the provider's DR strategy?
  2. Failover: At what point will the storage switch over (from primary to back) in the event of performance issues on the primary site?
  3. Parts failure: Where there is a failure in either the server or the storage in the primary site, what is the provider's DR strategy?
In addition, regulators still need to be convinced that cloud technology is sufficient mature and safeguards in place for the protection of customer data.

Do you think private cloud storage vendors over-promised their DR capabilities? 

Tong: All cloud service vendors sign onto a service level agreement (SLA) that they agree with the customer. The service provider builds its infrastructure -- storage, servers, networks, software, management tools, and middleware -- around this SLA. Most failures in meeting the SLA are as a result of human error.

"Most failures in meeting the SLA are as a result of human error."

 

-- Sam Tong, security consultant, Symantec Hong Kong


Best practice suggests using automation software as a core component of a service provider's DR strategy. Policies must be reviewed and the management tool configured to ensure that the settings match the expectation of the customer and the commitment of the vendor as indicated in the SLA.

Any other possible explanation for the gap between the expected and realized goals of DR readiness in private storage? 

Tong: Concerns over WAN failure remain, particularly where the public network infrastructure is involved. Asia's potential for earthquakes, tsunamis and cyclones leave vulnerability to natural calamities top of mind among IT and business executives looking at outsourcing their IT infrastructure to a third party, especially when the customer is unable to ascertain where the equipment is physically located (primary and secondary sites). 

How may DR readiness in private storage-as-a-service be improved? 

Tong: The standard DR services best practices hold true even in the cloud. Storage service providers must include the following as part of their infrastructure set up:
  1. Site-to-site data replication
  2. Cross-site storage service failover
  3. Disk mirroring
  4. Tools to enable centralized storage operation monitoring
Service providers must continually look at improving the automation of these services, including predictable regularly testing of the services to ensure that customer data and service remain uncompromised.





Tags:
data security, disaster recovery, hybrid cloud, private cloud, Storage-as-a-Service, survey, Symantec




RELATED ARTICLES


0 reader's comment

  • 3232 reads

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.