If it rains, is your data safe in the cloud?
This is a followup to my recent column about Steve Wozniak’s warning on the perils of cloud computing, especially cloud storage. It might surprise many users to know there are firms that sell cloud storage and do not back it up. They rely on the disk RAID and some redundancy in the cloud to “protect” your data. If something happens to their datacenter, they could probably not recover your data.
Remember MailandNews.com? They did not have a viable business model. They also didn’t back up their servers. One day they had a big crash and relied on the RAID array to recover the data. It took two weeks and still not all of the data was recovered.
RAID is not a data backup technology.
What happens if your cloud storage firm goes out of business? Some companies will put your data on tapes and send them to you. Others will tell you to download it. If you’ve accumulated a lot of data, that could take some time, especially if everyone is downloading their data at the same time.
Firms like IBM provide a professional backup service. This means customer data is stored on both disk and at least one tape. If there is a requirement for offsite data storage, a second tape is produced and sent to wherever. All data is encrypted and the customer controls the encryption keys.
Thanks to Enron, the financial crisis, and other wrong doings, there are boatloads of regulations on how to secure business data. Professional data storage firms know how to do it and can pass audits. Other companies do not. If you are in business and fail to meet government regulations it will be you and not your cloud storage provider who will face fines and/or imprisonment. If you are legally responsible for sensitive data, you had better make sure your service provider won’t let you down.
And that brings us back to the many cloud vendors we deal with regularly. Are DropBox, iCloud, Skydrive and others prepared to pass a PCI, HIPAA, SAS 70, or Sarbanes-Oxley style storage audit?