Tuesday, June 25, 2013

Does Cloud Backup Meet CIA Requirements?

For most purposes, I am concerned with the CIA definition of security. Confidentiality, Integrity, and Availability. One implication of this is that if you don't have good  backups, you are FUBAR. And, since Murphy is alive and well, you will discover this at the worst possible moment.

I don't generally like to get into the Big Data and Cloud discussions on public fora, as there is entirely too much marketing noise. But sometimes I know of poor decisions being made, and I just can't resist.

It should be obvious by now that we have to bring analytics code to the data, not the obverse. But there are still organizations that want to sell cloud backups, and couch their 'solution' in big data terms. These are all really fashionable terms and all, but please price a OC-192 connection. That's also called a SONET 10G connection, because it very nearly is 10G. It is amazingly easy to saturate a 10G connection. Really. The server consolidation via virtualization shakeup has not yet played out, and you can ask your down-in-the-trenches network people, and you will likely get a couple of horrifying stories.

I'd be happy to hear what you are paying, if you have one. Perhaps prices have crashed, but it was recently in six figures. That's just the connection, not the storage on the other end. It may be very expensive to move Big Data. Things you might consider

  • rate of data change
  • required storage period
  • required access speeds across tiers (on-line, near-line, archival)
  • any compliance or regulatory issues (PII, PCI, etc.)
  • if the data must be encrypted, how well do you trust key management
In some cases there should be discussions with the legal team and/or the auditors. In more cases it should involve discussions with the bean counters.

If you can do reliable backups into a cloudy infrastructure provider, the financial numbers work, and you feel as if you can trust their service, good for you. But if it were me, I'd have to be very, very convinced before I would forego having a local backup of important data on local tape. If you feel the same way, how does that affect the value proposition of cloudy backup?



No comments:

Post a Comment

Thanks for your comment; communities are not built without you.

But note than comments on older posts usually go into a modertion queue. It keeps out a lot of blog spam. Weird links to Web sites hosting malware, marketing nonsense, etc.

I really want to be quick about approving comments in the moderation queue. When I think I won't manage that, I will turn moderation off, and sweep up the mess as soon as possible.

If you find comments that look like blog spam, they likely are. As always, be careful of what you click on. I may have had moderation off, and not yet swept up the mess.