From a usability aspect its invisible to the cloud server yet solves the data leakage issue; the cloud server sees the drive as unencrypted so no on-server modification is necessary by customers. We always advice customers to store data they wish to keep confidential on an encrypted drive. The ability to have multiple drives with our cloud servers also means you can create a system drive and a data drive then encrypt just the data drive. It means you can easily control your confidential data and ensure it is stored encrypted and safe from any data leakage. We see this as a fundamental requirement of any public cloud so encryption and related services are all included and implicit in our pricing. Anyone considering using a public cloud service should ask and clearly understand how the vendor addresses the issue of data leakage to protect confidential data.
Hey, where’s my data?
Moving data to the cloud can also result in a loss of transparency about where it is stored and more importantly who has access to it. This is less of a problem for IaaS clouds than some global SaaS products which are distributed across many different locations and jurisdictions.
As a customer of an IaaS cloud, its important to understand:
* what location and jurisdiction is the cloud located in (or for each location if more than one)?
* what company manages and controls the data in the cloud?
* where is the company incorporated and where are its management and control structures located?
* is data ever transferred from the cloud location, if so under what circumstances?
The answers to these questions will go some way to determining the legal implications of moving your data to that cloud vendor. For ourselves:
* our cloud is located in Zurich, Switzerland and comes under the sole jurisdiction of the Swiss legal system
* the cloud is managed by CLOUDSIGMA AG with registration number CH-020.3.034.422-0
* CLOUDSIGMA AG is a Swiss company incorporated in the canton of Zurich. Its headquarters and management are based at our main offices in Glattbrugg, Zurich, Switzerland
* we never transfer data outside of the cloud, we will be launching multiple new locations shortly but all data will remain within each cloud location unless a customer specifically transfers data out
Avoiding data lock-in
You could argue it isn’t strictly related to security but the ability to get your data in and out of a cloud has<!–pagebreak–> direct implications for data management and control. Before placing any data in a public cloud, firstly establish what procedures are in place to allow you to migrate your data out. Key characteristics to look at are:
* a clearly defined and established procedure for data migration
* low or zero cost for migration
* data can be extracted in a meaningful, useful form for immediate re-use
Before making the investment to migrate to our cloud, understand properly the investment needed to migrate back out again!
Just to address these points for CloudSigma, our main migration path is via our drive image FTP over SSL gateway. This gives our customers a direct connection to their private library of drive images in our cloud and the ability to upload or download whole drive images in RAW ISO format. This enables customers to extract their entire data from our cloud using a standard established protocol without modifying data structures. The RAW ISO format enables the drive image to then be used on open source or proprietary solutions or even burned back onto physical hardware. We charge our standard flat rate per gigabyte fee for outgoing data transfer (incoming is free) at the rate of CHF0.065/ US$0.0585 /EUR0.0455 per GB. For example a very large 1 terrabyte drive image would be free to upload to our cloud and would cost just $59.90 to migrate. Best of all, its possible to transfer out the drive image from our cloud via FTP to another hosting provider or cloud directly at high connectivity speeds.
Conclusion
Customer education and more vendor openness is definitely needed to allow a much more transparent debate on data storage in a cloud environment. Issues do exist but solutions that solve them are available to achieve real data security in the cloud. Customers need to ask intelligent and reasonable questions regarding data handling/storage and vendors need to be prepared to give full and frank answers
Hey, where’s my data?
Moving data to the cloud can also result in a loss of transparency about where it is stored and more importantly who has access to it. This is less of a problem for IaaS clouds than some global SaaS products which are distributed across many different locations and jurisdictions.
As a customer of an IaaS cloud, its important to understand:
* what location and jurisdiction is the cloud located in (or for each location if more than one)?
* what company manages and controls the data in the cloud?
* where is the company incorporated and where are its management and control structures located?
* is data ever transferred from the cloud location, if so under what circumstances?
The answers to these questions will go some way to determining the legal implications of moving your data to that cloud vendor. For ourselves:
* our cloud is located in Zurich, Switzerland and comes under the sole jurisdiction of the Swiss legal system
* the cloud is managed by CLOUDSIGMA AG with registration number CH-020.3.034.422-0
* CLOUDSIGMA AG is a Swiss company incorporated in the canton of Zurich. Its headquarters and management are based at our main offices in Glattbrugg, Zurich, Switzerland
* we never transfer data outside of the cloud, we will be launching multiple new locations shortly but all data will remain within each cloud location unless a customer specifically transfers data out
Avoiding data lock-in
You could argue it isn’t strictly related to security but the ability to get your data in and out of a cloud has<!–pagebreak–> direct implications for data management and control. Before placing any data in a public cloud, firstly establish what procedures are in place to allow you to migrate your data out. Key characteristics to look at are:
* a clearly defined and established procedure for data migration
* low or zero cost for migration
* data can be extracted in a meaningful, useful form for immediate re-use
Before making the investment to migrate to our cloud, understand properly the investment needed to migrate back out again!
Just to address these points for CloudSigma, our main migration path is via our drive image FTP over SSL gateway. This gives our customers a direct connection to their private library of drive images in our cloud and the ability to upload or download whole drive images in RAW ISO format. This enables customers to extract their entire data from our cloud using a standard established protocol without modifying data structures. The RAW ISO format enables the drive image to then be used on open source or proprietary solutions or even burned back onto physical hardware. We charge our standard flat rate per gigabyte fee for outgoing data transfer (incoming is free) at the rate of CHF0.065/ US$0.0585 /EUR0.0455 per GB. For example a very large 1 terrabyte drive image would be free to upload to our cloud and would cost just $59.90 to migrate. Best of all, its possible to transfer out the drive image from our cloud via FTP to another hosting provider or cloud directly at high connectivity speeds.
Conclusion
Customer education and more vendor openness is definitely needed to allow a much more transparent debate on data storage in a cloud environment. Issues do exist but solutions that solve them are available to achieve real data security in the cloud. Customers need to ask intelligent and reasonable questions regarding data handling/storage and vendors need to be prepared to give full and frank answers
ـــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــــ