Wednesday, April 27, 2011

Cloud vs Internal storage

I have written a few times about the lack of trust that corporate IS groups have for data stored in the cloud.  Much of this is based around FUD (fear uncertainty and doubt) injected through the media, but also through a lack of trust of anything that cannot be directly controlled.  Whilst corporate IT often feels it does a better job that a nameless cloud provider is this really the truth?

For example I am often told how unsafe data is when stored within the Google Apps services, that Google indexes your data and use that company confidential data for nefarious reasons etc.  On the other hand I have sat in Googles offices talking to Google themselves and they tell a very different story about their data security processes.  The differences are profound and I  been wondering for some time whether the FUD is actually a tactic by other vendors aimed at ensuring that they have time to prepare their own cloud services.  Google must have encountered this concern a number of times now and have produced the video below to give an insight into how their data centres are managed.



Now it is worth noting that this video is obviously a propaganda video aimed at dispelling something disadvantageous to Google however it does show a well organised and thought through approach to data in their care.  I know some will doubt the truth of this however I have no reason to doubt that the video is not a demonstration of the processes that they have in place. 

Now lets compare that to corporate IT, many of the best corporate IT groups use the ITIL service management system to ensure a consistent approach to the IT services they provide.  Part of this approach advocates something called a DHS (Definitive hardware store) where all equipment not currently in use is stored so that it is ready for re-use.  Recently I had the chance to take a tour of a DHS and saw stacks of used servers; storage arrays and individual hard drives just sitting within the store waiting for possible re-use.  

The building containing the DHS itself stands within a business park that has a small amount of security present, and both it and the DHS have locks but this level of security is not even close to that demonstrated on the video above.  I am pretty sure that the disks in this store are not tracked individually through the CMDB so their last use is unknown and thus the contents of the disks could be anything.  Not only that the data on those devices is in an unencrypted form so this could be accessed if the device fell into the wrong hands.  Even disposal of the disks must be handled elsewhere, usually by the vendor that offers the company the lowest price.  At this point I want to stress that his is in a corporate that handles IT pretty well, some older style organisations will most likely not be anywhere near this organised.

So my question is where is the basis for the assertion that corporate IT looks after the data better than the cloud vendor?  Not only that the corporate IT department presents itself to the business departments in a manner not unlike the cloud vendor i.e. they are dealing with a remote centralised organisation that claims to look after its data.  For them would using a cloud service directly be any different to using corporate IT storage?   I suspect only the size of files being worked on and the cost of comms links is holding them back....for now.

No comments:

Post a Comment