Many of us didn’t feel comfortable doing our online banking until encryption using SSL became commonplace. While no one can ‘guarantee’ the privacy that is provided by encryption, it does provide us with the comfort of knowing that a large number of brilliant minds spent a massive amount of time coming up with a mechanism by which we could establish trust in a world of insecure communication, allowing us to authenticate the website we were communicating with, and establish a reasonable level of confidentiality as we peruse our checking, savings, brokerage, and other statements over a public network.
Cloud storage gateways, or ‘on-ramp’ devices, provide a similar function for enterprise data centers using public resources (cloud storage services). Some of the same concerns existed with online banking that exist today with using public cloud storage services, such as:
– How do I know that the web server that I am interacting with is really from ?
– How do I know that when I’m viewing my financial transactions using my web browser that no one else can read that same data by sniffing the network?
In the case of cloud storage services, similar questions are asked. Encryption, certificates, and certificate authorities give us a reasonable sense that a network endpoint we are communicating with is who they say they are (authentication) and that the data we exchange is kept private (encryption).
Cloud storage gateway devices help improve security when using public cloud storage services in a number of ways, but some of the more prominent ways are:
– They use SSL for encryption, which implies that at least one party in the conversation is authenticated by a trusted third party, making it very difficult for man-in-the-middle attacks (some cloud storage services authenticate BOTH parties)
– They encrypt the data that is written to the cloud storage service using keys that your cloud storage service provider does not have, meaning you are storing data that they are far less likely to be able directly discern. The same goes for anyone else that gains access to it, maliciously or not
– They obfuscate the data that is sent to the cloud prior to encryption using techniques such as data deduplication and compression. Deduplication effectively puts your data “through a paper shredder” – which in and of itself can be stitched back together, but the effort required becomes increasingly difficult – and compression further assists in this matter
Based on the above, what the industry is starting to see thanks to cloud storage gateway devices like StorSimple is the emergence of ‘Virtual Private Storage’, or ‘VPS’. This approach goes a step further than the security innovations that occurred in online banking in that not only are endpoints able to authenticate one another and exchange data with a reasonable degree of security, the owner of the information is able to control the disposition of that data – and the contro of the data itself – through encryption.
So what does this mean?
This means that cloud storage gateway devices open up a new world of opportunities to take advantage of public cloud storage services in a secure manner. In many ways this approach can rival the level of security that is found in many data centers today, where many are still behind on implementing things such as DH-CHAP within their storage fabrics. Having an increased level of security decreases the level of perceived risk which makes public cloud storage more digestible for a broader range of applications and data, even those that have a high degree of scrutiny placed upon them through compliance and regulation.
Does the analogy resonate? Are there others that you can think of that would be equally or more appropriate? We welcome your feedback, and of course if you are interested in learning more, I encourage you to comment or reach me via Twitter or email!