Geminare Blog

Wednesday, Jul 28, 2010

HPC in the Cloud – Guest Blog: “Digital Breadcrumbs: Audit Trails in the Cloud”



July 28th 2010, Toronto, ON - Guest Blog by Joshua Geist, CEO Geminare

To view the original article, click here

Data verification, audit trails, e-discovery, and compliance officers are all terms very familiar to the enterprise  market, and the larger the organization, the more focus there is on ensuring a fully compliant computing environment.   The end game is always the same – ensuring a company that can withstand any kind of public or private scrutiny, and a business that that delivers strong ROI for its stakeholders.

Most enterprises are required to maintain strict data retention policies for up to 7 years and often beyond.  Still, large companies are not the only ones that are subject to regulation or compliance requirements. Their smaller mid-market counterparts are just as likely to be subjected to strict guidelines and scrutiny when it comes to their backed up and archived data. 

Typically, mid-sized and enterprise organizations can easily prove data integrity and assurance to a compliance officer, auditor or stakeholder, because they can show where their data physically resides and who has direct access to it. The ability to walk an auditor into the server room, show the rack that holds the server drives that holds the organizations data and the “who has access” list has for years been the standard practice for a data audit trail. 
Now, however, with the emergence of the public cloud, the world of data assurance has dramatically changed.  For example, if an organization were to archive its data to Amazon’s S3 cloud and a year from now needed to provide an audit list, they would find themselves in a precarious situation.  The company couldn’t simply knock on Amazon’s door and ask to see who accessed its data during the last 3 years.   public clouds weren’t  designed for that. They are built to provide easy access to lots of data (securely of course) through multiple tools and points. 

The ability to audit, or audit ability, is critical and is lacking in the public cloud.

There are 3 key areas that an enterprise needs to assess when they look at utilizing the public cloud to store their data:

  1. Regulatory compliance and the ability to audit their data
  2. Vendor Lock-in
  3. Information control and access

Regulatory compliance and the ability to audit data

Storage and cloud companies are starting to take this matter seriously as they realize that simple data warehousing is not the solution.  The realization is setting in that digital breadcrumbs, and file and session tagging will become the key to enterprises confidently adopting available cloud technologies.  Look for solutions from companies focusing on this space to emerge in 2010, and as they do so, the landscape for data storage assurance will change dramatically. 

Businesses will then flock to the cloud knowing they can store their data in an auditable and compliant manner, and can rest assured that any e-discovery requirements or compliance tests  they encounter can be easily accommodated with confirmed receipt of when the data was stored, by whom and that it has not been touched since the date it was archived.  

Vendor lock-in

Vendor lock-in is always a big challenge for the enterprise and something that always needs to be considered when faced with a purchase decision.  Past situations where companies where forced to pay for years for upgrades and updates to a vendor’s proprietary software is often top of mind of many CIOs and CFOs.  In today’s world with so many choices and a constantly and rapidly changing technology landscape, companies should strive to ensure that they don’t get locked into one particular vendor, particularly when it comes to anything cloud.   Put simply, CIO’s need to ensure that they can easily migrate their data to their vendor of choice, when they want, under terms that are never punitive.  And those operating in the cloud industry and serving the mid and enterprise markets need to be able to provide portability of their stored data from one cloud to another should the customer want this. 

Information control and access

Information control and access have always been requirements within the enterprise network, and most vendors have provided for rich feature sets and capabilities within their data and document management tools.  With single admin access and no advanced capability to tier access to the data, cloud providers are going to need to step up in a similar way if Enterprises are to adopt Cloud storage solutions.  The alternative is for cloud and storage vendors to take this responsibility on themselves and build out their own access management tools that tie into the public clouds.  Look as well to recent industry announcements for advances in the control and access space and for solutions that allow the enterprise to garner the control they need and are accustomed to.

22nd  - De-risking your DR
27th  - DRaaS becomes mainstream and looks to OpenStack and hybrid deployments for growth
5th  - Nobody Ever Got Fired For Buying … Based on Gartner Magic Quadrants
11th  - We welcome Google and the next evolutionary step in DRaaS
18th  - Microsoft Acquisition Signals Dawn of a New Era for RaaS
3rd  - RaaS, say hello to the Public Cloud
20th  - Recovery as a Service—Earning its Very Own Gartner Magic Quadrant in Only 4 Short Years
3rd  - The Disappearing Data Center
16th  - Lessons from the NFL – The RaaS Opportunity
13th  - The RaaS Secret Sauce: The Channel
23rd  - CA Throws Down The Gauntlet. Has the race for Cloud Data Protection supremacy already been won?
11th  - RaaS – from Evolution to Revolution
16th  - Storage Wars…starring every cloud services provider on the planet
11th  - HPC in the Cloud – Guest Blog: “Telecom Sector Embraces the Cloud”
3rd  - Today’s Forecast for the Telecom Sector: Clouds, Clouds and More Clouds
27th  - The CEO’s (Unused) Secret Weapon
31st  - The Race to Zero. My Cloud Prediction for 2011
30th  - When Brrr…becomes Grrrr!
24th  - Ten gifts from the Cloud this Holiday Season - with a money-back (ROI) guarantee.
7th  - The Tipping Point – or how the Cloud is about to go “main-stream”
20th  - Lessons from History…or how emerging technology can destroy a thriving business – if you let it.
14th  - Today’s Forecast: Lots of Cloud - With 90% probability of Enterprise Engagement
13th  - HPC in the Cloud – Guest Blog: “The Cloud Flattens Technology Landscape…Should Enterprise Worry?”
7th  - Cloud Invaders
25th  - Telcos embrace the Cloud. Next Stop – Mainstream
23rd  - The next-generation data center … aka The Cloud.
16th  - Navigating the Digital Haystack
3rd  - Get your head OUT of the cloud
28th  - HPC in the Cloud – Guest Blog: “Digital Breadcrumbs: Audit Trails in the Cloud”
19th  - The day the cloud went dark
12th  - Get your head INTO the cloud
27th  - HPC in the Cloud – Guest Blog: “What Recovery as a Service (RaaS) Means for Enterprise”
20th  - The Birth of RaaS or Recovery as a Service