A Hybrid Approach

Storage Management
A Hybrid Approach
Putting public data in a public cloud, while retaining confidential and sensitive data in private clouds, will help federal agencies reap benefits while minimizing risk

By Cara Garretson

To help federal agencies take advantage of the benefits that cloud storage offers while also minimizing risk, vendors and observers say that a hybrid approach to putting data in the cloud may be the best bet.

For security and compliance reasons, the federal government’s move to cloud storage will likely occur first with private clouds - those built to be housed internally, established by other agencies that rent out space, or designed by government contractors who develop hosting strategies exclusively for agency clients, says Shawn McCarthy, research director with IDC Government Insights. For example, a number of cloud service providers including Terremark and Quest are marketing to government customers cloud services based on infrastructures shared only by other agencies that adhere to numerous government standards. These models take advantage of the economies offered by shared architectures, but remain physically separate to address concerns of privacy and security.

For data that is already publically available, however, storing it in a public cloud can make sense for federal agencies.

“The initial cloud push will probably be in the private cloud or internal cloud,” says Dale Wickizer, CTO of storage vendor NetApp’s U.S. Public Sector division. “But for data that is public anyway, some agencies will put it on a public cloud. That’s where it makes sense for some federal agencies, if the data is low risk, who cares where it ends up?”

Easing Storage Management
This hybrid approach to storage raises the question of whether placing non-sensitive information in a public cloud, but keeping sensitive information stored on site, makes storage management easier or more difficult. For information stored on the public cloud, administration of that stored data is minimal, since it would be the cloud service provider running through back-up and recovery functions.

However, the department using that cloud service provider now needs to consider managing its service-level agreement with the cloud provider, says NetApp’s Wickizer, which is something to consider.

In general, putting at least some data in the cloud should simplify storage management.

“In some cases, I think the answer can be ‘less difficult,’” says Tim Grance, program manager of Cyber and Network Security at the National Institute of Standards and Technology. “If we assume that an organization can readily determine which data files are for public consumption and which are not, then the organization can allocate a storage location on a cloud provider, and upload the objects to that location. In principle, the organization would not then need to keep public-facing servers around since the objects could be directly accessed by the public, or, if the organization wants a Web-oriented view, the organization could run a simple Web server in the same cloud provider that just makes it click-easy to find and download the objects for the public.”

However, this would become a big management issue if the cloud provider’s service failed, particularly if the organization can’t tolerate downtime, says Grance.

To make sense of all the attention cloud storage is getting these days, Grance says organizations should focus on the business case at hand, and whether the benefits of the cloud model line-up with mission goals.

“Cloud can deliver … agility, due to maintaining, buying, and operating so much infrastructure at capacity levels, renewed focus on core mission functions, and cost savings,” Grance says. “In large part that should drive us to efficiently address concerns in areas such as security, interoperability, and portability.”