These days, its tough to ignore the ever-present coverage of security breaches and identity theft in the news. In this podcast, storage security expert Kevin Beaver offers practical answers to the most common security questions he hears from storage pros today.
Download the Storage Security FAQ podcast.
Kevin is a frequent contributor to SearchStorage.com, check out some of his recent storage security tips below.
Elsewhere on the internerd, you might want to check out this recent webcast on storage security by Jon Toigo.
Then, go lock the doors and windows.
The Burton Group put out a press release this week warning of some “gotchas” with Google’s software as a service (SaaS). Storage Soup caught up with Burton Group enterprise search and records management analyst Guy Creese today to chat about his take on Google Apps Premier Edition. (GAPE offers, among other things, 10 GB email inboxes, which we covered over on the news page a few weeks ago).
Storage Soup: So. Let’s talk Google. Are the issues with software as a service in general or Google specifically?
Creese: There are not too many generic gotchas for software as a service. In other words, in four to five years where that’s been available, I think a lot of companies have gone from being slightly nervous about it to realizing it’s a valid form of service delivery. You look at for example Salesforce.com and its imitators as well as the Web analytics vendors, and there are a lot of large corporations using software as a service. So from my point of view it’s less of a generic issue with software as a service and more whether this specific [Google] application is appropriate for that [market]. [GAPE] is sort of a “ready, fire, aim” thing from a product point of view.
Storage Soup: How so?
Creese: Well, for example, a lot of the offerings in Google Apps Premier Edition are still pretty rudimentary. There’s apparently a limit on sending out emails to more than 500 people in a day, so if you do that, then your account gets temporarily suspended. A lot of this behavior is really because of the way Google has done it which is basically to take Web apps and move them over to the enterprise division. I think that’s a holdover from worries about spam, whereas typically in an enterprise you don’t worry about that with employees. The workaround that Google recommends for that, if, let’s say, you’re sending out an email to 10,000 employees once a month, is to just set up separate accounts and then you can send out 500 per account. Which I think is not quite appropriate [for the enterprise.] At the moment there’s no distribution lists, and nothing comparable to PowerPoint in terms of presentation capability, although I’m sure they’re working on that.
Storage Soup: What about records management?
Creese: They do offer email archiving via a partner, Postini. But there’s silence–I’ve asked and never received an answer–on archiving for documents and spreadsheets. So that’s a bit of a worry, because you’re thinking, okay, two years from now the SEC calls me up, and says hey, what about this? And so then let’s assume everybody’s filed tons of documents, although you may be able to get at the documents, part of electronic discovery is only giving over the pertinent ones and not handing over everything. So you can do search, but it’s not always that great. You’re kind of stuck, because Google has your documents, but there’s no possibility of Google sending a really huge file transfer so you can then take those documents and use whatever electronic discovery software you want on them. They haven’t really thought about that.
Now, to be fair, this seems to be a blind spot with a lot of software as a service applications. The emphasis has been on a service that’s quick to put up and easy to maintain and so on, but for a short while there has been a lot of legacy thinking. When I talk to software as a service companies, one of my stumper questions is often, “So how do you handle records management?” And there’s often a long silence.
Storage Soup: What about concerns about privacy and security?
Creese: In the security spectrum of things, for me a higher concern is still the records management part as opposed to the intrusion part. They do this day in and day out and have dogs and armed guards and all kinds of stuff. Salesforce.com for example certainly has corporate information that’s pretty valuable to people, and companies who’ve gotten used to the idea that Salesforce is their agent and it’s not going to march out and sell their information. From an intrusion point of view, I certainly haven’t heard people worry about that.
Storage Soup: Anything else that’s related to storage that you feel is important to bring up with software as a service?
Creese: These companies will eventually get to the point where they can’t save everything. Even with storage prices dropping, as more and more corporations put their data into software as a service there’s going to be a tipping point coming, where either it starts to become expensive to save everything for the service and the service therefore raises its rates, or it’s just too difficult to find what’s there. It’s sort of like having an 8 million volume university library and no card catalog. The information is there but it’s as if it weren’t there because it’s not retrievable. I just think it’s something that enterprises should ask about. When they host this in internal software, they worry about that.
Storage Soup: But doesn’t their search engine answer that concern? Wouldn’t that be Google’s answer?
Creese: Yes, but it’s keyword search, so ultimately you run into the problem of what if you didn’t use the same term to describe the same thing? That’s what often comes up in electronic discovery, where somebody calls something one thing and someone else in the business calls it something else, and you sit there racking your brain trying to think of all the different ways somebody could refer to something. There are search engines that are much more concept-based, so for example if you have a physician saying “myocardial infarction” and a lay person saying “heart attack”, that those are viewed as documents of the same thing, even though the keywords are completely different.
The good news is that with Google getting into this, they’re going to be putting tons of resources into it, and the service will improve by leaps and bounds every month. But at the moment I would say it’s still a work in progress.
TeraCloud has introduced a pay-as-you-go pricing model for its SRM software that includes the ability to run at least one level of the package for free–indefinitely.
TSF Express, newly introduced as part of this program, in an SRM tool compatible with Solaris, Linux, Windows and AIX. TSF Express provides daily collection of adhoc reporting capabilities through a Java interface.
Users interested in running TSF Express can go to the website and download a free trial for 90 days without entering any information. If they want to keep using the software, registration is required, but a free year-long license is available with that registration; if in a year’s time the user still wants to run the software, they have to register again, but there is still no charge.
The Express version of TSF includes the ability to gather host-level storage metrics including how many drives and volumes are assigned to a host, how many files directories and domains, including the ability to drill down within individual hosts as well as summary reports. TSF Express can only provide historical information for up to 3 days.
TSF Express can be converted directly, with another set of software licensing keys, to TSF Light, which costs $395 per month for up to 20 terabytes of managed storage and more detailed reporting. “And if you don’t use it,” said Teracloud CEO Gary Tidd, “You don’t pay for it.”
TSF Lite includes longer historical reporting, launch actions, which allow users to create scripts to manipulate the environment based on the SRM tool’s findings, the ability to group servers by application, trending analysis and a topology viewer. Both pieces of software require host agents.
The products will be available through the company’s Web site at www.teracloud.com as of tomorrow. This is Teracloud’s second attempt to reinvent itself as an open-systems storage company, after 12 years specializing in mainframe before its first attempt at repositioning in 2000. The company was brought back into “stealth mode” to develop this latest product in 2003.
Our story on Google’s storage assistance to academic and research institutions focused on the Archimedes Palimpsest, but this article in Wired has some interesting further info on the Hubble telescope project, which was also mentioned but not interviewed for our piece.
How do you get 120 terabytes of data — the equivalent of 123,000 iPod shuffles (roughly 30 million songs) — from A to B? For the most part, the old-fashioned way: via a sneakernet. It’s not glamorous, but Google engineers hope to at least end the arduous process of transferring massive quantities of data — which can literally take weeks to upload onto the internet — with something affectionately called “FedExNet” by the scientists who use it…The near totality of all the astronomical data and images that Hubble has ever collected [is] about 120 terabytes.
Do also check out the glamour shot of Google’s open source program manager Chris DiBona posted with the article–we reckon we’ve never seen such a creative executive headshot.
In this hilarious post over at StorageMojo.com, an EMC lawyer issues a “cease and desist” order over the recent publication on the site of an EMC price list, calling it a “trade secret.” He uses some ominous language indeed in his missive, which is reprinted in full by StorageMojo blogger Robin Harris.
Now that you know the facts of the matter I expect an email from you confirming that you have examined the links and documents provided above and that you now understand that EMC’s price list is not a trade secret, despite what you were led to believe by the person who referred StorageMojo.com to you.
Also, you might want to consult with EMC’s public relations and analyst relations groups as to the advisability of continuing to press confidentiality claims against StorageMojo. The internet community – StorageMojo.com had over 100,000 visitors last month – does not take kindly to attempts to limit the free flow of information and First Amendment rights.
We have to say we also got a chuckle out of the Obi-Wan Kenobi reference.
The Alaskan Department of Revenue has just learned the hard way that your backups are only as good as your restores.
A report by AP that was picked up Woonsocket Call, a local paper in Rhode Island, says the department wiped out a disk drive containing information on an account worth $38 billion. But worse still, when it turned to the backup tapes to recover the data, it was unreadable.
P.S: Not every backup issue can be avoided but there are resources to help. Here’s one if you have time: a free seminar that’s coming to a city near you this year.
Jonathan Schwartz has an interesting post up right now that calculates the relative transfer power of Internet networks vs. a sailboat. The sailboat wins.
“Now you understand why tape based storage has such a lasting appeal to so many enterprises recording, compiling, transporting or just plain archiving, very large quantities of data. From video surveillance to trading data. Standard tapes are 500GB each (currently), and fit nicely into cardboard boxes with overnight express labels[…]tape isn’t perfect for a lot of applications (near line storage, eg) – but it plays a prominent role in some remarkably cutting edge high performance computing applications, along with social networking and content aggregation sites (who think nothing of gathering terabytes of data every day) – tape archive isn’t just for banks or telcos running mainframes (although we’re good there, too).”
Er…we’re thinking maybe ixnay on the “cardboard box with overnight express labels” part, but Sun incidentally has at least one large customer announced to back this up.
Meanwhile, Schwartz’s commenters also raise some good counterpoints on the post. One supporting commenter also linked to an article about Jim Gray, founder of the Terraserver project and perhaps the biggest proponent of station-wagon data migration. Unless, of course, it’s Google, which is also biting the bandwidth bullet for some users in heavy-duty academic research.
Seagate is finally shipping its self-encrypting laptop drive, the Momentus 5400 FDE.2. We first covered the plans around these drives in July 2005, and covered it again last October, when Seagate’s big SNW announcement was that Momentus would ship…in another few months.
Now, just two weeks under the wire of its promised ship date in first quarter 07, we finally have Momentus.
We’ve asked what’s taken so long, but Seagate isn’t talking.
Way back in 2005, when stegasauruses wandered the Earth, HP had yet to pretext and hundreds of fresh data breaches had yet to be reported around the world, Seagate told us they were working on bringing encryption to enterprise drives:
“We feel we have developed a technology that could be applied broadly,” said Mark Pastor, strategic marketing director for Seagate. “We see a lot of resonance in the enterprise space, because there’s a lot of confidential data out there at the enterprise level. This is a good and efficient way of accomplishing the task of encrypting data on drives.”
“You will see FDE [Full Disc Encryption] and other security capabilities and others on enterprise and other products from Seagate, across the spectrum,” according [Seagate’s executive director of global product marketing Henry] Fabian.
There’s still no sign of anything resembling an enterprise drive-level product, and after the wait for Momentus, we aren’t holding our breath.
An Amazon spokesperson sent us this email in response to our story, Users rethink Amazon S3 after performance issues:
“If you call this story balanced, then I was misled by your reporter. She only reported on companies with a negative experience that was only “balanced” by a response from Amazon to this one type of experience. If you want to balance the story, then she should write the second half of the story covering companies with positive experiences.”
Finding the ideal balance on each and every story, at short notice, is always a challenge. We called both users that Amazon provided. One was SmugMug.com, quoted in the story. The second was Jungle Disk. This company has still not returned our calls or emails. We found a third user, Mochi Media, quoted in the story. These responses, plus Amazon’s reply…
“We’ve had a few problems over the past year and each time we learned something and instituted a new process or safeguard to prevent the problem from happening in the future.”
…was the story we were able to write under the time constraints of daily news.
But should we be aiming for a perfect balance anyway? Yes and no. News is a snapshot in time of what has happened over the last 24 hours. To us, the important part is that over time, possibly over several stories, we have an accurate reflection of what Amazon S3 users think. We have requested more S3 customers to talk with, and look forward to hearing their experiences…
Silicon Valley Watcher and its commenters have an interesting reaction to IDC’s report yesterday (commissioned by EMC) that we’re generating more data than we can store.
SVW blogger Tom Foremski writes:
How is it that we would be able to generate almost 1 zettabyte of data in the first place–without having a place to store it…?
Surely, if we can generate it, we are able to store it, because data comes to us from data storage systems…
Is IDC talking about data that we might like to store but we won’t be able to store?
Then that figure is meaningless, because there is no end of data we might want to capture and store in the future. And there is no end of these type of useless market research forecasts, imho.
Commenter Roger Bohn adds:
The IDC conclusion that “we will produce more data than we can store” is poorly explained in their report. What they mean is that the ANNUAL data production will be greater than the CUMULATIVE storage. Not a big deal: much data is stored only for days to months, if at all. Example: email, surveilance videos, Bittorrent downloads. So, there is no inherent reason why the two numbers should be directly comparable.
Meanwhile, EMC blogger Chuck Hollis says this validates his previous theory of a digital “big bang”…Hollis and EMC have an obvious vested interest here, but what we find most interesting is Hollis’s discussion of the issue of “who owns information”, as well as long-term archiving.
Speaking of who owns information, it’s not directly storage-related, but anytime Microsoft starts doing battle with Google, you just have to make some popcorn and sit back to watch…