What is Cloud Computing?
The cloud is not one thing, but rather a term that describes a computing model consisting of many parts. Find out more about what cloud computing really means.
The sky’s the limit! What an incredibly relevant platitude when it comes to cloud storage. One of the primary advantages of migrating to the cloud is the seemingly infinite amount of available storage. In the past, additional storage was only an option if you wanted to add on infrastructure. With cloud storage, you simply tack it on, and the changes are reflected on your bill. But, knowing your cloud storage choices and security options upfront can eliminate changes and frustrations down the road.
Continue Reading Below
You may also be interested in...
A Cloud Networking Quick-Start Guide: Around the Network in 8 Stops
Learn the basics of how to set up a cloud network with CompTIA’s quick-start guide.
Where to Park Your Data: A Roadmap for Cloud Storage Requirements
Learn 5 requirements for setting up a fast cloud storage platform from CompTIA.
Looking to the Cloud: Cloud Storage Types
Cloud service providers offer many types of cloud storage. Here’s a run-down of some of the most popular.
| Cloud Storage Type | Purpose |
|---|---|
| Object storage (also known as blob storage) | Provides cloud storage for unstructured binary data, such as images, video, audio, documents and more. Enables capabilities not available in other cloud storage |
| File storage | Enables file sharing between end users over a common connection, such as Dropbox |
| Table storage | Primarily used for big data applications, utilizes NoSQL table storage |
| Queue storage | Allows for reliable asynchronous messaging between cloud components, used as storage for app messages waiting to be delivered |
| High-performance storage | Provides low latency and high-throughput storage, often used for virtual machines (VM) hosting database or enterprise-level apps |
Check out this article for the scoop on cloud networking.
Clamping Down on Cloud Storage Compression Technologies
With so much data rolling around in the cloud, storage compression is used to reduce the consumption of hard disk space and network bandwidth, while enabling technologies for rich media and multimedia applications.
Cloud service providers make use of these compression technologies to enable more room for cloud storage:
- File Compression: Compresses files as they are written to disk to reduce file size. Ideal for files that you only access infrequently.
- Storage Array Compression: Compression implemented at the block level below the file system.
- Backup Storage Compression: Compression that occurs at the data path level where data is sent for storage in tape libraries. Provides good compression ratios and doesn’t usually slow performance.
Making Room for More Cloud Storage with Data Deduplication
Data deduplication reduces the amount of cloud storage needed for data. The process compares objects and removes copies that already exist in the data set.
Data deduplication has four steps:
- Segment data into block or some other portion.
- Create a hash for each block.
- Compare these to existing hashes to determine if any duplicates exist in a different block.
- Add a pointer to the existing object in place of the duplicate data. These segments are indexed to ensure only one instance of each data segment is stored.
The advantage of deduplication for cloud service providers is that customers use less hardware and fewer network resources.
The advantages of deduplication for cloud users is that they pay for less and receive improved performance.
The Skinny on Cloud Storage Tiers
High-performance cloud storage is only needed for frequently accessed data. This is where cloud storage tiers come into play. Tiered cloud storage assigns different categories of data to various types of media to reduce the total cost. These tiers are determined by performance and the cost of media.
| Common Cloud Storage Tier | What It’s Used For |
|---|---|
| Hot storage | High performance used for frequently accessed data. |
| Warm storage | Mid-level performance used for data that only needs to be accessed few times each month. |
| Cold storage | Low performance used for archiving data. |
Finding Your Cloud: Choosing a Cloud Storage Option
Use these guidelines to help you select the right cloud storage option:
- Choose a cloud storage option that best fits each scenario or application.
- Examine your data and assess your access needs to determine which cloud storage tier is appropriate.
- Evaluate the impact any compression technologies have on your performance and select those that allow for the least impact.
- Investigate deduplication options during database implementation to reduce cloud storage needs and improve performance.
- Consult with your cloud service provider to determine which cloud storage package is appropriate for your apps and services.
After you select your cloud storage option, it’s time to evaluate what kind of data access protocol will work best for your needs.
Prepping for Protocols: Cloud Storage Access Protocols
Take a look at the most commonly used cloud storage access protocols.
| Cloud Storage Access Protocol | Description |
|---|---|
| Small Computer System Interface (SCSI) | Widely used block-level access method providing direct access to the disk blocks without the need for a file system running on top of them. Also encapsulated into other cloud storage access protocols to help consolidate resources. |
| Fibre Channel (FC) | High-speed, low-latency protocol that extends functionality of SCSI inside fibre channel frames. Typically implemented over fiber-optic links to provide longer connection distances and consolidated storage. |
| Internet/IP Small Computer System Interface (iSCSI) | Access protocol that uses SCSI data and commands inside IP packets to transfer data across existing IP infrastructures which lowers costs. Problematic protocol and is not widely used in cloud storage or other data centers. |
| Fibre Channel Over Ethernet (FCoE) | Protocol that moves native fibre channel frames across consolidated Ethernet networks to consolidate fibre channel workloads on shared 10GE networks. |
| Common Internet File System (CIFS) | Shared cloud storage protocol used by Microsoft. Based on small message block (SMB). |
| Network File System (NFS) | File-based cloud storage protocol. Traditionally used by VMWare and in Linux and Unix environments. |
| HTTTP and others | HTTP-based cloud storage and other related protocols are being used to accommodate enterprise level users all needing large amount of storage. Offers increased scalability. |
More Cloud or Less Cloud? Managing Your Cloud Storage Needs
Storage needs are constantly increasing, but often the budget doesn’t grow at the same rate. This is why organizations often investigate storage management technologies and processes that can help organizations make more of their cloud storage without additional costs.
Here are ways you can manage your cloud storage:
- Virtualization
- Replication
- Redundant array of independent disks (RAID) and mirroring
- Security
- Compression
- Traffic analysis
- Process automation
- Storage provisioning
- Data movement between cloud storage tiers
How Fluffy Is Your Cloud? Cloud Storage Provisioning Models
Cloud storage provisioning models include fat provisioning and thin provisioning.
Here are ways you can manage your cloud storage:
- Fat Provisioning: Storage provisioning model where space is allocated beyond current needs to allow for anticipated growth. Large amounts of space are paid for but may never be used.
- Thin Provisioning: New storage provisioning model which aims to optimize storage management to reduce costs. Also allows for monitoring to provision for additional storage when capacity reaches a specified threshold.
Sussing Out Security Options for Your Cloud Storage
With the implementation of data protection laws and regulations, it’s essential to keep your cloud storage secure.
Cloud Storage Encryption: How to Encrypt 3 Types of Data
Cloud storage encryption is a security option that is becoming increasingly popular. Encryption and decryption are used on backups and archived data as part of a defense-in-depth strategy.
Take a look at the different types of data and how security needs vary for each one.
- Data at Rest: Data at rest refers to any information you have in cloud storage or saved to a storage medium. Encryption methods for at rest data include:
- PGP Whole Disk Encryption
- Microsoft Windows BitLocker disk encryption
- macOS FileVault
- Database encryption
- VeraCrypt
- Data in Transit: Data in transit is any information moving through a network. This includes data for web applications, mobile device apps and instant messaging. Data is considered in transit until it is delivered to its destination. Data in transit encryption methods include:
- HTTPS/Secure Sockets Layer/Transport Layer Security (SSL/TLS)
- Wi-Fi Protected Access 2 (WPA2)
- Virtual private networks (VPN)
- Internet Protocol Security (IPSec)
- Secure Shell (SSH)
- Data in Use: Data in use refers to any information that is not included in the above categories. This includes data that is being generated, modified, erased or viewed at one network node. Security for data in use is especially problematic. At most, you can expect to mitigate risks with these methods:
- Using full disk encryption to protect the swap space
- Hardening the operating system (OS)
- Installing web proxy at the network border
Your Token, Please: Tokenization of Cloud Storage Data
Tokenization is another cloud storage security feature that replaces sensitive information with a placeholder (or token) that has no meaning in the context of the accompanying data. The system assigns the token and allows for it be matched to the sensitive info.
When implemented correctly as part of a defense-in-depth defense approach, tokenization is incredibly secure because the token cannot be matched to the information outside of the tokenization system.
Tokenization is such a secure process, it’s often used to protect personally identifiable information (PII) such as credit card processing information, banking records and transactions, medical records and voter registrations.
Access Success: Using Access Control Lists for Your Cloud Storage
File- and folder-level permissions are used to restrict cloud storage access to certain users. On an enterprise level, it’s impossible to manage millions of files. Access control lists (ACLs) allow you to put restrictions in place as media access control (MAC).
Cloud Storage Confusion: Data Obfuscation
Data obfuscation (DO) is a feature that masks sensitive information making it appear confusing. Also known as data scrambling and privacy preservation, DO can be done in the following ways:
- Substitution: Places another authentic-looking value in place of the existing value
- Shuffling: Moves the data around, taking it from the column being masked
- Number and Date Variance: Varies dates and numbers by a particular percentage
- Nulling Out or Deletion: Assigns a null value to certain fields to mask visibility
- Masking: Scrambles or masks particular fields
DO isn’t used to secure data in cloud storage, but usually is applied to mask sensitive information in a dataset so it can be used for testing purposes.
A Cloud Barrier: Zoning
Zoning is used to restrict access to portions of the storage area network (SAN). This security measure is implemented as part of a defense-in-depth approach to reduce the risk of data corruption by breach.
Also known as Logical Unit Number (LUN), zoning prohibits access and bandwidth through port assignments for each zone. Zoning comes in two types:
- Hard Zoning: Devices are assigned a permanent zone.
- Soft Zoning: Devices can be re-assigned by administrators when necessary.
The Cloud Storage VIP Pass: User and Host Authentication and Authorization
Consistent host and user authentication is one of the best ways to secure data. In this scenario, no host or user can access data in your cloud storage unless the log in with correct and current information. If you plan to implement this security measure, make sure you have proper account management policies in place.
Practice Makes Perfect: Best Practices for Selecting Cloud Storage Security Options
Use these best practices to help determine what kind of security you need for your cloud storage:
- Use a well-managed authentication process for hosts and servers with strong policies to govern management.
- Identify methods for securing data at rest, in transit and in use.
- Implement DO techniques to secure any PII in testing data.
- Use zoning on SANs to protect data in highly secure environments.
Be a Cloud Connoisseur with CompTIA Cloud+
Looking to show off your cloud expertise? Check out the vendor-neutral CompTIA Cloud+ IT certification. CompTIA Cloud+ validates the skills you need to configure, optimize and manage your cloud storage needs.
This IT certification covers topics such as configuring and deploying cloud solutions and maintaining, managing and troubleshooting a secure cloud computing environment. CompTIA Cloud+ training can help you get the knowledge you need for a successful career in cloud computing. Download the CompTIA Cloud+ exam objectives to see what’s on the exam, and purchase The Official Study Guide for CompTIA Cloud+ to begin your training.
Read more about Cloud Computing.