The sky’s the limit! What an incredibly relevant platitude when it comes to cloud storage. One of the primary advantages of migrating to the cloud is the seemingly infinite amount of available storage. In the past, additional storage was only an option if you wanted to add on infrastructure. With cloud storage, you simply tack it on, and the changes are reflected on your bill. But, knowing your cloud storage choices and security options upfront can eliminate changes and frustrations down the road.

Continue Reading Below You may also be interested in...
What is Cloud Computing?

What is Cloud Computing?

The cloud is not one thing, but rather a term that describes a computing model consisting of many parts. Find out more about what cloud computing really means.
A Cloud Networking Quick-Start Guide: Around the Network in 8 Stops

A Cloud Networking Quick-Start Guide: Around the Network in 8 Stops

Learn the basics of how to set up a cloud network with CompTIA’s quick-start guide.
Where to Park Your Data: A Roadmap for Cloud Storage Requirements

Where to Park Your Data: A Roadmap for Cloud Storage Requirements

Learn 5 requirements for setting up a fast cloud storage platform from CompTIA.
 

Looking to the Cloud: Cloud Storage Types

Cloud service providers offer many types of cloud storage. Here’s a run-down of some of the most popular.

Cloud Storage TypePurpose
Object storage
(also known as blob storage)		Provides cloud storage for unstructured binary data, such as images, video, audio, documents and more. Enables capabilities not available in other cloud storage
File storageEnables file sharing between end users over a common connection, such as Dropbox
Table storagePrimarily used for big data applications, utilizes NoSQL table storage
Queue storageAllows for reliable asynchronous messaging between cloud components, used as storage for app messages waiting to be delivered
High-performance storageProvides low latency and high-throughput storage, often used for virtual machines (VM) hosting database or enterprise-level apps

Check out this article for the scoop on cloud networking.

 
 

Clamping Down on Cloud Storage Compression Technologies

With so much data rolling around in the cloud, storage compression is used to reduce the consumption of hard disk space and network bandwidth, while enabling technologies for rich media and multimedia applications.

Cloud service providers make use of these compression technologies to enable more room for cloud storage:

  • File Compression: Compresses files as they are written to disk to reduce file size. Ideal for files that you only access infrequently.
  • Storage Array Compression: Compression implemented at the block level below the file system.
  • Backup Storage Compression: Compression that occurs at the data path level where data is sent for storage in tape libraries. Provides good compression ratios and doesn’t usually slow performance.
 
 

Making Room for More Cloud Storage with Data Deduplication

Data deduplication reduces the amount of cloud storage needed for data. The process compares objects and removes copies that already exist in the data set.

An illustration of local files being funneled to cloud storage with data deduplication.

Data deduplication has four steps:

  1. Segment data into block or some other portion.
  2. Create a hash for each block.
  3. Compare these to existing hashes to determine if any duplicates exist in a different block.
  4. Add a pointer to the existing object in place of the duplicate data. These segments are indexed to ensure only one instance of each data segment is stored.

The advantage of deduplication for cloud service providers is that customers use less hardware and fewer network resources.

The advantages of deduplication for cloud users is that they pay for less and receive improved performance.

 
 

The Skinny on Cloud Storage Tiers

High-performance cloud storage is only needed for frequently accessed data. This is where cloud storage tiers come into play. Tiered cloud storage assigns different categories of data to various types of media to reduce the total cost. These tiers are determined by performance and the cost of media.

Common Cloud Storage TierWhat It’s Used For
Hot storageHigh performance used for frequently accessed data.
Warm storageMid-level performance used for data that only needs to be accessed few times each month.
Cold storageLow performance used for archiving data.
 
 

Finding Your Cloud: Choosing a Cloud Storage Option

Use these guidelines to help you select the right cloud storage option:

  • Choose a cloud storage option that best fits each scenario or application.
  • Examine your data and assess your access needs to determine which cloud storage tier is appropriate.
  • Evaluate the impact any compression technologies have on your performance and select those that allow for the least impact.
  • Investigate deduplication options during database implementation to reduce cloud storage needs and improve performance.
  • Consult with your cloud service provider to determine which cloud storage package is appropriate for your apps and services.

After you select your cloud storage option, it’s time to evaluate what kind of data access protocol will work best for your needs.

 
 

Prepping for Protocols: Cloud Storage Access Protocols

Take a look at the most commonly used cloud storage access protocols.

Cloud Storage Access ProtocolDescription
Small Computer System Interface (SCSI)Widely used block-level access method providing direct access to the disk blocks without the need for a file system running on top of them. Also encapsulated into other cloud storage access protocols to help consolidate resources.
Fibre Channel (FC)High-speed, low-latency protocol that extends functionality of SCSI inside fibre channel frames. Typically implemented over fiber-optic links to provide longer connection distances and consolidated storage.
Internet/IP Small Computer System Interface (iSCSI)Access protocol that uses SCSI data and commands inside IP packets to transfer data across existing IP infrastructures which lowers costs. Problematic protocol and is not widely used in cloud storage or other data centers.
Fibre Channel Over Ethernet (FCoE)Protocol that moves native fibre channel frames across consolidated Ethernet networks to consolidate fibre channel workloads on shared 10GE networks.
Common Internet File System (CIFS)Shared cloud storage protocol used by Microsoft. Based on small message block (SMB).
Network File System (NFS)File-based cloud storage protocol. Traditionally used by VMWare and in Linux and Unix environments.
HTTTP and othersHTTP-based cloud storage and other related protocols are being used to accommodate enterprise level users all needing large amount of storage. Offers increased scalability.
 
 

More Cloud or Less Cloud? Managing Your Cloud Storage Needs

Storage needs are constantly increasing, but often the budget doesn’t grow at the same rate. This is why organizations often investigate storage management technologies and processes that can help organizations make more of their cloud storage without additional costs.

Here are ways you can manage your cloud storage:

  • Virtualization
  • Replication
  • Redundant array of independent disks (RAID) and mirroring
  • Security
  • Compression
  • Traffic analysis
  • Process automation
  • Storage provisioning
  • Data movement between cloud storage tiers
 
 

How Fluffy Is Your Cloud? Cloud Storage Provisioning Models

A diagram showing cloud storage with fat provisioning, where there are some files and a lot of extra space, and one with thin provisioning, where the files fill up the cloud, but the user has the potential to expand the capacity of cloud storage when needed.

Cloud storage provisioning models include fat provisioning and thin provisioning.

Here are ways you can manage your cloud storage:

  • Fat Provisioning: Storage provisioning model where space is allocated beyond current needs to allow for anticipated growth. Large amounts of space are paid for but may never be used.
  • Thin Provisioning: New storage provisioning model which aims to optimize storage management to reduce costs. Also allows for monitoring to provision for additional storage when capacity reaches a specified threshold.
 
 

Sussing Out Security Options for Your Cloud Storage

With the implementation of data protection laws and regulations, it’s essential to keep your cloud storage secure.

Cloud Storage Encryption: How to Encrypt 3 Types of Data

Cloud storage encryption is a security option that is becoming increasingly popular. Encryption and decryption are used on backups and archived data as part of a defense-in-depth strategy.

An Illustration showing examples of data at rest, data in transit and data in use in the cloud.

Take a look at the different types of data and how security needs vary for each one.

  • Data at Rest: Data at rest refers to any information you have in cloud storage or saved to a storage medium. Encryption methods for at rest data include:
    • PGP Whole Disk Encryption
    • Microsoft Windows BitLocker disk encryption
    • macOS FileVault
    • Database encryption
    • VeraCrypt
  • Data in Transit: Data in transit is any information moving through a network. This includes data for web applications, mobile device apps and instant messaging. Data is considered in transit until it is delivered to its destination. Data in transit encryption methods include:
    • HTTPS/Secure Sockets Layer/Transport Layer Security (SSL/TLS)
    • Wi-Fi Protected Access 2 (WPA2)
    • Virtual private networks (VPN)
    • Internet Protocol Security (IPSec)
    • Secure Shell (SSH)
  • Data in Use: Data in use refers to any information that is not included in the above categories. This includes data that is being generated, modified, erased or viewed at one network node. Security for data in use is especially problematic. At most, you can expect to mitigate risks with these methods:
    • Using full disk encryption to protect the swap space
    • Hardening the operating system (OS)
    • Installing web proxy at the network border

Your Token, Please: Tokenization of Cloud Storage Data

Tokenization is another cloud storage security feature that replaces sensitive information with a placeholder (or token) that has no meaning in the context of the accompanying data. The system assigns the token and allows for it be matched to the sensitive info.

When implemented correctly as part of a defense-in-depth defense approach, tokenization is incredibly secure because the token cannot be matched to the information outside of the tokenization system.

Tokenization is such a secure process, it’s often used to protect personally identifiable information (PII) such as credit card processing information, banking records and transactions, medical records and voter registrations.

 
 

Access Success: Using Access Control Lists for Your Cloud Storage

File- and folder-level permissions are used to restrict cloud storage access to certain users. On an enterprise level, it’s impossible to manage millions of files. Access control lists (ACLs) allow you to put restrictions in place as media access control (MAC).

Cloud Storage Confusion: Data Obfuscation

Data obfuscation (DO) is a feature that masks sensitive information making it appear confusing. Also known as data scrambling and privacy preservation, DO can be done in the following ways:

  • Substitution: Places another authentic-looking value in place of the existing value
  • Shuffling: Moves the data around, taking it from the column being masked
  • Number and Date Variance: Varies dates and numbers by a particular percentage
  • Nulling Out or Deletion: Assigns a null value to certain fields to mask visibility
  • Masking: Scrambles or masks particular fields

DO isn’t used to secure data in cloud storage, but usually is applied to mask sensitive information in a dataset so it can be used for testing purposes.

A Cloud Barrier: Zoning

Zoning is used to restrict access to portions of the storage area network (SAN). This security measure is implemented as part of a defense-in-depth approach to reduce the risk of data corruption by breach.

Also known as Logical Unit Number (LUN), zoning prohibits access and bandwidth through port assignments for each zone. Zoning comes in two types:

  • Hard Zoning: Devices are assigned a permanent zone.
  • Soft Zoning: Devices can be re-assigned by administrators when necessary.

The Cloud Storage VIP Pass: User and Host Authentication and Authorization

Consistent host and user authentication is one of the best ways to secure data. In this scenario, no host or user can access data in your cloud storage unless the log in with correct and current information. If you plan to implement this security measure, make sure you have proper account management policies in place.

Practice Makes Perfect: Best Practices for Selecting Cloud Storage Security Options

Use these best practices to help determine what kind of security you need for your cloud storage:

  • Use a well-managed authentication process for hosts and servers with strong policies to govern management.
  • Identify methods for securing data at rest, in transit and in use.
  • Implement DO techniques to secure any PII in testing data.
  • Use zoning on SANs to protect data in highly secure environments.
 
 
Practice makes perfect: best practices for selecting cloud storage security options

Be a Cloud Connoisseur with CompTIA Cloud+

Looking to show off your cloud expertise? Check out the vendor-neutral CompTIA Cloud+ IT certification. CompTIA Cloud+ validates the skills you need to configure, optimize and manage your cloud storage needs.

This IT certification covers topics such as configuring and deploying cloud solutions and maintaining, managing and troubleshooting a secure cloud computing environment. CompTIA Cloud+ training can help you get the knowledge you need for a successful career in cloud computing. Download the CompTIA Cloud+ exam objectives to see what’s on the exam, and purchase The Official Study Guide for CompTIA Cloud+ to begin your training.

 

Read more about Cloud Computing.