FAQ: Secure Cold Storage Migration
Q: What do you mean by “cold storage,” and why would anyone want to migrate it?
When we say “cold storage,” we’re referring to data that is stored on-prem and that is rarely, if ever, accessed. It’s often retained only for compliance or regulatory purposes. This is costly for data owners, who have to pay:
- Capital costs to purchase new hardware and upgrade to newer hardware.
- Operating costs include maintenance and support contracts, power and environmental controls, administrative overhead, etc.
Q: What are the pros and cons of on-prem cold storage?
On-prem cold storage is typically more costly than cloud storage, but it has historically allowed organizations to maintain more control over their data.
On-premises storage has higher overhead costs. This includes licensing, support, and maintenance fees as well as incidental energy and cooling costs. Factoring in the additional cost of the storage hardware and any replacements should that hardware go end-of-life, on-premises options are often significantly more expensive than cloud storage.
On-premises systems are also potentially vulnerable to a single point of failure, since all their data is stored in one physical location. Although there is often redundancy built into on-premises storage, customers will still lose access to their data if the whole location experiences an outage.
That said, on-premises storage allows organizations to retain control over their data, which makes it indispensable in some industries.
Q: What are the pros and cons of cloud cold storage?
Cloud storage offers ease of access, ease of maintenance, and reduced costs. But some CISOs and security teams don’t trust its vulnerabilities. Cloud storage providers (CSPs) maintain the underlying storage infrastructure, including servers, hardware, and software, so companies using the cloud usually see reduced personnel, equipment, and maintenance costs.
Exact storage costs vary by organization and by industry, but a 2016 Codilime report written for Fusion Alliance estimated that cloud storage is approximately 30% cheaper than on-premises storage. The downside of cloud storage is that third parties (CSPs) must be trusted with sensitive data. Because that data is no longer fully in the organization’s control, some companies are reluctant to migrate their on-premises cold storage to the cloud.
The shared responsibility model also means that data security responsibilities can vary slightly between providers. For instance, something that is the user’s responsibility to protect with one CSP might be the provider’s responsibility with another CSP. These differences can cause misunderstandings and gaps in protection, which can in turn lead to vulnerabilities for attackers to exploit.
Migrating cold data to the cloud requires customers to take proactive measures to protect their data — particularly when it is confidential or sensitive.
Q: If cloud storage is cheaper for cold data, why don't companies just migrate everything now?
The key word here is secure cold storage migration. Security is the primary roadblock that keeps organizations from making the move to the cloud. The cold data that we’re discussing is often owned by regulated industries and is very sensitive. Businesses would often rather eat the extra costs for the assurance that their data is safe within the walls of their datacenter than risk that data being stored in the cloud.
We are able to desensitize that data in the cloud in a simpler yet more robust way than encryption, so organizations are able to reduce costs while still protecting their critical data.
Q: What are the most common security challenges for cloud storage?
Misconfiguration and credential abuse are two top cloud security issues.
Common misconfigurations include insecure automated backups, excessive access rights, missing updates and patches, unrestricted inbound and outbound ports, default public access settings, and more. While CSPs are generally secure, any inadvertent gap or error may expose data to cyberthreats like security breaches, ransomware, malware, and more.
Credential abuse in the cloud happens when attackers use stolen credentials to gain unauthorized access to critical data. Credential abuse can cause significant damage, since attackers can use stolen credentials to delete accounts, create new virtual machines, install malware, and much more.
Q: How does microsharding provide secure cold storage migration?
Our patented microsharding solution, Microshard™ technology, desensitizes data for privacy and protection in the cloud. The process shreds data into tiny microshards and distributes them across multiple customer-owned storage locations in multi-cloud or hybrid-cloud environments. The outcome is that each location only contains an unintelligible fraction of a whole dataset.
Unlike encryption (which can be broken), microsharding renders data completely useless to unauthorized users — from attackers to cloud providers themselves. In the highly unlikely scenario that someone actually gains access to all the microshards from every storage location for a given data set, those microshards still aren’t enough to reconstruct the original data: We strip identifying metadata and add a configurable amount of poison data.
The result? Extremely strong, robust security for cold data in the cloud.
Our self-healing data neutralizes unauthorized access, tampering, deletion, and cyberattacks in the cloud. When unauthorized modifications are detected, we automatically and transparently reconstruct that data to its unaffected state. It’s like RAID-5 or RAID-50 for the cloud, depending on the configuration: When data in one location is damaged, we rebuild it using the data in the other locations.
Q: Does microsharding help with outages in the cloud?
Absolutely. We can’t prevent a CSP outage, but we can neutralize the effects of that outage by maintaining data availability.
Cloud provider outages may be brief but widespread, causing unavoidable downtime and interruptions to business continuity. ShardSecure’s self-healing data includes the ability to reconstruct Microshard data that becomes unavailable due to a cloud provider outage. It’s like RAID-5 or RAID-50 for the cloud, depending on the configuration, but the bottom line is that damaged data in one storage location can be rebuilt using the data in the other storage locations. This maintains data availability for users even during outages, attacks, and other disruptions.
Additionally, if one storage location becomes inaccessible due to an outage, user activity is seamlessly directed to an operational location.
Q: Do you migrate cold storage data for your customers?
No, but we work with data migration tech alliance partners like Komprise to provide a joint migration solution.
Here's how it works: One of our data migration partners will migrate your data, maintaining all user rights and privileges, and we will microshard it and distribute it to your customer-owned cloud storage. (Please see our FAQ on microsharding for more details on this process.)
You can then simply point your application to the new storage location — our API — after the migration is complete. Our API is S3-compatible, so no application modifications are needed for any application that supports S3 storage.