Last week’s flurry of reports stemming from a Wall Street Journal article about Google’s unannounced plans to offer an online storage service represented the latest in a long-running series of rumors on the subject.
Internet-based storage has traditionally been the domain of smaller start-ups or directly associated with targeted services (e.g. photo sharing, online backup, etc.). But it’s now drawing the interest of larger companies as well, most notably Microsoft, which has public betas under way for two interesting services. SkyDrive provides online file storage (public, private and shared folders, with drag-and-drop capability) and a (currently) unrelated service, FolderShare, offers controlled peer-to-peer file synchronization. While most of these services are presently targeted at individual users, it is not much of a stretch to envision future business-focused offerings.
One major hurdle to business acceptance of such services is, of course, the degree of willingness to store corporate data externally. There is already some precedence for this in the growing adoption of SaaS-based applications, where data is housed externally, often in common databases. Another more unusual, but apparently effective, example of Internet storage usage is The New York Times’ decision to house in PDF format 11 million articles written between 1851 and 1980, using Amazon.com’s Simple Storage Service.
So, how does a generic file storage service differ from these other models? The unstructured, multipurpose nature of file data inherently provokes more concerns about security. Already, there are significant corporate concerns about data leakage via physical devices (such as USB drives and iPods), as well as through online methods (such as private e-mail accounts). A Web-based document folder where a user can drag and drop pretty much any file is subject to far less control than, say, interacting with and storing data through a SaaS-based application. The lack of centralized policy management and monitoring for Internet-based storage becomes a major inhibitor.
At its core, this issue reflects a fundamental shortcoming of the traditional file-server model. Corporate file servers ultimately become repositories (or perhaps receptacles) for all sorts of data, both high-value and low. Data classification assessments have regularly demonstrated that a surprising amount of sensitive information can unexpectedly turn up in all sorts of places within shared file directories. The fact that this information is buried in a server within corporate boundaries is one thing, but sitting somewhere out in cyberspace is quite another.
Jim Damoulakis is chief technology officer of GlassHouse Technologies, a leading provider of independent storage services. He can be reached at email@example.com.