A group at Microsoft Research just released a paper describing a new storage system designed to address the security issues associated with the cloud. They point to the fact that none of the cloud providers offer security guarantees in their Service Level Agreements (SLAs) as a major obstacle to wider use of the cloud; you can read about their proposed solution, a system called CloudProof, here. What caught our attention in particular was the group’s list of the four desirable security properties for cloud storage:
- Confidentiality
- Integrity
- Write-serializability
- Read freshness
We agree that these are key variables, and the Nasuni Filer addresses each and every one. CloudProof may well be a great new system, but it isn’t the only way to achieve strong security.
In previous posts we’ve written about how we address the first two features, confidentiality and integrity, through automatic encryption. Since data and metadata are encrypted at the customer site, no one can read or decipher this information on the wire or in the cloud. Furthermore, it cannot be modified once it has been sent to the cloud, so data integrity is preserved.
The third property, write-serializability, is a mouthful, yes, but it is a key component. Basically, it comes down to ensuring that data is in the right order. Read freshness means that when a user opens a file stored in the cloud, that file is the last saved copy, and not an earlier one. The Filer delivers on both of these properties because it is a fully versioned file system.
With the Filer, if a user works on a file, closes it, and then opens it again, he will be looking at the last saved version. While this might sound standard, it isn’t always the case with systems that recall files directly from the cloud. Many of the big cloud vendors rely on something called eventual consistency. This behavior means that the data you write to the cloud will eventually be stored in the right order, but not necessarily right away. So, with this model, if you write, save and close, and then re-open the same file, you might not be looking at the version you just finished working on.
Clearly, this wouldn’t work for a file system, and it brings up some security considerations. In designing the Filer, we took the approach that all cloud storage is treated as WORM – write once, read many. Our technology never updates or changes data in the cloud. The Filer writes it once and then it’s there for good. If you update a file, then that new version goes to the cloud. And since each piece of data and metadata is encrypted, all versions of the file system are protected. They have a guaranteed order and freshness.
In general, we’re happy to see more people talking and thinking about cloud security. It is a critical issue, and something we’ve cared deeply about from the very start.