Last week we touched on some of the reasons we provide each Nasuni customer with unique cloud credentials. This is an important point, though, so we decided to spell out a few more details here.
The basic idea is simple: Our cloud partners provide access to a given account based on credentials. There are a few different ways we could have facilitated this process, but we determined that providing each of our customers with unique credentials delivers the best combination of security, convenience, and performance.
More on that below. First, though, let’s go through some of the other authentication options, and their drawbacks.
Bring Your Own Credentials
This would be secure, but inconvenient. Nasuni is your gateway to cloud storage. We are trying to make the whole process easier, including the administrative details. With Nasuni, you get one bill, pricing that’s leveled down to dollars per gigabyte, with no bandwidth or transmission charges, and one vendor to call when you have a problem.
Several cloud providers suggested that we perform the authentication ourselves. But this would have meant that every time your data moved to or from the cloud, it would have passed through Nasuni servers. This would have added latency to every request, hindering performance and reliability.
If all Nasuni customers shared a single set of credentials, a malicious customer could—hypothetically—hack his copy of the Filer, uncover those shared credentials, and gain access to other Nasuni accounts. This malicious agent would not be able to read or make sense of any of those files, due to the encryption, but there is a chance he could delete them. With unique credentials, this attack is not possible. Each Nasuni customer is completely independent.
Stretching the Network
In this case, the Filer would be hosted in the cloud, not at your site, so the credentials wouldn’t be locally available. This would be secure, but slow. Nasuni would not be able to deliver local-like NAS performance.
However, with unique credentials, no other Nasuni customer can access your data. We are removed from the data path, and your copy of the Filer talks to the cloud directly, so you do not have to worry about problems with our servers. This translates to greater reliability.
Since each customer is unique, there’s no deduplication of files across our user base—we guarantee that our customers and their data are independent entities. Finally, if you decide the Nasuni Filer isn’t for you, we allow you to take those unique credentials with you.
Providing each customer with unique credentials proved to be our best option. Given our emphasis on security and performance, it was the only option.