Cloud Database – Are you prepared?
The ongoing saga of everything cloud is entertaining, if nothing else. I have a couple of areas of interest that aren’t really burning up the electrons, one of them is cloud databases. Let’s face it, while “the cloud” is interesting in an application sense, for IT it is relatively useless without the ability to access databases. Normally databases housed in your internal IT department. Of course internal “private” clouds will address much of this issue, until they are readily available, we are faced with the reality that we have to find a solution we can trust to house data that is essential to our organization’s well being. There are a lot of issues around data in the cloud, I’m going to focus in on a couple that IT departments are trying to figure out – or should be.
- Security – data access control and standards compliance
- Security – physical/network control
- Latency – how much impact will remote databases have on performance
- Standards – how is data put into and gotten out of the database
- Data Redemption – how do I get my data out if for any reason we stop doing business?
There’s a lot there, but it’s not nearly as long as the list could be if I was to dissect all of the services out there. For the record, any “cloud data solution” that includes the phrase “frees you from the restrictions of an RDBMS” or “develop applications without IT” are not considered here. My reasoning is simple, your organization holds a ton of critical and relevant data in RDBMS databases now, changing that is possible, but at least for the time being, these applications will be limited to business units or pretty small businesses. I am looking at the problem from the IT perspective. No doubt I missed some vendors – Cloud is the winner of 2010’s buzzword bingo after all, and I was just researching with my own resources.
And a final note, I have not gone and tried any of these databases. There just isn’t time to do that level of research for a blog post. So understand that I am working off of the web pages of these vendors. Still, the market is young enough that for many, you can tell what they’re about pretty reliably.
Of all of the products that I explored, I have to say that Caspio Bridge has done the most to resolve the security and standards issues. They are PCI and TRUSTe compliant, which speaks volumes. They offer SQL Server with an AJAX front end, and allow you to get the data out in a selection of formats that includes XML and CSV, which is “good enough” for the current state of cloud databases, I would think.
Then there is Dabble DB who has a disclaimer about HIPPA that is understandable and probably helps the lawyers sleep at night, but isn’t designed to win customers’ confidence:
- Does Dabble DB® comply with HIPAA?
-
We cannot enter into any agreement above or beyond our existing privacy policy, and we cannot offer any guarantee about specific compliance with HIPAA or any applicable state law. It is the responsibility of the health care entity to determine whether Dabble DB® meets the requirements of HIPAA.
Both Microsoft’s SQL Azure and Oracle via AWS are solid DB offerings but offer little tangible in terms of security. They are very desirable in the sense that they offer their standard interfaces, making it pretty easy to adapt your applications to them, but both are relatively silent about security other than the role-based security built into their RDBMS, which is a bit disconcerting. Rackspace and Joyent both offer complete cloud solutions, and honestly these two providers do the best job of documenting what is available and how to use it. But again, they seem to miss the point that users care about the level of their security. Now granted, with so much documentation on their sites, I’m guessing there is more info there than I found about the security issues.
Truly, Oracle, Azure, and Rackspace are the ones you have the least to worry about where latency is concerned – these companies (actually Amazon in the case of Oracle) have huge, dispersed datacenters, and data redemption is pretty straight-forward from all four of the vendors mentioned in the last paragraph, simply because they use the databases we all use. Disclosure: We are partners with Oracle and Microsoft, but I assure you that their inclusion is based upon the fact that you have one or both running in your datacenter already, not because of our partnership.