"Talking about S3 seems so mundane; it really has become something that I don't worry about," Engelson says. "It's really just an extension of what we do -- we have to store our data somewhere, and S3 is our standard for that."
Encrypt data stored in the cloud
Encryption should help relieve any concerns about security and compliance that IT professionals might have when they're contemplating public cloud storage use, experts say.
"If the data is all encrypted and the keys are managed by the enterprise, then the company is pretty much protected from privacy regulations like PCI and HIPAA," says Ted Ritter, an analyst at Nemertes Research. "Physical location of the data might come into play for some companies, but really the key is to encrypt."
Gartner analyst Adam Couture agrees. "I've seen companies say, 'Oh, we're HIPAA-compliant and so our cloud storage provider needs to be HIPAA-compliant, too. But HIPAA says nothing about the architecture of the storage itself," he says. "It's really loosey-goosey."
What that means, according to Couture, is that regulatory concerns might affect a cloud storage decision, but the No. 1 trepidation is really security. "And for that, all I can say is if you're going to put stuff out there, you'd better encrypt it. And then at the end of a retention period, throw away the encryption keys," he says. "Your data might still be sitting out there on Amazon, but it's unusable" if it's encrypted.
Amer Khan, senior vice president of product management and development at eGistics, a Dallas-based provider of hosted document management software, agrees that it's important to encrypt data. A user of AT&T Synaptic Storage as a Service, eGistics encrypts its data locally and as it moves into the storage cloud.
The company also checked out AT&T's data centers prior to committing to using its cloud storage service. "AT&T is SAS 70 Type II- as well as PCI- and HIPAA-compliant. Those are important to us," Khan says. "Historically, all the data was under our control and management. As we give that up, we have to make sure all the same types of controls are in place and that we're not dropping the level of security on that data. That's paramount to our customers."
At eGistics, the decision to use cloud storage was part of a move to cloud computing in general; it also uses AT&T Synaptic Hosting. That's not uncommon, says Ritter: "First you make the decision to do cloud computing, then you figure out how to handle the storage."