One of the benefits of the cloud is pooling resources. Virtualized pools of storage provide the benefit of being more flexible, but it is more difficult to know exactly where and how data is being stored in the storage pools.

Storage Types

Each of the cloud service models has a unique storage type to meet their specific demands.

IaaS

Ephemeral: This storage type is comparable to RAM as the storage is volatile and the data is only available as long as the IaaS instance is running. This storage type is usually packaged as part of compute rather than storage.

Raw: Raw device mapping (RDM) allows the VM to access a storage logical unit number (LUN). The LUN is a portion of the overall storage for use by a single VM.

Long-term: This is used for data retention and provides durable, persistent storage media. Sometimes offers of data discovery and search are provided.

Volume: This type of storage behaves like a mounted drive on a computer but is virtualized. Data may be stored across multiple physical disks in the form of blocks.

Object: This is similar to Unix sharepoint or Windows file server. Data is stored and retrieved as objects and users interact with the data objects using file browsers.

PaaS

Disk: A virtual disk that can be in the form of a volume or object store, depending on what the CSP offers.

Database: Can be offered as a service fot the PaaS. Usually with logical separation with data being accessed via API calls to the database.

Binary Large Object (blob): Blobs are unstructured data often in the form of text files, images, or other binary files. Blob storage services are usually accessed via a URL.

SaaS

Information storage and management: This data is usually stored in a database that is managed by the CSP and allows users to create and manipulate data via a web GUI.

Content and file storage: Data that is stored in the app in the form of files, used in filesharing and collaborative apps.

Content delivery network (CDN): Object storage that is stored geographically close to users to lower latency and bandwidth.

Threats to Storage Types

Unauthorized access: Becasue of the multi-tenancy of cloud platforms, the CSP must make sure that there are appropriate access controls and separation to allow only authorized users access to data.

Unauthorized provisioning: CSPs make provisioning additional resources easy, this can lead to service sprawl. Unofficial or shadow IT can lead to more cost for the organization, also the storage for these services may not be under the purvey of the security team leading to insecure storage.

Regulatory noncompliance: Some CSPs may not meet all the regulatory compliance that an organization may need to follow. This can lead to non-compliance of the organization and additional fines.

Jurisdictional issues: Many CSPs are global companies with data centers all over the globe and move customer data between data centers, even in other countries, for redundancy. Some organizations may have legal requirements (like privacy protections) to not have data in certain countries. It is important for an organization to have proper configurations in place so that they are within their legal requirements.

Denial of service: CSPs are only accessible through a network, in the event of a network outage, like a severed cable, the data in the cloud is inaccessible. Additionally, malicious actors may attack the CSP through a DDoS to make the data inaccessible.

Data corruption or destruction: Many events can corrupt or destroy data; human error, malicious insiders, hardware and software failures, or even natural disasters.

Theft or media loss: CSPs have appropriate physical security controls to prevent media theft, which is extremely unlikely, but that does not stop all thefts. Render data unusable by using encryption.

Malware and ransomware: Anywhere data is stored that has storage and processing is susceptible to malware. Proper access controls and anti-malware can prevent malware.

Improper disposal: CSPs are responsible for disposal of physical hardware. Protecting data by using encryption will make sure that it is protected from improper disposal.