Cloud Storage

Materials routinely copied or backed up to an independently managed, off-site data storage facility and able to be restored under contractual terms.

Digital Species: Cloud, Integrated Storage

Consensus Decision

Added to List: 2019

Previously: Vulnerable

Imminence of Action

Action is recommended as required, with periodic review every five years.

Significance of Loss

The loss of tools, data or services within this group would impact on many people and sectors around the world.

Effort to Preserve | Inevitability

Loss seems likely: by the time tools or techniques have been developed the material will likely have been lost.

Examples

Remote network storage provided by a third-party service under contracts, such as DropBox, Amazon, Microsoft Azure, Dell EMC, Google Cloud Platform, Google Drive, IBM, Intel, Rackspace, Iron Mountain, SAP, and others

‘Endangered’ in the Presence of Aggravating Conditions

Encryption; lack of routine maintenance; lack of storage replication; over-dependence on a single supplier; insufficient documentation; lack of local alternative; political or commercial instability; overly aggressive compression; poor information security; lack of transparent integrity-checking; lack of strategic investment; lack of migration plan; lack of exit strategy; unenforceable penalties; unstable pricing; unpredictable removal costs.

‘Lower Risk’ in the Presence of Good Practice

Backup to different technology; backup to diverse locations; documentation of assets; integrity checking; preservation planning; export functionality; resilient to hacking; version control; resilient funding; technology watch; enforceable contract; disaster planning and documentation; stable pricing; budgeted removal costs.

2023 Review

This entry was added in 2019 to ensure that the range of media storage is properly assessed and presented. The 2021 Jury noted increased risk in light of greater reliance on the cloud and localized disruptions to cloud services over the pandemic. A 2021 trend towards greater risk was based on the wider (global) dependence on these services, especially Google Drive, for recordkeeping and business workflows. The impact of loss increases with more reliance on cloud services leading to greater risk; however, this should not deter people from using cloud storage. The 2022 review agreed with this assessment but noted no significant increase in trend for 2022.

The 2023 Council review recommended this entry be moved to a new higher-level Cloud species as the previous Integrated Storage species worked less well (for hardware technologies). The Council agreed the previous Vulnerable classification stand with the overall risks remaining on the same basis as before so long as there are safeguards in place. However, the Council noted that these safeguards may not in all cases be sufficient to address existing risks. They noted how some governments may cut off the internet in times of unrest, having a disastrous effect on access to cloud-based resources, and raised questions about the feasibility to recover material after a major cloud vendor fails, or due to malicious acts. For these materials, the significance of loss and effort to preserve is much greater with potential for an increased trend towards greater risk with loss of existing safeguards.

Additional Comments

The history of digital preservation suggests that the risk of vendors going out of business or shutting down services is the key issue here, over and above any specific technical solutions or risks.

Case Studies or Examples:

• Case of a cloud storage provider who suffered major data loss (or its clients suffered data loss) due to a fire in its data centre. Those clients suffered most who did not include geographically redundant storage in the contract with the storage provider as this was more expensive. See Rosemain, M. and Satter, R. (2021) ‘Millions of websites offline after fire at French cloud services firm’, Reuters. Available at: https://www.reuters.com/article/us-france-ovh-fire-idUSKBN2B20NU [accessed 24 October 2023]

• Case of fired credit union employee accessing the financial institution's computer systems without authorization and destroying over 21 gigabytes of data via remote network storage. See Gatlan, S. (2021) ‘Fired NY credit union employee nukes 21 GB of data in revenge’, BleepingComputer. Available at: https://www.bleepingcomputer.com/news/security/fired-ny-credit-union-employee-nukes-21gb-of-data-in-revenge [accessed 24 October 2023]

• The National Archives UK (2023) ‘Digital Services and carbon emissions in the heritage sector: some preliminary findings’, which noted areas relating to the cloud and cloud storage. They write “If we are looking for areas where significant carbon reductions could be made quickly, they are not to be found here. The evidence is that hosting digital services on site results in more carbon emissions than a sensibly located (i.e., in a territory with a high proportion of electricity generated from renewables) cloud host and that, where it might be felt that migrating services simply migrates emissions from scope 2 to scope 3, in practice cloud providers can offer the same storage and compute with lower emissions. Amazon in particular reports its view of the carbon ‘saved’ by using its services rather than your own, but these are estimates and should not be regarded as robust.”  See The National Archives (UK) (2023), ‘Digital Services and carbon emissions in the heritage sector: some preliminary findings’. Available at: https://www.nationalarchives.gov.uk/archives-sector/digital-services-and-carbon-emissions-in-the-heritage-sector-some-preliminary-findings/ [accessed 24 October 2023]