Article

Comparing NDSA Levels Rankings Across Cloud Storage Vendors

By: Joshua Ranger
July 18, 2014

Seth Anderson has been compiling a series of cloud storage vendor profiles over the past year with an analytical focus on the suitability of cloud storage as a preservation environment. As the amount of digitized and born digital material archives must manage grows, the pressure from administrators to find affordable solutions for file-based storage also increases. Seth’s profiles and continued work in assessing such services help give a framework for considering cloud storage while taking into account (and being able to communicate) the risks and benefits of various solutions.

One of the areas the profiles look at is the services’ adherence to the NDSA Levels of Digital Preservation. While not an official standard, the Levels are extremely useful in determining where one’s internal or out-sourced storage and digital preservation solutions have met success, where there are gaps, and if those gaps are acceptable risks within a given situation. I thought it would be interesting to pull out Seth’s individual analysis and take a comparative look at the providers profiled so far.

This first grid shows each provider profiled so far, a few data points such as cost, and compliance at each of the four levels to the three applicable NDSA categories (storage, data integrity, security). In the chart, red means does not meet the standards of the level, yellow means it partially meets them, and green means it fully meets the standard at that level. (PDF version available here.)

Provider Service Infrastructure Cost NDSA Category Level 1 Level 2 Level 3 Level 4
Chronopolis Deep Storage Partnership High Storage
Data Integrity
Security
 
Dternity Deep Storage Wholly Owned High Storage
Data Integrity
Security
 
DuraCloud Deep Storage,
Streaming
Contracted High Storage
Data Integrity
Security
 
EVault Deep Storage,
Production
Wholly Owned Low Storage
Data Integrity
Security
 
Glacier Deep Storage Whole Owned Low Storage
Data Integrity
Security
 
Preservica Deep Storage,
Production,
Streaming
Contracted High Storage
Data Integrity
Security

If we rearrange our view and compare each NDSA category one at a time across vendors, we get an interesting picture of the services provided. As you can see below, the area where there is the most compliance is Security. That makes sense, as it is one of the high concern/risk areas in dealing with third-party storage, especially if the vendors want to attract corporations, government, universities, and other large institutions. Perhaps surprising is the amount of red in the Storage category. One would think that companies dealing with storage would be aces in that area, but multiple redundancy and obsolescence monitoring appear to be of lesser importance. I might surmise that there is a certain cost factor behind this regarding running multiple storage locations, as well as a calculated risk on the vendors side that mass catastrophe will not occur or, if it does, the legal or financial impact would be more acceptable than the failure of stewardship would be from the point of view of preservation.

One of the most interesting gaps here is the large block of yellow in the Data Integrity category. Regular monitoring of files and file integrity is critical to digital preservation, but considering that the services assessed here are mostly classified as deep storage (many likely stored offline and/or on tape), the processing time and cost of regular restoration and monitoring is likely too great for it to make business sense. I know that organizations such as the Danish National Library run partial checks so that over a period of time all files are restored and checked, but that storage is internally managed and such protocols easily set, which may not generally be the case with third-party storage services.

Level 1 (Protect) Level 2 (Know) Level 3 (Monitor) Level 4 (Repair)
Storage Two complete copies that are not collocated. At least three complete copies.
At least one copy in a different geographic location.
At least one copy in a geographic location with a different disaster threat.
Obsolescence monitoring for storage system(s).
At least three copies in geographic locations with different disaster threats
Chronopolis
Dternity
DuraCloud
EVault
Glacier
Preservica
Data Integrity Check file fixity on ingest if it has been provided with content.
Create fixity info if it wasn’t provided with the content.
Check fixity on all ingests.
Virus-check high risk content.
Check fixity of content at fixed intervals.
Maintain logs of fixity info; supply audit on demand.
Ability to detect corrupt data.
Virus-check all content.
Check fixity of all content in response to specific events or activities.
Ability to replace/repair corrupted data.
Ensure no one person has write access to all copies.
Chronopolis
Dternity
DuraCloud
EVault
Glacier
Preservica
Security Identify who has read, write, move, and delete authorization to individual files.
Restrict who has those authorization to individual files.
Document access restrictions for contents. Maintain logs of who performed what actions on files, including deletions and preservation actions. Perform audit of logs.
Chronopolis
Dternity
DuraCloud
EVault
Glacier
Preservica

We’re interested in your comments and feedback on this. A PDF version of the charts is available at https://www.avpreserve.com/wp-content/uploads/2014/07/CloudVendor_NDSA_Comparison.pdf.

Joshua Ranger