Discussion on Commercial Storage Node Operator Program

But they could if they want to? So the program is meant not only for data center operators but also for SNOs who run single or multiple nodes in enterprise grade data centers?

I think this program will be more profitable for them, because of amount of storage it can get.

obviously it’s all about Certifications, to leap over stupid bureaucracy, corpo customers could use STORj anyway but they can’t coz certifications, permit, permissions, bla bla bla.
i see no point joing if You don’t have one of these:

PCI-DSS
SOC 1, 2 and 3
ISO27001
FISMA
FEDRAMP
HIPAA
HITECH
HITRUST

source: official form

2 Likes

@john Please give me an honest answer - a commercial operator will be paid in STORJ tokens ???

2 Likes

STORJ non commercial was already too expensive to compete with other HIPPA compliant S3 services. Prices will have to go down further for none commercial SNOs.

Now I remember:

By utilizing underutilized capacity from top-tier data centers, Impossible Cloud provides disaster-resistant storage that is Kubernetes-friendly and S3-compatible. The platform ensures fast uploads and downloads with millisecond throughput speeds, low latency, and 100% durability without any single point of failure, which guarantees a higher than industry standard 99.95% availability.

Impossible Cloud’s Object Storage can be deployed within minutes using just a single line of code and offers round-the-clock engineering support. The platform combines the inherent benefits of web3 security with industry-leading security protocols and best practices, including IAM, advanced file-versioning, encryption, and immutable buckets that safeguard data against accidental deletions and protect it from ransomware and viruses.

Impossible Cloud operates out of fully compliant, enterprise-grade data centers that adhere to standards such as ISO27000 and SOC 2 Type II. It supports all S3 API standard retention modes for object lock, as well as a retention period that allows users to control access for greater confidentiality, surveillance, or compliance.

In my opinion everything related to these certifications does not relate to the SNO level.
It relates to Storj and their software.
The software is the key because it encrypts and distributes the data.
Even if a SNO has access to it, he cannot use it. That is the main protection.

I think these certification requirements are not made for a distributed system like Storj DCS.

1 Like

I fully agree here but the industry and politics aren’t there yet. If a company is required to store data just on SOC2 datacenters then we don’t get the deal by saying the rules are wrong. That is a long term task for another day. Short term we just have to accept the rules the way they currently are.

11 Likes

I don’t know what Storj has been doing to work on that long term goal. Certainly this is something for politics, industry associations and alliances. To raise the voice to get heard by those who are creating such certification requirements.
For SOC2 it seems that the relevant Association is AICPA where Storj even could become a member.

But maybe we are all wrong and a system like Storj DCS could already be compliant? Like what we have learned about the GDPR.
Has Storj ever consulted with a professional SOC2 auditor and have checked if the public Storj DCS network in its current state cannot be considered compliant for sure?

4 Likes

What is SOC 2 | Guide to SOC 2 Compliance & Certification | Imperva
Most of this principles as covered by storj infrastructure design. As I understand there is no need a sertan design but follow the principles and appropriate mechanisms. I think most questions, is the Storj satellites are SOC2 compliant. And may be there is enough that storj speac with auditers and can understand what needed to implement more to get this certification for all storj DSC.

2 Likes

Out of curiosity, is there going to be an incentive for large operators who are already established on the network to switch? For example, if someone has already amassed a few PB of usage because they have access to IPs across multiple /24 blocks, is there a reason for them to leave the public network and join the commercial one if they’re going to get paid less? If one does decide to switch but they’ve not hit the 15 month marker, will they have to wait until they’re able to GE?

SOC 2 (Type 2) is not a certification, but a reporting standard for an independent audit. The focus is mainly on process governance, for a SNO to achieve a passing audit, it must show that their processes meet with the relevant guidelines. Usually you chain the audits (so the Data Center host itself needs their annual SOC2 report). Ideally it would also chain to Storj’s practices with how they operate their satellites. What an enterprise cares about is what is ‘in scope’ in the annual audit report and the auditor’s findings. [As an aside there are five trust principles part of SOC2 where security is the only required principle, the other four are optional.]

3 Likes

After reading the announcement and the first responses I get the knee jerk reaction some SNOs have. I’ve had similar worries myself when such a program was suggested before. But I get the intention of trying to address a new market segment and separating that out from the current network.

From the customer side, that makes sense. Don’t need certification, just use the public network and pay less. Need certification, use the commercial network and pay a premium. I think that should work reasonably well, as long as it’s marketed correctly and not as a more stable option. And even then, some customers may just want to pay more to have their data on datacenters anyway, because they perceive it as more reliable.

From the node operator perspective though, I’m a little less convinced. Removing the /24 selection filter for the commercial network does allow to more easily scale with hardware capabilities, but it allows everyone in that network to do that. How would you prevent that from becoming a race to the bottom for who will spin up the most nodes to get the most data? Furthermore, if this tier is paid less, what prevents them from still doing what they’re doing now and getting the higher paid data from the public network or just using the commercial network to supplement running nodes on the public network. I’m not entirely convinced this would get the ‘whales’ (I hate that word) out of the public network.

Furthermore, with customers paying more and SNOs getting less, it means Storj Labs will have some room to make higher margins. In my eyes that’s a good thing. They need to start making money somewhere, why not use this segment where there is a reasonable reason to charge more. It might alleviate some pressure to start making more profits on the public network and focus on scaling up first. However, it will also be a strong incentive for them to push customers to the commercial tier who don’t need it. And that last part worries me a little.

So here’s what I hope and what I fear.

Hope:

  • Storj will be able to address huge new market segments and grow their business.
  • Storj will be able to make higher profits on more efficient large scale setups.
  • Customers will be given a reasonable choice between a more decentralized affordable tier and a certified but slightly more centralized tier at a reasonable premium.
  • The impact of whales on the public network will be less (let’s not fool ourselves, there’ll still be plenty of them)
  • The growth and partnerships with new customers who wouldn’t otherwise be able to use Storj will help grow the brand and work as promotion for both tiers.

Fear:

  • Storj Labs will focus on acquiring customers in the more profitable tier. And upsell those on the public network to chase those profits.
  • Storj Labs will focus on development for that profitable tier.
  • Storj Labs will have less time to work on features for small node operators.
  • Whales will stick around on the public network to maximize profits and only use the commercial tier to fill up space they can’t fill as fast on public.
  • The commercial tier will be a battle of who can run the most nodes and get the most data.

So, what would be the best way to solve at least some of these issues? The difference in pricing for customers should be significant enough to not have customers choose the commercial tier unless they are legally required to have certain certifications/protections. Geofencing on the public network should be offered prior to suggesting the commercial tier if that’s a solution as well. Payout difference for commercial node operators should be close enough to the public tier to not provide a big incentive to also dabble in the public tier.

I’m sure this comment isn’t exhaustive and I may add more in the future. But for now I’ll conclude that I see the right intention here and some good steps to try to not cannibalize the public tier. But that needs to be backed up by a real world implementation that includes marketing and sales focusing on suggesting the best options for each customer and not the most profitable one for Storj Labs. So, I’m positive in principle, but a little wary in practice. Let’s see how it goes!

14 Likes

As someone accounted here, there is only 32 wallets that have over 1000 token payouts, so not a lot Wales at all. I thin only some of them may be have soc2. so i do not see any decentralization in that part of market.

A very small clarification - we’re not removing this for the public network! We want the broad distribution in the public network. Customers who use commercial storage nodes will be selecting the commercial storage node network only. Customers who use the public network will not be using commercial nodes. “Whales” won’t be eating up the public network too. We’re keeping all of this separate.

2 Likes

Oh I know. But that race to the bottom can still happen in the commercial network. I wasn’t suggesting that would happen in the public network. I edited the post to clarify I was talking about the commercial network.

The best thing that I see in this is the bigger visibility that Storj will get on the market, and the fact that it starts to be seen as a professional option, in the pro tier among the big players, not just some crypto project that taps into the cloud storage market. This, I hope, will attract more clients for the general network, and makes us more earnings too, not just for Storj. So, I get positive vibes for now.
Just one little thing… I hope Storj lab dosen’t forget about the storj token for the premium tier; I mean offers to customers to pay less in Storj token, and payments in Storj for premium SNOs, just like in the general network. If the token is forgetten in this, I’m afraid that the value of it will go down the drain, and hodling it would be the worst choise for us.

1 Like

Just came across this video posted a few hours ago.

And I must say it doesn’t help alleviate my worries. Most of it is just a great way to promote Storj, but the sentence “Storj partners with datacenters and companies all around the world to put unused capacity to work” bothers me. What about us home node operators then? Besides, the video lists the current pricing for the public network, so which is this talking about?

This is exactly the kind of focus shift I was worried about and I think it’s also a little dishonest to customers to only mention datacenters and companies, despite storing a lot of data on consumer home systems. I understand that that might be an easier sell for some customers, but the combination between public network pricing and what seems like more a commercial network nodes description doesn’t sit quite right with me.

5 Likes

I suspect the rules for selecting nodes will be different. Given that you will need a formal contract for this commercial tier, it will be easy to replace the current /24 rule with a rule based on self-reported locations, as then the commercial contracts will require these reports to be accurate. Something you cannot enforce on a band of anonymous hippies like us.

I wonder how much will it cost for Storj Inc. to maintain certification. This is nontrivial work which they will need to spend time on. It may turn out that at low scales all additional profit will be eaten by certification costs.

I fully agree with the rest of your post.

Heh, frankly speaking, calling a whale someone who has 1 PB of storage sounds funny. That would be just an average Joe Random in the Chia world. I think this is more an offer to companies that already offer hundreds of petabytes of storage for commercial needs, and for whom Storj would be just an additional source of customers.

1 Like

Good point, though there was no mention of such a replacement. I guess that’s kind of what I was trying to get at with this comment.

Sure, but these costs hopefully will not grow with scale, so they can outscale any additional costs with more customers.

2 Likes