What I am trying to understand at which point Storj can be considered SOC2 compliant (or HIPAA or whatever else is out there). Is it enough for them to store their (encrypted) data in SOC compliant data centers. Do the data centers have to be SOC2 or the node operator? Or is it enough to run a server in a SOC2 compliant data center?
It would a bit hard to believe that storing the data in a compliant data center can make Storj magically SOC2 compliant without undergo an audit itself. And if they’re being audited anyway is the public network really the culprit that cannot be shaped into compliance?
I am just curious. Unfortunately Storj has never been really transparent about the efforts they make to reach the required compliancy. And now we have this.
What I like is that it is implemented on bucket level. In theory a company could use both networks. Let’s say the commercial network (is that really a good term? I don’t think so.) for hot and critical data, the public network for non-critical data. I am not convinced but at least in theory a company could save some mony storing at least non-critical date on the public network and ‘learn’ about its advantages by using it. But I don’t think that will happen at scale.
Maybe Storj needs to do some more rethinking about what incentives or penalties might work to support the public network. For example it should be dead easy for a company to move data from the ‘commercial’ network to the public network. Maybe this can be done by server side copy and without cost for the customer. If they have to pay large sums to move data between the different networks I don’t see a reason for them to do so.
Also maybe a free tier could be offered on the public network depending on how much they are storing on the commercial network? Store 100PB on the commercial network and get 100TB for free on the other network to try it out. Something like that maybe?
I definitely see the need to push the public network into the eyes of those obviously large enterprises with large datasets that want to move their data to Storj.
In a way the commercial network needs to be prohibitively expensive so that the choose the commercial network only if they really really require the compliance. And maybe only for those part of their data for which it is really necessary.
This is probably what is going to happen. They will run their machines on both networks.
I am wondering if the current whales would be able to get into that commercial network at all. If it means that the node operator has to be audited, then I don’t know how many of them are there?
Exactly.
The best way would have been to get the public network compliant.