Discussion on Commercial Storage Node Operator Program

It sounds that there is none. That way they could reduce costs and even improve service for all customers by having only compliant nodes.

And what is stopping datacenters to participate in both tiers? Just continue to spin up a lot of public network nodes and become a commercial partner in parallel?

Nothing I would guess.

This is actually a good point because it renders the “the whales will stop competing with small SNOs” argument moot.

So from what I understand Storj will charge more but pay out less. I guess it makes commercial sense but there will likely be discussions in the background

Although I suppose this initiative will target customers that would never be using Storj anyway so if they are onboarded onto a subset of SNOs who are operating in data centres then it really shouldn’t affect us “peasants”.

The more I think about this announcement the more I think it won’t really change anything very much.

But they could if they want to? So the program is meant not only for data center operators but also for SNOs who run single or multiple nodes in enterprise grade data centers?

I think this program will be more profitable for them, because of amount of storage it can get.

obviously it’s all about Certifications, to leap over stupid bureaucracy, corpo customers could use STORj anyway but they can’t coz certifications, permit, permissions, bla bla bla.
i see no point joing if You don’t have one of these:

PCI-DSS
SOC 1, 2 and 3
ISO27001
FISMA
FEDRAMP
HIPAA
HITECH
HITRUST

source: official form

@john Please give me an honest answer - a commercial operator will be paid in STORJ tokens ???

STORJ non commercial was already too expensive to compete with other HIPPA compliant S3 services. Prices will have to go down further for none commercial SNOs.

Now I remember:

By utilizing underutilized capacity from top-tier data centers, Impossible Cloud provides disaster-resistant storage that is Kubernetes-friendly and S3-compatible. The platform ensures fast uploads and downloads with millisecond throughput speeds, low latency, and 100% durability without any single point of failure, which guarantees a higher than industry standard 99.95% availability.

Impossible Cloud’s Object Storage can be deployed within minutes using just a single line of code and offers round-the-clock engineering support. The platform combines the inherent benefits of web3 security with industry-leading security protocols and best practices, including IAM, advanced file-versioning, encryption, and immutable buckets that safeguard data against accidental deletions and protect it from ransomware and viruses.

Impossible Cloud operates out of fully compliant, enterprise-grade data centers that adhere to standards such as ISO27000 and SOC 2 Type II. It supports all S3 API standard retention modes for object lock, as well as a retention period that allows users to control access for greater confidentiality, surveillance, or compliance.

In my opinion everything related to these certifications does not relate to the SNO level.
It relates to Storj and their software.
The software is the key because it encrypts and distributes the data.
Even if a SNO has access to it, he cannot use it. That is the main protection.

I think these certification requirements are not made for a distributed system like Storj DCS.

I fully agree here but the industry and politics aren’t there yet. If a company is required to store data just on SOC2 datacenters then we don’t get the deal by saying the rules are wrong. That is a long term task for another day. Short term we just have to accept the rules the way they currently are.

I don’t know what Storj has been doing to work on that long term goal. Certainly this is something for politics, industry associations and alliances. To raise the voice to get heard by those who are creating such certification requirements.
For SOC2 it seems that the relevant Association is AICPA where Storj even could become a member.

But maybe we are all wrong and a system like Storj DCS could already be compliant? Like what we have learned about the GDPR.
Has Storj ever consulted with a professional SOC2 auditor and have checked if the public Storj DCS network in its current state cannot be considered compliant for sure?

What is SOC 2 | Guide to SOC 2 Compliance & Certification | Imperva
Most of this principles as covered by storj infrastructure design. As I understand there is no need a sertan design but follow the principles and appropriate mechanisms. I think most questions, is the Storj satellites are SOC2 compliant. And may be there is enough that storj speac with auditers and can understand what needed to implement more to get this certification for all storj DSC.

Out of curiosity, is there going to be an incentive for large operators who are already established on the network to switch? For example, if someone has already amassed a few PB of usage because they have access to IPs across multiple /24 blocks, is there a reason for them to leave the public network and join the commercial one if they’re going to get paid less? If one does decide to switch but they’ve not hit the 15 month marker, will they have to wait until they’re able to GE?

SOC 2 (Type 2) is not a certification, but a reporting standard for an independent audit. The focus is mainly on process governance, for a SNO to achieve a passing audit, it must show that their processes meet with the relevant guidelines. Usually you chain the audits (so the Data Center host itself needs their annual SOC2 report). Ideally it would also chain to Storj’s practices with how they operate their satellites. What an enterprise cares about is what is ‘in scope’ in the annual audit report and the auditor’s findings. [As an aside there are five trust principles part of SOC2 where security is the only required principle, the other four are optional.]

After reading the announcement and the first responses I get the knee jerk reaction some SNOs have. I’ve had similar worries myself when such a program was suggested before. But I get the intention of trying to address a new market segment and separating that out from the current network.

From the customer side, that makes sense. Don’t need certification, just use the public network and pay less. Need certification, use the commercial network and pay a premium. I think that should work reasonably well, as long as it’s marketed correctly and not as a more stable option. And even then, some customers may just want to pay more to have their data on datacenters anyway, because they perceive it as more reliable.

From the node operator perspective though, I’m a little less convinced. Removing the /24 selection filter for the commercial network does allow to more easily scale with hardware capabilities, but it allows everyone in that network to do that. How would you prevent that from becoming a race to the bottom for who will spin up the most nodes to get the most data? Furthermore, if this tier is paid less, what prevents them from still doing what they’re doing now and getting the higher paid data from the public network or just using the commercial network to supplement running nodes on the public network. I’m not entirely convinced this would get the ‘whales’ (I hate that word) out of the public network.

Furthermore, with customers paying more and SNOs getting less, it means Storj Labs will have some room to make higher margins. In my eyes that’s a good thing. They need to start making money somewhere, why not use this segment where there is a reasonable reason to charge more. It might alleviate some pressure to start making more profits on the public network and focus on scaling up first. However, it will also be a strong incentive for them to push customers to the commercial tier who don’t need it. And that last part worries me a little.

So here’s what I hope and what I fear.

Hope:

• Storj will be able to address huge new market segments and grow their business.
• Storj will be able to make higher profits on more efficient large scale setups.
• Customers will be given a reasonable choice between a more decentralized affordable tier and a certified but slightly more centralized tier at a reasonable premium.
• The impact of whales on the public network will be less (let’s not fool ourselves, there’ll still be plenty of them)
• The growth and partnerships with new customers who wouldn’t otherwise be able to use Storj will help grow the brand and work as promotion for both tiers.

Fear:

• Storj Labs will focus on acquiring customers in the more profitable tier. And upsell those on the public network to chase those profits.
• Storj Labs will focus on development for that profitable tier.
• Storj Labs will have less time to work on features for small node operators.
• Whales will stick around on the public network to maximize profits and only use the commercial tier to fill up space they can’t fill as fast on public.
• The commercial tier will be a battle of who can run the most nodes and get the most data.

So, what would be the best way to solve at least some of these issues? The difference in pricing for customers should be significant enough to not have customers choose the commercial tier unless they are legally required to have certain certifications/protections. Geofencing on the public network should be offered prior to suggesting the commercial tier if that’s a solution as well. Payout difference for commercial node operators should be close enough to the public tier to not provide a big incentive to also dabble in the public tier.

I’m sure this comment isn’t exhaustive and I may add more in the future. But for now I’ll conclude that I see the right intention here and some good steps to try to not cannibalize the public tier. But that needs to be backed up by a real world implementation that includes marketing and sales focusing on suggesting the best options for each customer and not the most profitable one for Storj Labs. So, I’m positive in principle, but a little wary in practice. Let’s see how it goes!

As someone accounted here, there is only 32 wallets that have over 1000 token payouts, so not a lot Wales at all. I thin only some of them may be have soc2. so i do not see any decentralization in that part of market.

A very small clarification - we’re not removing this for the public network! We want the broad distribution in the public network. Customers who use commercial storage nodes will be selecting the commercial storage node network only. Customers who use the public network will not be using commercial nodes. “Whales” won’t be eating up the public network too. We’re keeping all of this separate.

Oh I know. But that race to the bottom can still happen in the commercial network. I wasn’t suggesting that would happen in the public network. I edited the post to clarify I was talking about the commercial network.