When it comes to mapping out a data storage strategy and framework, it’s important to remember that every business is unique. A one-size-fits-all approach to data storage will leave you either vulnerable and unprepared, or overbought and unprepared. Considering whether it would be more beneficial to store data in-house, at your company’s location, or offsite, via the public or private cloud, is a decision that should be well researched and well planned with IT groups and executives each having an equal say.

Thoughtful consideration should be given to factors including ‘the real’ cost of the storage system ? hardware, software, and management ? which entails potential security issues, data backup, and the level of data access required.

Talk with Cloud Storage Providers

Outsourcing generally means you hire another company with the proper skills and expertise to manage your data storage systems and access to those systems. This may be done through a cloud provider, hardware provider or a hardware provider's services group, a VAR, a managed service provider, a Web service or an IT consultant.

Do the Economics Make Sense?

When evaluating in-house versus outsourced data storage, organizations need to look at pricing. Outsourcing generally eliminates the need to hire additional IT staff or make capital investments. It’s no secret that the efficient management of storage is a key element in keeping operational costs to a minimum. It can also be a way to stay current with technology as well as inject scalability into an organization’s IT structure. In an area of rapid change such as the IT arena, a cloud provider and a team of storage experts often carry many advantages. 

This is especially true once the amount of data that needs to be stored reaches a point where the management burden becomes uncomfortable.

The sweet spot for data storage outsourcing tends to be in small and mid-range business, in virtually any industry. While it’s difficult to know what an organization’s specific threshold is, it is primarily determined by the weight of the work IT supports. When the amount of data that has to be stored requires a business to develop new processes and personnel systems, it may be time to consider outsourcing. Organizations should look beyond the cost of storage components, such as the hardware and software, and address the cost of everyday data management, as well as routine and long-term goals for back up and data restores.

Questions to Consider:

• How much is the outsourcing center going to charge you to manage a similar amount of data, where you don’t have to hire the personnel full time?
• What sort of support options do they have? What if you go over your allotted consulting or support, what are the charges?
• What is the cost of the communication links to access the data?
• Where is data deduplication performed?
• What are the commitments of your provider if a link failure happens? What about data recovery? Or disaster recovery in case your data needs to be moved immediately?

If the economics of working with a cloud provider make sense, next it’s important to calculate the organization’s security requirements. Also, examine the Service Level Agreement (SLA) guarantees offered by the IT provider and the plan of action for data back up and data recovery. This generally entails two components: first, backing up within the outsourcing data center, and second the organization’s access to that data.

Data Storage In-House: Security Under Your Own Lock and Key

The number one reason to manage a storage system in-house is guaranteed security. In other words, if your data is underfoot, you know it’s safe. Organizations that choose to manage and store their data in-house generally have strict security requirements; either industry imposed or those mandated by federal regulations. Banks and financial institutions of all sizes, for example, are bound by rules set by the FDIC. These rules dictate how long data must be stored, what countries it can be stored in, how disaster recovery plans are structured, etc.

The same is true for the healthcare industry, with rules like HIPAA (Health Insurance Portability and Accountability Act) that outline how patient data must be collected, managed and transferred. Organizations like banks, hospitals and retailers that create an abundance of personal and sensitive information cannot afford for this information to be compromised by an external service provider.

By managing storage systems in-house, depending on internal standards, organizations can normally guarantee a high-level of security, outline management procedures, and allocate proper resources.

Data Storage Outsource: SLAs Can Safeguard Your Data

Of course, as the saying goes, “The best-laid plans of mice and men often go awry.” A data storage framework is only as reliable as the people and resources that are committed and trained to implement it. Even though security concerns are sometimes cited as a negative when considering offsite storage architecture, the truth remains that most outsourced storage providers deliver a high degree of expertise in data management, backup and recovery.

Today, organizations can choose to outsource all—or some—of their storage capacity and management. When talking about outsourcing data storage it’s almost always a cloud play. In reality almost any size company can consider, and should thoughtfully consider, outsourcing. 

Most Service Level Agreements (SLA) are written with guarantees that your data will be secure and available 99.9 percent of the time or higher. Further, these facilities are often located in secure regions – ones that are not at risk of hurricanes, tornadoes, earthquakes, etc.

Not to mention that most data backup facilities are more likely to have been constructed with more advanced safety and security features than a typical office building.

Outline Protection Requirements

Businesses must determine the criticality of their data, not just in running their business, but also with an understanding of how important the data is if it’s lost. When determining a storage outsource strategy, an organization should review what data needs to be protected and how much protection is required (continuous data protection, nightly or weekly backups).

Questions to Consider:

• What are your data backup requirements? Some providers offer full backups each night, while others offer file-level backups.
• How much data you need to recover and have available, and how fast – in terms of its impact on your ability to do business versus the cost for data protection and recovery?

Consider Data Encryptions Options

Depending on the standards of the outsourcing center and the organization’s internal requirements, data encryption can mitigate risk. Strategies should encompass options for both data in transit as well as data at rest. With sophisticated data encryption technology, disk drives themselves store the data in an encrypted state. This includes information that is passed from the data center to the outsourcing center. The data is encrypted along the way. In other words, proven processes and methods can help to resolve any vulnerabilities of not having data stored in-house.

Questions to Consider:

• What are the cloud encryption alternatives?
• Does the cloud provider support encryption for data in transit, as well as data at rest?
• What security compliance requirements should be considered? (Payment Card Industry Data Security Standard (PCI DSS) and HIPAA, etc.

Data Access

Before making a decision to outsource, organizations should consider how they will access data in their stored environment. A dedicated line or communion link will be needed. This could be fiber or TCP/IP (Transmission Control Protocol/Internet Protocol) communication. In a nutshell, TCP/IP is the basic communication language or protocol of the Internet; it provides the charter for how organizations access their data storage systems remotely. This can include accessing primary data? that is considered the storage that is directly accessed by transaction processing servers to run everyday business operations (think of a travel website rendering search queries and processing credit cards). Primary data will more than likely have different latency requirements than secondary data that’s used for file recovery and back up.

Regardless, it’s critical to eliminate single points of failure to data access, which should be covered in the SLA.

Questions to Consider:

• What are your data availability and access requirements? Latency for primary data access (i.e., for production applications, how business is transacted everyday) versus, secondary data (i.e., file recovery requests, responses to discovery requests).
• If a communication link to an offsite data storage facility goes down, what is the recovery plan?

Simply put, there’s a lot of information out there about outsourcing data storage and cloud providers. Whether all, or part of your data storage is outsourced, ensuring your company’s data, including backup and recovery, is handled correctly and securely will largely diminish the potential risk of incurring significant costs in the event of lost data. While the term “outsourcing” does not need to be feared, it does need to be well researched, calculated and planned for. 

Chris Bremer is chief technology officer at Dynamic Solutions International, LLC. (DSI). He has more than 25 years of experience in the storage and hardware industry and can be reached at [email protected].