CIO Symmetry

Jun 5 2009   3:29PM GMT

Looming questions for managing your data protection services

Linda Tucci Linda Tucci Profile: Linda Tucci

Should midmarket companies consider using outside providers to manage their data protection services? For companies with smaller staffs and budgets, using a third-party provider to manage their data protection services can pay off, as long as certain issues, including security, are addressed up front.

For a story I did this week on a Houston-based nonprofit moving from tape backup to an online data backup and recovery service, I asked analysts to give me some sense of the enthusiasm out there on the degree to which companies are using outside providers to manage their data protection services.

The resistance to using outside providers for data protection services has fallen from near 70% a few years ago to 32% now, according to Gartner analyst Adam Couture.

Burton Group analyst Gene Ruth told me there are a number of “enterprise-ready” online backup and data protection service providers out there who are growing and are particularly suited for midmarket or small companies that may not have the staff or capital to handle automated data backup and storage and disaster recovery facilities. They include the IBM/Arsenal Digital solution used by the Houston nonprofit profiled in my story, as well as EVault, AmeriVault and EMC’s Mozy service.

As with any newish technology, however, there are lots of questions that don’t yet have standard answers. Let’s go through some of them.

The first concerns security. Will your company’s top secrets, for example, be commingled with competitors’? Despite encryption, will your provider be able to see your data and what are the safeguards that prevent them from doing something with that data? What is their disaster security plan? Sure, you don’t have one, but what happens if they are hit by an earthquake or hurricane? And can their disaster recovery plan be certified and audited? Many companies require an auditable disaster recovery plan for their regulatory compliance.

A second set of questions falls under the “oops” clause. What happens, says Burton Group’s Ruth, if you forget to or can’t pay your storage bill on time?

“Is the service provider going to delete the data? Hold it for you? There’s a lot of SLA work that has to be done once the data moves out of your own data center,” Ruth cautions.

Finally, what if you want a divorce from the outside provider managing your data protection services?

“What if you decide you don’t like your vendor anymore? How do you migrate between one vendor and another? That is very difficult, and it is just really starting to be addressed by the industry,” Ruth said.

Some suggestions

  1. This may seem obvious, but get everything in writing. When you ask these questions, don’t take the verbal assurance, put it in the written contract.
  2. Imagine worst-case scenarios. It takes a peculiar bent of mind to always think what the worst thing is that could happen, but trust me, sooner or later the worst does happen.
  3. The best way not to make mistakes is to talk to a pioneer. If you consult with someone who has done it before you, they will save you a lot of grief.

1  Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • GregGrosu
    I do think that mid sized companies should seek outside help in managing their data protection if that company is handling data of a sensitive nature. It can be difficult - financially - for a company to make that decision But sometimes the money up front saves even more on the back end.
    10 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: