Enterprises are finding more and more reasons to consider the cloud for storage and other data retention purposes. Often, CIO’s point to performance optimization, risk reduction, and cost efficiency as major drivers for considering the cloud. If you’re exploring the cloud for data storage, here are ten things to ask of your organization and of a prospective provider before handing over your data.
The answer here should drive where you start your search for a provider. If you’re storing non-essential data, like publicly available reports or archived sales flyers, you may not need to be as concerned about compliance and security. However, if you’re storing sensitive data or processing credit cards, you may be required to maintain certain requirements to gain necessary certifications. Keep in mind that just because you can store unlimited data, that doesn’t prevent transmission issues and limits in the capacity of network connections from creating challenges in accessing and interacting with large data stores. There may be work needed on your end before implementing a cloud solution.
Some types of data need the security and performance of dedicated infrastructure; however, you typically don’t need expensive SAN or NAS solutions for simple data backups. Map out the data you have and the regulations that apply to the different classes of your data. With that, you can begin to look at solutions that fit the security and performance requirements of your different classes of data. As you assess needs, attempt to forecast from existing system data what your data stores might look like down the road. This can help you figure out which solutions make sense for the long haul and keep you from revisiting the storage conundrum again next year. For help on assessing your storage options read, “Picking the Right Option for Hosted Storage” white paper. Your various data types may require a mix of different storage technologies, NAS, SAN, and Cloud to achieve your desired results.
And, more importantly, what is the penalty for breaking it. An SLA is an agreement between you and the service provider that specifies their guarantee of service, usually expressed in 9s, and other important things like, bandwidth constraints, file size limitations, support expectations, and how changes to the SLA are handled. In this conversation, some providers are open to negotiating some aspects of the SLA, but at the end of the day, what you sign is what your provider is legally obligated to deliver.
This can usually be gleaned off of a provider’s website, but always ask before you jump. If you’re in a highly regulated industry, even storing archival data may require adherence to government or industry guidelines to stay in business. Also, inquire about the company’s audit schedule and what recourse you have if they fail to maintain compliance on their end.
Hosted storage means putting your data in someone else’s hands. There should be a level of logical portioning that ensures that customer data doesn’t mix. Make sure you ask and are satisfied with the answers about the provider’s responsibility in case of a subpoena or data breach. As most providers offer some type of backup, also be clear on who owns those backups and how quickly they can be restored.
Your data’s legal protection is driven by where it’s physically located. If you locate data in an unfamiliar country, even if your provider’s offices are located in your home country, you may not have the rights you think you have. Your provider should be able to tell you where your data is being held and prime you on whether or not there are legal considerations. Some providers with multiple data centers can offer you the option of only storing data in certain areas if it’s an issue.
This question should encompass the vetting process for data center personnel, as well as how access is controlled to the physical data center and the data that resides there. Background checks, biometric access, and certifications may be required for the data center employees, but don’t forget to ask about the cleaning crew, IT and facilities contractors, or other related technology providers that interact with your information. Confirm that your data is being encrypted during storage and transmission.
Most providers track generic information on all customers for billing and performance logging purposes – not what’s actually in your files. Before you find out the hard way, make sure that’s all they’re doing with your data. The fine print may give them the right to sell your contact information for marketing purposes or give them access to make account changes based on data utilization.
Before you sign on the dotted line, ask for migration details. You may find that your systems need to undergo major updates, even full conversions, in order to move your data into the new data center’s infrastructure. If the process requires more expertise than you have, does your provider offer migration support or will you be on your own? Most providers have migration strategies that can help move even the largest data stores either through physical media or other means. Also, know how to get your data out if your business needs change or you become unhappy with the service. Ask about the implications of moving licenses for applications and operating systems between environments so you can move your data without changing existing software, schedules, or processes.
It’s 3 a.m., your file server isn’t displaying your home page banner image. Who do you call? Some providers don’t offer any live support meaning there’s no one to call, only an email address or voicemail to report an issue and wait for a response. Confirm that you have an immediate line to a support team with alternative contact methods, like chat or email. Also, look for self-help resources to help you educate yourself on and troubleshoot the system if necessary.