IT professionals are increasingly looking to online backup and recovery (or “cloud storage”) services when it comes to server data protection. These solutions are especially relevant for small to medium-sized businesses and for the remote offices of larger enterprises. But with all the choices today, how do you decide what is right for your company?

The factors driving interest in online backup and recovery solutions include: workforce dependency on 24×7 access to business data; price and consistency of a Software-as-a-Service (SaaS) subscription model over costlier onsite options; and easier compliance with burgeoning requirements to protect distributed information (in all formats) and ensure business continuity.

The scope, strengths, and weaknesses of the various categories of online backup and recovery service provider should be evaluated in the context of the current and forward-looking requirements of corporate customers. Requirements range from full system (versus data only) backup and restore to comprehensive business continuity best practices and support. Understanding these strengths and weaknesses can help businesses clarify their server protection requirements and better align their selection criteria and focus with their business goals.

Unlike workstations and laptops, servers:

• Are usually left running, rather than frequently powered on and off, and are not mobile
• Require broader bandwidth requirements due to the volume of the data to be protected
• Store a wide variety of data types of varying importance and recovery or retention requirements

Category 1: Service Providers Leveraging Investments In Core Business Resources These service providers includes companies whose entry into online backup and recovery is driven by a desire to leverage pre-existing investments in core business resources. These include 1) business continuity and disaster recovery and 2) telecommunications vendors.

Category 2: Niche Developers and Service Providers Service providers in this category concentrate on niche solutions and market opportunities. These include:
1) “Point solution” backup and recovery services using their own software exclusively for backup and recovery and
2) Providers who use other vendors’ specialized solutions to address niche markets in specific verticals, company size, or geographic regions.

Category 3: Broader Spectrum Service Providers Like the point solution and licensed software developers, these service providers own and maintain their own software. Most obtained their backup and recovery technology through the acquisition of the original software developer, but the important point is they continue to invest in its maintenance and extension. These service providers typically offer most of the essential features for server backup and recovery.  Backup and recovery is offered as part of a broader spectrum of information management and data protection services

It is important to recognize the different categories of online backup and recovery service providers. Recognizing the basic differences in their business drivers and focus, potential resources, and core competencies is key when it comes to assessing their capabilities.  By understanding these larger business criteria, businesses can better focus and align their business goals with the right partner when it comes to online backup and recovery.

You should be able to compare the various providers against their ability to address your requirements for server backup and recovery functionality, administration and support.

We believe that that choosing a cloud storage vendor is an important decision.  Contact us to learn how we may be able to help you.

We would love to hear your thoughts. Please comment below!

Today most companies are facing challenges when it comes to protecting their data.  There’s more of it.  And protecting the data properly is more important than ever.  But there are also more choices.  How do you decide what is right for you? Start by understanding what your data protection strategy should be.

Your business relies on its data. There’s more of it than ever, but more important, its value keeps multiplying. Companies are putting their information to work in new ways as they connect systems, transform business processes, and extend their relationships over the Internet with customers, partners and suppliers. Unfortunately, the risks from data loss or exposure have grown, too. The always-on world of e-commerce and companies’ increasingly distributed and mobile workforces have made data more vulnerable. Moreover, senior executives have to worry about maintaining regulatory compliance while mitigating the risk of litigation.

Do You Have A Data Protection Strategy? How can you ensure that your company is embracing the right combination of technologies and processes for a complete data protection strategy? Unfortunately, it’s easy to make the wrong choices.  Some companies assume a do-it-yourself approach, which can leave them open to unidentified risks.

An outsourcing partner who provides online disk-based backup can solve a number of the issues that organizations confront when supporting their business continuity, data retention and security requirements. The key advantage is that the data, stored off-site, is protected from unauthorized access and will survive a disaster.

Online backup combines better cost characteristics with superior reliability and world-class security. The great news for smaller businesses and remote offices of larger businesses
is that online disk-based backup services have matured in technology reliability and decreased in cost.  Today, online backup is often less expensive than tape backup alternatives.

Get Ready For Your Annual Data Protection Physical! Companies have different requirements when it comes to their recovery needs, data sensitivity, retention requirements and cost.  And these can evolve and change. Deciding which backup solution, or solutions, to use is just the start of what should be an annual process of testing data protection and recovery strategies to ensure they remain in line with business requirements. A great plan, a great vendor and getting data off-site are a good start, but you need to test the whole process, not only to ensure everyone knows what they are doing but to identify potential gaps in the process that need attention. And as the business changes, your plan needs to change with it to meet any new requirements.  

We would love to hear your thoughts. Please comment below!

Chief Financial Officers typically care about three things when it comes to assessing new investments in IT.  They are:  1) Speed, 2) Focus and 3) Affordability.   I know this first hand! The key is to understand how replacing your current server and/or PC data protection processes with a cloud storage solution would address these three areas of concern.

In today’s economic environment, every spending proposal needs to have solid justification.  Often just speaking about a shift to a “pay-as-you-go” model is enough to get the CFO’s attention.  But the appeal of cloud storage extends beyond its financial benefits.  Here are three key benefits companies are realizing today when adopting cloud storage:

Focus: Companies want to focus on their core competencies, and outsource the rest to experts.  Are you still doing your own payroll?  Using a cloud storage provider allows your IT department to focus on projects that drive the business, such as customer service or e-commerce applications.  And cloud storage providers have the expertise to optimize their operations for better efficiencies.

Speed: How often have you been involved in IT projects that took longer than expected?  Chances are your CFO has felt the same pain.  Quick ROI is everything, and when it comes to competing for funding, decisions are being made about when companies can expect to see valuable returns for their investments.  This theme is a key one driving the adoption of cloud computing today.

Affordability: In addition to the “pay-as-you-go” model, cloud storage is appealing because it offers flexibility.  As a company you aren’t paying up front, predicting your storage requirements and investing in the hardware and software to support those requirements.  Instead you pay for what you use.  As you scale or reduce your demand.

With capital at a premium, and companies looking for faster returns from their investments, another appeal of cloud storage services is that they typically can be funded from the Operating Expense (OpEx) budget, without sunken Capital Expenditures (“CAPEX”).  This approach allows you to match the cost of the service to the period in which it is consumed.

If you aren’t already outsourcing your data backup and recovery, then its time you took a look at the cloud storage model.  Today’s solutions can provide you and your company with the technical functionality to protect your data better than you can probably do it in-house, with none of the headaches.  The 1-2-3 message of “Focus + Speed + Affordability” is often enough to cause any company to evaluate cloud storage. 

Data Mountain has been providing world-class cloud storage solutions since 2003, through our service partner, Iron Mountain Digital, and we truly understand what it takes to securely protect corporate information in the cloud.  Contact us to learn more if you think we may be able to help you.

We would love to hear your thoughts. Please comment below!

Our November  2010 HIPAA-HITECH eNewsletter has been published.

We continue to feature HIPAA Security Rule and HITECH Act data security updates, including the link to the US Department of Health and Human Services’ “Wall of Shame” – its Data Breach Notification web page.

Attend our Upcoming Complimentary Live Webinars on:

• Are Your Business Associate Agreements HITECH Ready?
• How To Conduct a HIPAA Security Risk Analysis
• How to Revitalize Your HIPAA-HITECH Compliance Program 

Please enjoy our analysis and links to industry articles and white papers that we’ve researched and assembled for you. I’m confident you’ll find a nugget or two among them!

We would love to hear your thoughts. Please comment below!

For some companies, including Marriott, abandoned mines and military bunkers offer a subterranean safe haven from hurricanes and other threats. But there are additional advantages to be realized when it comes to protecting your data underground.

Our service partner, Iron Mountain, is among the oldest and best known providers of underground storage and data center space. Known for storing everything from backup tapes to old movie reels in its repurposed limestone mine in rural Pennsylvania, Iron Mountain has seen its electronic storage and leased data center space business increase significantly.  With 60,000 square feet of available data center space and another 145 acres undeveloped in the facility, Iron Mountain has plenty of room for more.

What is driving an interest in Iron Mountain’s underground and other specialized hardened data centers? Some companies have found that there is a general lack of high-end infrastructure – enterprise-class data center space. Others have very specific requirements to protect them from natural disasters.

Not all hardened data centers are created equal.  While computer systems may be protected in a bunker, critical infrastructure needed during a disaster, such as generators, fuel tanks and air conditioning cooling towers, may be above ground. That could be a problem if the catastrophe you need to worry about is a tornado.

Are you going to pay a premium if you locate your computing resources in such a hardened environment?   IT executives say they’ve driven deals where the total cost of ownership is competitive with above-ground facilities. Because they’re repurposing existing space that the government or a mine operator paid to build, providers say they don’t have to pass on the original construction costs for the structures and can afford to be cost competitive.

Another consideration is that these underground facilities tend to be in rural, out-of-the-way locations. The facilities may be too far away from a company’s primary data center, and finding local lodging for staff in a disaster situation may be difficult. Marriott International wanted a hardened, secure facility in a location that was within a day’s drive from Marriott’s Bethesda, Md., headquarters.  That led them to Iron Mountain’s underground facility in Pennsylvania.

Underground facilities do have a few other advantages. The limestone floors at Iron Mountain’s facility have a virtually unlimited load rating, while the walls maintain a constant temperature of about 55 degrees and act like a heat sink for some of the waste heat that comes off data center equipment. The limestone walls absorb 1.5 BTUs per hour per sq. foot of wall space.

Cool stuff
The green aspect of going underground is what attracted Marriott International. It wanted to move from an outsourced “cold site” disaster recovery service to managing its own hot site backup data center. And it wanted to make sure the facility followed the company’s focus on environmentally friendly best practices.

Last year, the hospitality business completed the build-out of a 9,000 sq. foot remote backup data center at Iron Mountain’s Underground. Although the extreme level of security, including armed guards, exceeded their requirements, the idea of reusing an old mine rather than breaking new ground appealed to Marriott.

Energy efficiency also factored into Marriott’s decision. While Marriott’s data center uses a traditional chiller as its primary cooling system, the backup is a prototype free cooling system. That prototype, designed by Iron Mountain, uses an air-to-air heat exchanger, drawing 55-degree air from the unused space within the mine. Iron Mountain also is experimenting with a system that would pull cool water from an underground lake within the mine.

We would love to hear your thoughts. Please comment below!

Establishing a policy on how long data must be retained sounds easy enough. It isn’t. For starters, not all data is the same.  If you are protecting everything, or are uncertain if data is being protected properly, then it is time to build and implement a data retention policy.

Some companies realize they need a proper data retention policy when they examine their storage costs.  Others realize gaps when they go through a litigation hold.

What happens if your company requires you to retain certain data forever? One company’s IT director related how for several years they had been forbidden to overwrite any data related to e-mail, home directories, financial systems and several other document repositories and systems. Being barred from overwriting backup tapes comes at a cost – they were spending about US$40,000 a month just for new tapes. More costs arose because they were prohibited from overwriting the hard drives of departed employees. At least that cost was alleviated recently with a new initiative to capture images of those hard drives before reassigning them to other employees.  It wasn’t until the IT director spoke to the company’s inside counsel that they created an appropriate retention policy that allowed them to move away from their “protect everything” policy.

Data retention policies are fairly straightforward documents that establish how long information must be kept on hand, unaltered. The problem is that different types of data must be retained for different lengths of time. Most data-retention policies open with a policy statement, followed by a retention schedule that lists every possible type of information that the company could have in its stores and the required retention period. There are also special instructions for archiving and for the ultimate destruction of the data, once the time limit has been exceeded. The policy is also likely to include procedures for retaining information when litigation is under way.

A comprehensive data-retention schedule requires a considerable amount of data-gathering. For example, you need to know the general nature of all data held in servers, in storage, on backup tapes and on individual PCs. That includes both active data — e-mail, chat logs, UNIX system logs, and firewall and VPN logs, for example — and inactive data such as documentation related to sales, service, legal and finance.

Another complication arises from being a global organization.  You need to look across the various markets that you serve and understand relevant data retention and privacy requirements. Some regulations extend to e-mail messages containing price negotiations. The key is to develop a policy to keep employees from deleting data that they think would hurt the company if discovered.

Creating a data retention policy is not easy.  Just identifying the various data custodians can be a challenge. But this shouldn’t be a task that you ignore.  Just like having a good disaster recovery plan, having a data retention policy will pay dividends, both when it comes to finding and presenting the data that you need in a hurry, and through storage cost reductions.    Here is link to a good article that can help you get started.

We would love to hear your thoughts. Please comment below!

Like moths to a porch light, many lawyers are finding the uncertain legal and regulatory terrain of cloud computing to be fertile ground for new legal analysis–and new legal business.  They may have a point.  What should you do to reduce the risks when implementing cloud computing?

Cloud computing, which can be a truly dynamic, multi-party compute environment, challenges laws that assume that electronic assets behave the same as their paper or celluloid brethren—being static, not easily duplicated and stored on the owner’s premises.

The gap between the cloud and the current state of legislation is considerable. Legal experts who have looked at cloud computing from the user’s perspective have identified several issues, including:

1.    The ability of cloud computing service providers to change terms of service with little or no notice to users of the service

2.    The attraction to hackers to “high value” targets.  The breach of Twitter data on the Google infrastructure was a wake-up call.

3.    The possible centralization of user data with a few cloud computing firms

4.    Exposure of data to seizure by foreign government and data subpoenas

5.    The ability to put a litigation hold on your data if data is carried in the “cloud.”

Until these issues are addressed, corporations will hesitate before jumping into cloud computing and cloud storage.  The legal debates that are happening now will hopefully lead to legislation that will make external clouds as safe a choice as leasing office space.  But until then, buyer beware.  

You should evaluate any cloud computing outsourcing relationship based upon the vendor’s track record and its ability to document service levels very specific contracts.  

Our advice is to work with a cloud storage vendor who truly understands your enterprise storage requirements. 

We would love to hear your thoughts. Please comment below!

According to many sources, cloud computing is the most hyped subject in IT today.  The IT analyst firm, Gartner Inc., has been tracking and influencing IT trends for several decades, and has created their “hype cycle” to represent the maturity, adoption and business application of specific technologies.  Think of them as providing guidance to mainstream buyers on what new technologies to adopt and when.  So, where is “cloud storage” on the Gartner hype cycle?

According to Gartner, cloud storage is in the “technology trigger” phase of the hype cycle.  This means that it is a “breakthrough”, “public demonstration”, “product launch” or other event that generates significant press and industry interest.  There is a danger that these hyped technologies can transition to the “trough of disillusionment” – by failing to deliver on expectations. (For more on the Gartner Hype Cycle see this link.)

Gartner doesn’t expect full-scale adoption of cloud storage (by the majority of enterprises) to occur for another five years as the market and vendors address security and latency issues.  And they believe there are too many vendors whose offerings are not yet differentiated.

Are you considering cloud storage, but are unsure of where to apply it in your organization?  Gartner recommends that you take appropriate measures to ensure that the type of data stored in the cloud can withstand latency issues and that security protocols are in place to protect it.

If security is a concern, then you probably want to consider a cloud storage vendor where security is integral to their way of doing business.  Data Mountain and its partner Iron Mountain deliver on the promise of cloud storage for business data through their enterprise Storage-as-a-Service solutions, which are based upon enterprise storage infrastructure and requirements, adding levels of security, scale, control and access not usually found in standard cloud storage offerings.  Today customers protect over 3 millions PCs, 20,000 servers and over 9 billion emails with our solutions.

Want to learn more about Gartner and their hype cycle?  Check out this blog posting.  

We would love to hear your thoughts. Please comment below!

Our October 2010 HIPAA eNewsletter has been published.

We continue to feature HIPAA Security Rule and HITECH Act data security updates, including the link to the US Department of Health and Human Services’ “Wall of Shame” — its Data Breach Notification web page.

Attend our Upcoming Live Webinar on ”How to Conduct a HIPAA Security Risk Analysis“. Register today!

Please enjoy our analysis and  links to industry articles and white papers that we’ve researched and assembled for you. I’m confident you’ll find a nugget or two among them!

We would love to hear your thoughts. Please comment below!

Today everyone is looking to reduce costs, and a company’s IT environment can account for up to 40% of their energy consumption.  Smart IT departments are evaluating their IT environments for ways to reduce their energy requirements.  One obvious way is to not spend money on storage you don’t need.

There is no doubt that today’s data centers are huge energy consumers.  Some studies say that they account for between 1.2 and 2.0 percent of electricity consumed in the United States. It is also a known fact that many of the servers in the data centers run at a low utilization level of only 10% to 15%.

One way to reduce your power consumption is to adopt the cloud-computing model for infrastructure, applications and storage.  For instance, look at business applications that are not critical to your business or those you can’t afford to maintain with a separate IT group in-house – such as CRM apps, HR/HCM, Backup and Restore, Security etc. Instead of running these applications on your data center, you should consider using applications provided by third-party service providers. This, in turn, reduces the number of servers in your data center – which means you have less energy consumption.

Accurately forecasting your storage requirements is difficult.  You may be able to forward predict your data growth and purchase storage hardware on an as-needed basis.  But what if your business is seasonal or growing and you don’t have prior years’ usage patterns to rely on?  This is where cloud storage can help.  Instead of buying and managing hardware in anticipation of future requirements, cloud storage allows you to simply contract for storage “on demand.”

In the past “green IT” was a nice to have.  But in today’s economic environment power consumption costs are very visible and organizations are looking to the benefits of green approaches and expecting quicker ROIs for any incremental investments.

Data Mountain delivers on the promise of cloud storage for business data through its enterprise Storage-as-a-Service solutions.  As the trusted Storage-as-a-Service leader, Data Mountain solutions, utilizing Iron Mountain’s services, are based on enterprise storage infrastructure and requirements, which add levels of security, scale, control and access not found in standard cloud storage.  Contact us to learn how Data Mountain’s PC and server online backup and inactive data archiving services can make stored data actionable, reduces risk, creates efficiencies and controls costs, thereby creating peace of mind.  All with the added benefit of reducing your power consumption requirements and costs.

We would love to hear your thoughts. Please comment below!