With companies cutting back on capital expenses and massive layoffs being made, online data backup storage services are being taken more seriously. Like any storage solution, there are key questions that need to be answered by any potential online backup service provider so you understand the risks involved. Here's a list of questions to ask a potential online data backup provider.
- What protection exists for my data once it is in the backup service's hands? Your data may now be stored elsewhere for safekeeping, but can you report back to your compliance officers/auditors that this new place is secure with no liability risks?
- How can I provide an audit trail to compliance officers, and when it is time for the data to be expired, is it gone from every location? Proving data exists is the easy part. Proving it has been effectively removed from every possible location is more difficult, and it's one of the holes in many court cases. Before someone else manages your data, find out how they can prove it is gone when it hits your corporate policy's end-of-life point.
- What are the steps I need to take to recreate my data at another location in the event of a disaster that renders my single data centers servers and storage unusable? Backups are meaningless, restores mean everything. Before anybody helps you with backups, make sure they can deliver the restore in every example you can come up with.
- Are you
- compressing and deduplicating my data to keep my cost-per-megabyte of storage down? If your online backup service is charging you for storage usage, backs up 50 GB of your data, but is then compressing it and deduping it down to 5 GB, are you paying for 50 GB or 5 GB? Some services charge you by the amount of data they pull from, and send back to your site. In this case, you should figure out how to reduce the data being backed up so you aren't paying more because 50 copies of the same file keep getting backed up.
- Do I have service-level agreement (SLA) options available to me that can lower my cost-per-megabyte of storage? We all know different tiers of storage come with different price tags. Is this new tertiary storage provider putting your data on fast-spinning Fibre Channel disk behind a cache-heavy controller? If my price was the same no matter what tier of storage my data was on, I'd demand it all stay on the fastest tier so restores come back faster. You would like your provider to offer different SLA options at different prices.
- How can I be sure my company's data is not being backed up to the same cartridge as my competitor's information? I have been involved in hosting deals where the demand of a potential data hosting client was that the hosting company could not store their data on the same disk or tape as their competitors. The guarantees that the data could and would never end up getting mixed fell on deaf ears, and if the service provider wanted the business, they needed to sign an agreement. Does your provider have the sophistication to meet such rigorous demands by your business' decision makers?
- What sort of data format conversion do you do? Your applications are going to change over time. If your business-retention policies demand data can never be destroyed or you need to keep it for 10 years or more, how are you going to get your data back if it was written in an older application or format that is no longer standard?
- What happens if my data does not come back? There is no magical backup environment that exists without its unique set of problems. Online backup services have technology and human errors just like your environment. Can something go wrong that keeps you from getting all or some of your data back? Sure, it can, and don't let anybody tell you that it's impossible. What you need to know is who will be held accountable. In the event of a legal action that requires older data to be produced, if your online provider cannot produce it and your company gets fined, is your provider responsible for the fine? This is something you should know.
- How do I change online backup service providers? If you want to switch your service to another online business and still need your older data, how do you cut bait with one and go to another? Make sure you know your exit strategy in the event you find a better service sometime down the road.
- What sort of secure media destruction is practiced? This is a big concern. Let's say a disk in your online backup service provider's array that holds some of your company's data fails and the service technician for your provider's environment comes and swaps out the disk for a new one, then leaves with the broken one. Broken disk or not, your data is now out of the hands of your backup provider and where it ends up, who knows? If the backup provider backs up to tape, then after a certain period of time retires the media and sells it back to their media vendor to be refurbished and resold, your company's data may very well end up in the hands of someone else.
This was first published in March 2009