I was working on a blog, when I had a change of heart as to what its focus would be. This was prompted by an email I received that contained the news that an Iron Mountain storage facility in London burned to the ground, destroying the paper records of more than 600 customers. At that point, I started working on this topic instead. I find this news completely amazing, for there is no way something like this should happen to a company in the line of business that Iron Mountain is in.
Unfortunately, watching barns burn to the ground is something I know a little bit about. Growing up a farm in a northern Wisconsin, I had the misfortune of watching my grandparent's barn burn to the ground when I was a young boy. That barn was constructed of old dry timbers and full of dry hay. This facility, according to the report, was a modern six-story building. Now the question I have for Iron Mountain is how does a modern six story building built in 2002 with customer records burn to the ground?
This report also says that this building was equipped with a "fire suppression system." Now what does that mean? Is that another way of saying there was a hose in the janitor's closet? An axe behind a window with the words "Break in case of fire?" And if this really was a modern building, who designed and tested this "fire suppression system?"
Iron Mountain's Melissa Mahoney is quoted as saying that, "Customers keep them (business records) for long-term preservation requirements." If that is true, then how does something as seemingly preventable as a fire burn the building to the ground? Isn't this the exact reason customers store their sensitive data at facilities like Iron Mountain so that this does not happen?
Having worked in minor and major data centers, I know that incidents like this should not reach this magnitude. In fact, if the temperature climbs over 80 degrees in certain places within the data center, alarms are going off all over the place. And, if something like this were to occur in places for which I was responsible, well, I would be writing blog entries for Ditch Diggers 'R Us, not SearchStorage.com.
So, I have a few tips for anyone who is protecting their data long term with a third-party provider:
- First, if the building you are going to send your records to looks like a barn, smells like a barn and burns like a barn, guess what? It's a barn. Users, you need check any vendor's facilities out before you start storing your data long term with them. And, if your data is that unimportant, send it to the shredder because for these 600 plus Iron Mountain customers in London, the results were the same.
- Second, I have heard a few too many horror stories from users who have visited Iron Mountain facilities, making it hard for me to believe that all is well there. I sense something may be terribly wrong with how Iron Mountain is managing their storage facilities. And it's their users and these users' customers who are ultimately going to pay the price for their lack of stewardship.
Now, to be fair to Iron Mountain, I have not done a thorough investigation of this incident, and I hope there is more going on here than first meets the eye. But, companies like Iron Mountain should hold themselves to a higher data protection standard than the rest of us. Because odds are that when they are impacted by a disaster, there are a lot of other businesses storing their data long term with them that will also feel the effects.
About the author: Jerome M. Wendt is the founder and lead analyst of The Datacenter Infrastructure Group, an independent analyst and consulting firm that helps users evaluate the different storage technologies on the market and make the right storage decision for their organization.