Five years ago, Forrester Research came out with a survey, which concluded that small businesses managed their data poorly. A number of reasons for poor data management were given, but the two that stood out most were that data management was not a priority in small companies and that small companies also lacked the staff to take care of tasks like data management on a regular basis. Five years later, that picture hasn’t changed much, and for many surveying firms, which are smaller in size, managing their data remains a constant challenge.
Unfortunately, falling behind in managing your data, or even losing track of it, can expose firms to liabilities when client data is lost, misplaced or inadvertently shared. Poor data management practices also slow down work in the field and in the office when data that needs to be referenced or researched is not immediately accessible.
Struggling to stay on top of their data, small firms historically have tackled data management by appointing an office manager or even a junior engineer to take care of computer backups and the filing of data between doing other tasks that are more directly related to the firm’s core business. Of course, when the jobs pile up and there is an abundance of field work to be done, it is hard to keep up with more peripheral tasks like nightly and weekly backups of data.
If your firm is in this kind of data management struggle, how do you get out of it?
In a January 2015, survey of 930 IT professionals, RightScale, a provider of cloud services, reported that 88 percent of respondents said they were using public cloud services. In 2015 research performed by TechTarget, more than half of survey respondents said they were using public cloud for data storage. Clearly, public cloud services such as Amazon AWS, Google Cloud Platform, Microsoft Azure and others are gaining a foothold with companies — and storing and managing data is a major reason why.
Just what is the business value proposition of moving your data outside of your company and into a public cloud service?
For starters, someone else is storing and managing your data, so you and your staff no longer have to worry about the pain of doing nightly or weekly backups, or checking to see if critical files that staff needs access to are available.
You can also save money. For smaller firms in particular, if you don’t have to pay for a separate data center room where you have to keep the environmentals like humidity and temperatures in specific ranges so that all of the hardware, software, network routers and cabling that you purchase can optimally function, you achieve savings in IT costs and in facility expenses. It seems like a slam dunk to just give these headaches to your new public cloud services provider — plus you don’t have any more major cash outlays for computing equipment. You just pay a monthly subscription fee for services and if you suddenly find that you temporarily need a little bit more storage than usual, you can pay the service provider “on demand” for these resources and get charged only for what you actually use.
Finally, you can redirect staff from doing office maintenance chores like backing up data and instead get them out in the field where you can charge more billable hours.
When viewed from these perspectives, moving your data (and the management of that data) to a public cloud sounds too good to be true — and it might be. Why? Because moving your data to a public cloud only succeeds as sound data management if a firm doesn’t cede all of its data management responsibilities to its public cloud provider!
- The fundamentals of sound data management are:
- The data is secure for your company and for your clients.
- There is no risk of data or service loss.
The data that you use each day is readily accessible, while the data which is seldom used is safely and securely stored on low-cost storage media (e.g. cheaper hard disk, or even tape).
Can you necessarily trust a third party public cloud service provider to meet these goals?
Major public cloud providers continue to have problems with outages, so firms that rely solely on data that is in a public cloud can be at risk for going offline.
Secondly, if a cloud provider goes offline, the data under management at the cloud provider (depending on what the problem is) might be at risk. For instance, if there is a serious outage at the cloud provider’s data center, what kind of a data backup and failover plan does it have and how quickly can it restore the data so you can work again?
The bottom line is, making a decision to outsource your data to an outside vendor like a cloud service does not mean that you can remove data management from your to-do list. Your clients are expecting you to be responsible for their data, and the ability of your firm to function depends upon the availability of the data, so data management is still a vital function that must stay within your firm.
Those companies enjoying the greatest success with a public cloud data management strategy have found a way to combine in-house data management with the data management advantages that the cloud offers. Here are is how they are doing it:
1. The public cloud provider should have its most recent IT security and financial audits available.
By asking a prospective cloud provider for its latest audits, you can review its data security findings from its auditor and also its financial standing. The audit most widely in use today is the SSAE-16 audit (Statement on Standards for Attestation Engagements). It contains both IT security and corporate financial data. This will tell you a lot about the vendor’s financial stability and also about the quality of the security it provides for the data that it manages.
2. The cloud provider should own its own data center.
Many cloud providers lease data center facilities from a third party and don’t own their own data centers. Ideally, you want to find a cloud provider that has end-to-end control over not only the management of your data, but over the facility where the data is kept. When a third party owns the facility and a disaster strikes the facility, you have no direct contractual relationship with that third party. From both a liability and an accountability perspective, this places you and your clients at a disadvantage.
3. The cloud provider should have SLAs.
SLAs, or service level agreements, are levels of performance that the cloud provider warrants. For example, it might have a mean time to recovery (MTTR) of 24 hours in the case of a disaster. Or, if you have a phone call or email into the cloud provider, it might have a guaranteed reply to your communication within a two-hour window. It’s important to note that as part of their boilerplate contracts, many cloud providers do not guarantee any SLAs. If you are considering a cloud provider whose basic contract does not contain SLAs, you should write your own set of SLAs that you and your vendor negotiate and attach it as an addendum to the contract. Maximally, disaster recovery and failover time should not exceed 48 hours, with a 24-hour window being the preferred option. Time to response for a phone call or a question should maximally be four hours and preferably two hours.
4. Know who has your data.
Your clients have entrusted their data to you and your firm also has an interest in keeping its data secure. If you are sharing a public cloud service with many other companies, you are also sharing computer processing and storage resources. The cloud provider should be able to assure that your data will be segregated from the data of others and that in no circumstances will it be shared. If this is not stated in the standard contract offered the cloud provider, add it.
5. Keep your “everyday” data onsite.
The best strategy is to maintain your “working data” (i.e., the data you use day-in and day-out) onsite. This will allow you to keep working as part of your own disaster recovery strategy in the event that your cloud provider has a service interruption. This working data should be kept current and synchronized daily with the cloud provider’s data, because if for some reason your own data fails, you can always failover to the cloud provider’s data and keep working.
6. Consider a software as a service cloud provider.
Software as a service (SaaS) means that the cloud provider offers more than just a data storage resource. It also has on-staff experts in data management who can assist you in developing a sound data management strategy that systematically archives your old data, keeps your new data up front and active, and finds a way to do all of these things securely and economically. If you opt for a SaaS service, you should plan to meet with your cloud provider at a least annually to review your data management strategy to ensure that it stays current.