- What is the pricing model you’re agreeing to?
Consumption based economics is the concept of paying only for what you use, and is commonly touted as one of the big advantages of the cloud. Unfortunately, many cloud storage and archiving vendors deviate from this and use complex pricing models, layering concepts such as paying for storage volume, user counts, user licensing, various modules, and sometimes even connectors for different data repositories that they support. Ultimately, solutions like these make it extremely difficult to figure out pricing, which results in higher expenses, and an inability to accurately budget for the future. If you’re storing data in the cloud, you should choose a solution with a transparent pay-as-you-go model where you pay only for what you use and it’s all-encompassed in a convenient subscription that you can fund through an operating budget.
- What type of tenancy model does your provider use?
In the cloud, you should know how your data is provisioned. Most SaaS companies build their solutions around a multi-tenancy approach, which means that you're deployed onto shared resources. There's still data segregation but it's not an ideal level. When it comes to storing corporate data in the cloud, you probably don't want co-mingling of your data as it can be a security or compliance issue. You also don't want noisy neighbors; for example, if you're in this multi-tenancy situation and you're archiving, if another customer comes in with a large volume of data that needs to be indexed for eDiscovery, that's going to consume resources in the multi-tenancy model and that will have a noticeable performance degradation on you and other customers. While it’s much cheaper for a vendor to jam as many customers onto the same resources, if you’re a customer, you should give strong preference to solutions that offer a single-tenant model due to the increased security and dedicated bandwidth.
- What are your options for data protection?
Before storing data in the cloud, you should ensure that your vendor provides options for storage redundancy. For instance, in Azure there are different levels of redundancy; at minimum there are three synchronous copies of your storage and one data center but you can enhance this to be three synchronous copies across two data centers and you can even go to additional levels where you have three copies in the secondary data center (six copies in total).
Another aspect of data protection is data recovery. The cloud is great for archiving and backup use-cases and it's even better when your archive can serve as a backup that you can easily recover from. Unfortunately, some cloud vendors don’t allow you to easily leverage your archive for data recovery scenarios, penalizing you for egress data, which can add up in a data recovery scenario. A cost-benefit analysis can help you determine which solution best fits your needs from a data protection and price standpoint.
- Does it enable Search?
The highly elastic nature of the cloud makes it a great platform for search. In fact, the search capabilities within on-premise archiving products are often their downfall because they don't scale, they're expensive, and they don't properly handle the permissions problem. These challenges are easily mitigated with the cloud. Another upside of the cloud is that it’s not a capital investment, but rather an operational expense. Before storing data in the cloud, make sure that you’re able to perform search, and even further, scoped search, where you can target content in response to discovery. When looking at a search feature, it’s beneficial that the permissions are synchronized efficiently into the search index so that end-users, and custodian searches can be performed.
- How will it support eDiscovery?
If your organization experiences litigation events, then you’ll want to make sure that the cloud solution you’re using supports eDiscovery. Ideally the solution should be intuitive and usable, but it should not be cost prohibitive. Some solutions can become rather expensive if they make you pay to pull data out of the cloud, so before storing or archiving your data in the cloud, make sure you understand the pricing model so you can predict and anticipate your potential eDiscovery costs. Gateway solutions such as Google Nearline and Amazon Glacier may not have the eDiscovery support your organization requires.
- Is there support for Cool Storage?
While many organizations have an occasional need for eDiscovery and search, many don’t require these capabilities 24/7. Cool storage allows companies to scale their infrastructure and move data between tiers thus optimizing storage costs. Many companies are looking for a very low cost way to preserve data for compliance, while giving them the ability to perform searches as needed. Another important factor to consider in the cloud is the SLA for cool storage access time. Cool storage with the cloud is a great way to park a whole bunch of data for cheap but you need to be aware of the time it takes to move data to a hotter tier and access it when needed.
- Will it meet your compliance requirements?
Compliance can be a major hurdle for many organizations looking to adopt the cloud, but meeting compliance requirements can be achieved with the right cloud and solution. Before storing data in the cloud, make sure that your compliance requirements can be met, whether it’s PII detection, the ability to tag certain data types, or enabling DLP measures. It’s also good to know where and how your data is stored and your cloud provider should be able and willing to tell you those things up front. It’s good to look for solutions that allow you to store your data in different data centers across different regions or areas of the world, while still providing a federated view, federated management, federated eDiscovery, and federated compliance over the data.
- Does it achieve an acceptable level of security?
A lot of cloud vendors and solutions like to tout their encryption features, which is all good, but as we know, there’s a lot more to a good security strategy than just encryption. An in-depth, layered security strategy is necessary to protect an organization’s data in the cloud. As was mentioned previously, DLP policies, PII detection, and blocking end-user retrieval of tagged data provides some layers of security. Another layer that needs to be addressed before storing data in the cloud is the authorization layer. How is the system going to identify users? How is it going to authenticate users? How are they going to log in? The last thing you want is to be relying on a home-grown unproven identity system; you want to instead look for an industry standard identity provider. The obvious system that comes to mind is Azure AD because most people already have an account so they are able to log in using a very familiar set of credentials and they can trust that the authentication is strong and can be trusted. Once users are authenticated, then an authorization layer can determine who can do what, and who can access what. It’s good to know what your security needs are and how they will be addressed before storing data in the cloud.
- Will your end-users have access?
Historically cloud archiving and storage has had poor user experience, but there’s an opportunity with the cloud to deliver a much more modern and convenient approach for users. When moving data into the cloud, some organizations discover that the end user access rights are not synchronized when they move the data. If they’re not synchronized, it can be an extremely manual project to redo permissions in the cloud. Before storing data in the cloud you want to ensure that there’s full fidelity synchronization of all permissions. Any access changes should be reflected within a reasonable time frame so employees can be productive, while also protecting data that should not be accessed.
- Are you locked in?
Before storing data in the cloud, you should think ahead and consider what will happen if/when you need to get your data back out of the cloud. There should be an easy out. Whether you’re moving your data to another cloud repository or pulling data out for other reasons, it should be easy to get out and you should always own and control your data regardless of the repository. Make sure you watch out for lock-in both in technical and contractual aspects. When you take data out of a cloud repository, it should not be in some proprietary format; it should come back in the exact same way that it went in. Look out for term commitments to avoid penalties. Ideally most companies want the ability to point to the cloud, pull out all data, and put it all back the way it was before the cloud was used. If you can find a vendor who offers an easy out, you can rest easy knowing you won’t be stuck in some nightmare migration scenario down the road.
If you’re interested in reducing your storage costs, while ensuring compliance and security, please
to discuss your archiving, storage, and/or cloud strategy.