FD Insights Issue 4 | Page 51
www.commvault.com
can be managed more effectively in the mid-to-long term as
an on-going operational expense.
For larger organisations, with a high degree of Intellectual
Property to protect, for example, the big issue will continue
to be security around where the data resides. Some data is
highly sensitive and organisations are therefore reluctant to
release it to a third party where it may traverse international
boundaries, even if that provider is able to store and manage more data more cheaply than they can by managing it
themselves.
Data Law Tips
1) For some organisations, having data cross
international boundaries could present challenges
so make sure you know where your data will endup; what’s perfectly legal here may not be in other
jurisdictions.
For smaller organisations, the decision to use a service is
relatively easy. Although there has been a significant uptake
by SMBs for cloud storage because it provides a quick, flexible and (often) lower cost solution, there is a concern that
few check the terms and conditions. This is a mistake that
larger organisations with more complex or specific requirements simply can’t afford to make; they need to have the
ultimate levels of confidence in the platform underpinning
the cloud service. For example, many of the products used
to create a cloud-based solution that you might be prepared
to bet your business on could be open source, freeware or
even products you have discounted as unsuitable yourself.
So while the expertise of the provider may mean everything will run satisfactorily under normal circumstances, it’s
still worth investigating what infrastructure they use. The
good service providers will be open with you. If the terms of
service and SLA’s appear to be exactly what you want, you
could argue that the tools don’t matter but I suggest that
where technology is concerned, the opposite is the case.
2) Data security is only as good as the weakest link
– an open laptop with a stored password could land
you with a fine from the Information Commissioner
whether you use the cloud or not.
Things to ask prospective service providers:
3) Balance – a service provider’s terms may look
defensive but you have to ask – on balance is it
better than what you have now?
2) What vendor certifications do you have and what
is your training policy?
Another critical consideration is the legal minefield associated with Service Provider terms of service. Few in IT
management are also legal experts and complicated legal
jargon and catch-all small-print can present issues should
the worst happen. The truth is that you can be assured the
service provider had legal counsel create the document,
so at the very least you should get it checked by your own
legal expert.
In the past, making the right decision involved working with
a reseller or integrator to get the balance right between
business needs, technical requirements and price; it is now
becoming infinitely more complex. Few resellers can offer
their own ‘pay as you go’ model and are more likely to be
‘cloud brokers’ offering a combination of services which may
mean multiple terms of service – and more legal checking.
In order to take a more holistic approach to storage, backup
and archive, organisations need to be able to compare ‘like
with like’. They need to fully understand what the service
provider is actually offering compared to what they can
deliver for themselves; doing this right generally means the
unpleasantness of properly surveying what you have and
what you’re doing with it. The good news is that many service providers also offer services to help you build a picture
of what’s really going on and what it really costs. While you
might think the results could be loaded in favour of getting
a service, you’d be surprised – they mostly give a clear
direction either way that is hard to fake.
1) Can I see your ISO Certifications (remember to
also check with the certification body)?
3) What happens to my data when the service is
terminated?
In the financial services, legal and retail sectors Intellectual
Property (IP) is a critical factor; here the technical choices of the service provider are arguably more important in
terms of data security. Historically these organisations have
thought it inappropriate for a third party to take responsibility for any IP data but they may well be prepared for less
important data to be managed externally. This attitude is
shifting and more organisations are trusting others with their
crown jewels. However, where only the systems outside the
core find themselves in the cloud, it must be remembered
that data invariably ‘leaks’ from the core IP locations out
into the secondary systems, so if these are considered for a
move to the cloud, security is still just as important.
Clearly one size does not fit all but the diversity and choice
available makes the cloud a very real solution for many
CxO’s and IT Directors. Whether it’s appropriate for all
organisations to take a ‘Cloud First’ approach to data management is another matter again.
© 1999 - 2013 CommVault Systems, Inc. All rights reserved. CommVault, the “CV” logo, Solving Forward, and Simpana are trademarks or registered trademarks of CommVault Systems, Inc. All other third party brands, products, service names, trademarks, or registered service marks are the property of and
used to identify the products or services of their respective owners. All specifications are subject to change without notice.
49 | www.firstdistribution.co.za
�