I recently discussed the importance of letting your business requirements lead the strategy for your managed data storage in part I of this post, using use cases and workloads to illustrate how you can efficiently benefit from SAN and NAS storage. Now that we’ve reviewed the basics of developing your solution and touched on the importance of performance, we can address other critical considerations that are often complex, but necessary: data availability, backups, security and compliance.
These considerations will help you make an informed decision about what features you absolutely need and who will best serve as your managed storage provider.
1. Data Availability
As the phrase implies, data availability is a term used to describe the process of ensuring that data is available to end users and applications when and where they need access—whether you’re working at your desk or on your iPad in an international client meeting. You’ll typically find some promise of availability within your service level agreement (SLA), but this is something to bring up sooner than later when talking to potential providers. Data availability seems simple, but nowadays IT providers must juggle a number of vulnerabilities, some of which are out of their control.
There’s a multitude of reasons why data would become unavailable. Denying access to information as a form of a cyberattack, also known as DDoS attacks, denies users access to their resources, and has recently become a common incident. According to one report by Cisco, the average size DDoS attack is approaching 1 Gbps, which is enough to take most organizations offline. The number of attacks are becoming more frequent and are projected to increase to 17 million by 2020. Other factors that contribute to data availability include power outages from natural disasters or loss of internet connectivity at the data center in which your data resides.
The key to maintaining data availability lies in your providers’ ability to put the proper security and resiliency measures in place and help you develop a data backup plan so you’re covered no matter what happens.
2. Data Backup
It’s not enough to simply store your data. You must plan for the unexpected and make sure you retain several versions of that information no matter what happens—whether there’s data corruption from a cyber-attack, data loss from a migration, a sudden outage that lasts days, or just simple human error.
Data backups should include system level backups for critical systems as well as file level backups. Retention period as well as frequency of backups should be considered against the criticality of what you are backing up as well as the security of those backed up files. Archiving data that is less frequently accessed is a great strategy for reducing the size of what gets backed up daily, and Network Attached storage (NAS) is ideal solution for archiving, offering reliable access to your data, while lowering your data storage costs. Since you don’t need constant data retrieval, you don’t have to worry about paying for performance. NAS is like a traditional hard disk, only more sophisticated, offering higher levels of data protection. When you’re developing your strategy for backup and disaster recovery, coordinate the automation, level, and frequency of your backups with your provider. Multi-site backup is a preventative measure that suits every business, so don’t overlook this need—having an offsite location ready to restore your systems and critical data to your primary location will significantly reduce downtime.
3. Data Security
No matter the type(s) of storage you choose, you should ensure that your data is safeguarded. Think about the data you’ve created, accessed, and sent this past week. Would you voluntarily provide this information to anyone outside of your organization? You’ll want to note both the physical/environmental security measures of your storage, as well as the technologies that are integrated in the data storage process—i.e. firewalls and encryption.
Data security relies heavily upon robust encryption. That said, it’s recommended to follow FIPS 140-2, the recognized standard for encryption levels. Depending on the provider and their technology, you may have built-in storage encryption, and be able to choose from several managed security services to maximize security across your infrastructure. One feature you’ll want to look in particular is enterprise key management, a solution that creates consistency between systems, designates access control, and reduces the need for you to train users, while ensuring the encryption keys needed to store and retrieve your data are looked after properly.
Good security can help you be compliant, but it’s also a best practice for all business data, not just what’s labeled legally as sensitive data, like medical records and credit card account holder information. Early on in your data storage process, you will want to classify your data and document it for future data growth.
Data storage and management is heavily regulated—from HIPAA and PCI DSS to HITRUST and FISMA —and the responsibility to comply is shared by you and your provider. In today’s volatile digital landscape, you should familiarize yourself with risk management and how compliance fits in with every aspect of your business, data storage and management included. For instance, you should know that adopting the NIST Cybersecurity Framework, drafted by the Commerce Department’s National Institute of Standards and Technology, is voluntary. However, it offers major security advantages that help you remain secure, compliant and ahead of your competition. Once you’ve identified the technology you need to implement a secure data storage solution, you must perfect the processes and documentation that that are required for your compliance needs.
“Detailed information showing what you have done, what you still need to do and where you may have problems, will demonstrate the level of commitment you have to secure sensitive data,” says OnRamp Founder, Chad Kissinger.
Your data storage provider should provide physical evidence and documentation at every level. For example, with secure key management, there are centralized reports for compliance purposes, which would be used in the case of an audit.
Choosing the Right Managed Data Provider
Choosing the right data storage provider comes down to who offers you the most expertise, backed by the technology you need for your workloads. Here are a few questions to ask during the selection process:
- What type of customers already use your managed data storage? Are there others in my particular industry that might have similar requirements?
- What type of features do you currently offer for each type of storage? Are you working on any additional features that I should know about?
- What type of certifications does your organization hold? Do your employees have specialized certifications and training, too?
- What type of compliance and security documentation do you provide? Have you ever been a part of an audit? In what way can you assist me if I am audited?
- What managed security services do you offer and which ones do you recommend for my particular needs?
- What type of physical security measures do you take to secure the storage environment?
Chad Brooks, a technology writer for Business News Daily, offers his insights: “Established service-level agreement (SLA) terms and execution are integral not only to establishing how a customer’s data will be processed and hosted but also to setting a transparent level of service the customer can expect.”
We wholeheartedly agree that setting expectations is an important part of building trust with a new storage service provider.
Hopefully you have gained some insights into what types of storage (SAN and NAS) are available on the market today, what they are best suited for—whether it’s NAS for archival storage and backup, or high performance SAN that meets your compliance standards—and how you can best implement your ideal managed storage solution.
At OnRamp, we partner with leading providers like NetApp SolidFire, HP and EMC to customize, implement, and maintain secure, compliant storage solutions that can easily be scaled as your business needs change. We also offer managed security services that compliment your storage solution to maximize your data security. To learn more, contact our storage specialists, or read more on our site.