3 Points Regarding Online Data Storage

Evidence

The evidence that I see for for businesses primarily using online data storage (versus onsite data storage) is the already uprising trend of using data storage providers for backup data combined with the increasing complexity of data regulations and security of sensitive data (social security numbers, credit card numbers, etc.).  It’s just a matter of time before companies begin to outsource the storage of all their data and not just their backup data.

New Opportunities for IT Technicians

There could potentially be several new opportunities for computer professionals.  The data storage technicians would need to be well-versed in data regulations and security in order to provide secure, compliant storage solutions.  The storage provider would need to have staff that fully understand a company’s needs and can assure that access to data would never be compromised.  The technicians would need to ensure that stored data maintains its integrity and has a reasonably low probabilty of outside breach.

Skills

The skills required for data storage technicians will involve:

Gaining a knowledge of the data storage, retrieval, and destruction requirements that each regulation entails;

Deploying appropriate technical solutions to meet the above requirements;

Learning and remaining current on network security;

Ability to follow an incident response plan when necessary;

Communication skills adequate to deal with representatives from many companies.

Storage Outsourcing on the Rise

The ComputerWorld article “Storage Outsourcing on the Rise” dated January 23, 2007 discusses company use of storage providers for their backup data.  The article states that one-third of financial service companies outsource their day-to-day backup activities.   While the article is primarily about backup data, I believe that companies will be enticed to allow their data to be stored and managed by storage providers for the reasons discussed in my last blog entry.  To reiterate, the largest reason is regulatory compliance.

It may take five years or more, but I envision this transition taking place.  By outsourcing their data storage and maintenance, companies are relieving themselves of the bulk of regulatory compliance, security issues, and the day-to-day idiosyncrasies of managing data.  This will drastically change the methodology used by information systems (IS) auditors when conducting compliance audits of HIPAA, FERPA, GLBA, Sarbanes-Oxley, PCI, etc., or information security audits.  The IS auditor will need to know the points of entry and exit for the data as it leaves the company network and becomese part of the storage provider’s network.  Audits of this nature will also involve a third-party provider audit of the data storage provider.

Data Storage and Compliance Regulations

One large reason that I see big companies transitioning the storage of their data from local area networks to online data storage providers is regulation compliance.  Stored data, regardless of the storage location, is subject legal, regulatory, and business requirements for its storage, retrieval, and deletion.  Document retention requirements abound and there can be harsh repercussions for a company that does not comply with this or the myriad of other requirements.  Laws such as HIPAA (Health Insurance Portability and AccountabilityAct), FERPA (Family Education Rights and Privacy Act), and GLBA (Gramm-Leach Bliley Act) are just a few of the major data regulations that plague businesses.

One solution is to outsource the storage and maintenance of company data.  This elevates use of online storage providers from that of backup and recovery to storage of mainstream production data.  The company benefits by passing the liabilty for regulatory compliance to the storage provider, at least in part.  The company will still need to provide due diligence in selecting a provider and ensuring that they provide top of the line compliance with all of the regulation surrounding data.  The company will also need to audit the provider on a regular basis to ensure that compliance continues and there are no data breaches or other reasons for concern.

Online Data Storage

Online data storage has become well-known and widespread.  Most people are familiar with the term.  It seems that to-date, most online data storage is used by household users and small business users.  Furthermore, the online data storage is used primarily as a data backup method.  This means that users have the data on their desktop or server, but send a backup copy to the online data storage in case something happens to their working data.  In this manner, online data storage is excellent as it provides an off-site storage facility for the data.  This is a requirement for solid business continuity plans and disaster recovery plans.

There are data storage providers that market to corporations also.  My prediction is that corporations will move towards using an online data storage provider for most, if not all, of their data.  Many may be currently using it as a backup storage facility, as discussed above, but I see a need for using it for working data (commonly called production data).

My prediction is basically about outsourcing data storage entirely.  Why do this?  One big reason is to reduce the corporation’s liability if data is mishandled.  Everyday there is a new article about a major corporation, university, or government entity that suffers a data breach.  Controling the inflows and outflows of data in all of it’s forms and methods has simply become too cumbersome for the average company to get a handle on.  Outsourcing the data storage would effectively transfer the liability of data breaches to the outsourcing company, the data storage provider.

Trends and Predictions

This is the first post to my segment on trends and predictions in the realm of technology.  These predictions will be compiled from my thoughts based on research and experience.  My goal is to identify the direction that technogical trends are heading towards.  Hopefully this will develop a list of technologies worth keeping an eye on and help to be prepared for what the future holds.  Especially when it comes to information security, the most powerful defense is knowledge and information!