This article can also be found in the Premium Editorial Download "Storage magazine: CDP 2.0: Finding success with the latest continuous data protection tools."
Download it now to read this article plus other related content.
IT compliance and security: If your vendor isn't clear on the definition of an ediscovery request when you make inquiries about their capabilities to search for and produce items relevant to a litigation event, then it's clear they aren't catering to mature, established businesses. In addition, if a vendor defines compliance audit functions as their level of cooperation after being served with a search warrant, they may not be prepared to service a company grappling with state and federal regulations.
Vendors that can export or migrate data for ediscovery purposes, or provide archiving services that index data for faster and easier searches at a later time, might be a good fit for litigious organizations. Some will have staff that can assist with audit events or offer professional services for ediscovery or compliance readiness.
When it comes to backup SaaS, many companies are reluctant to consider it due to security concerns. As backup SaaS options proliferate and improve, so do security services from many vendors. You should find out how each SaaS vendor you're evaluating secures its data. Do they provide in-flight encryption? Who holds the encryption key? Can you leave the encryption key with them? You may decide to do that or you may choose to have a key that allows some access to various files for your in-house administrator. A few vendors previously focused on security
| have now broadened their portfolios to include backup SaaS offerings, knowing that security is on the minds of anyone deciding to store data outside of their own network or into a cloud. Compare and contrast security options from SaaS vendors and ask if they have any customer references with shops and data backup needs similar to yours. Those are good sources for answers to your security questions.
Then ask what happens if you decide to bring your backup back into your own shop. What if you decide to go with another vendor? Termination fees are used as a deterrent to early cancellation of many services. Most vendors require some notice of cancellation--30 days is typical--and may charge a service fee for early withdrawal. However, that fee may not cover packaging stored data for recovery via a portable disk device. If a rapid-recovery approach like that isn't available, vendors will offer a 30-day grace period for customers to recover data over a WAN link.
Exceeding capacity thresholds may also cost you unexpected fees. With standard PC backup SaaS solutions, it's difficult to exceed the plan because the size of the PC hard drive will determine the limits. More mature backup SaaS providers offer various capacity-based plans, sometimes with a higher rate for capacity that exceeds the basic plan. For organizations pooling capacity from many systems or protecting application servers where capacity growth is a definite, planned usage may be exceeded. Organizations should work through their capacity growth scenarios with backup SaaS providers and choose a plan that will fit their needs for the term of the agreement.
These are just a few of the details that could trip up a company seeking a SaaS model for backup and recovery. Make sure your service agreement exposes these and find out which ones might be applicable to your organization. That way, you can factor them into your budget and SLA agreements to avoid surprises later on. There are plenty of good reasons to opt for backup SaaS, but numerous questions must be asked before green lighting the project.
This was first published in October 2008