My previous blog about Iron Mountain's fire in England generated more reader responses than I expected. Though feedback from Iron Mountain would not have surprised me, many readers had their own experiences with Iron Mountain to share with me -- most of them negative.
What I found most disconcerting about these comments was that these readers were from different geographic parts of the country. While one might expect Iron Mountain to have problems in certain regions of the country, the problems users are having with Iron Mountain seem to be universal, regardless of which part of the country or globe they reside. However, at least one individual came to Iron Mountain's defense and commented that the Iron Mountain facility they had visited in the northeastern U.S. appeared very secure and up to snuff.
On the surface, this individual who had the positive experience is the most congruent with what I read about Iron Mountain on their Web site. Their offerings seem to satisfy the multitude of different ways that users need to store and archive their data, offering a choice of facilities in which to store their data. For basic levels of data protection, their records centers are supposed to offer extensive protection from flood or fire and staffed by highly trained personnel. At the high end, their vault storage services include multiple levels of security, climate-controlled rooms and trucks and gaseous fire suppression services so that records and media are protected without the risk of water damage in the event of a fire.
While I now somewhat question some of these claims, Iron Mountain's recent problems highlight an important point: How a contractor handles one's data does not absolve a corporation or an individual of their responsibility to monitor and manage their data -- regardless of where it resides or who is managing it. While it might be tempting to make Iron Mountain or any other third party a scapegoat in an instance like this, having a second copy of the data at another site or storing the data in a more secure and probably more expensive facility may have prevented any data loss from occurring.
In that vein, here are some options for users to consider as part of sending their data to an offsite facility for data protection.
- Classify your backup data. Not all backed up data needs the same level of protection, so knowing what data you have going offsite will help to establish what level of protection you need and may help justify lowering the level and cost of offsite data protection or raising your current level of data protection.
- Make two copies of the data. With the price per tape cartridge holding steady and their capacities doubling about every two years, making two copies of the data may be financially feasible. This allows users to send one tape cartridge offsite and keep one locally, or send tapes to two different offsite locations, lowering the chances that a disaster at one offsite facility will destroy all of your data.
- Use larger removable disk or tape media for the copies. As new tape formats extend over a TB (and disk drives not far behind), it might make financial and technical sense to put multiple, smaller tape copies onto one larger tape. This may reduce both the number of tape cartridges and the cost of offsite storage.
- Electronically vault the data. Though not an option for everyone, new data deduplication technologies from companies like Avamar and Data Domain open the door for users to massively reduce the amount of data they back up. This reduction in data also opens up the possibility of electronically vaulting data since there is less data to move. It is also possible to use lower cost WAN connections, since less bandwidth is needed. This allows users to avoid the expense and headaches associated with managing tape.
A new era of offsite data protection is well under way, and those who still cling to traditional methods need to re-evaluate their offsite data protection assumptions. With the bang for the buck that these new technologies offer, users are remiss if they fail to explore these alternative methods of protecting their data. With organizations ultimately accountable for their data regardless of the company that they contract to protect it, having two copies of data in two locations should provide users with a higher level of data protection than having one copy in a supposedly safe location that suddenly goes up in flames.
About the author: Jerome M. Wendt is the founder and lead analyst of The Datacenter Infrastructure Group, an independent analyst and consulting firm that helps users evaluate the different storage technologies on the market and make the right storage decision for their organization.