Data storage continues to be a major consideration for businesses. With regulations covering diverse aspects such as retention periods and sovereignty, the question of where best to store data is multi-faceted.
Failing to retain data for the required time may bring a company into conflict with HMRC or the regulatory body for a particular sector. For professional services businesses such as legal firms this is The Law Society; for a financial sector business it is the FSA, both of which have the power to suspend the activities of a regulated firm.
Traditionally, the question of where to store data could have been more accurately framed as “on what media should I store data?” This was essentially about the relative merits of hard disk, tape or optical storage technologies such as data CD storage. However, over the last decade, the increasing development of online, cloud-based computing services and the flexibility of computing using mobile devices have changed the debate.
In this guide we discuss the options to identify the best data storage choices for businesses.
Download this White Paper
1. Offline or Online?
The Issues
Common to both the cloud and private business networks is the ability to share a single, centrally located data source across connected users and devices. One of the main advantages of this is to ensure that all users are accessing the latest version with the most up-to-date information. Whether it’s a spread sheet of contact data or a database file of CRM data, each user has access to the current version of the information.
The ubiquitous nature of internet connectivity and the proliferation of mobile devices mean it is possible to work with cloud data sources and applications while on the move or in locations remote from an office or base.
The use of cloud services unauthorised by the business also present a security risk. Rogue employees, using third-party services, such as ‘gotomyPC’ and sometimes referred to as ‘shadow IT’, poses risks from business data being put in the cloud in an uncontrolled way.
Quite often, users have the ability to take the data offline – that is to create a local copy on a computing or a removable storage device such as a USB stick. Quite often the motive is to be able to work with the data without network connectivity.
However, the risks of taking data offline are well documented. The loss of computing or storage devices with highly confidential data such as security intelligence, witness and victim evidence for legal proceedings, or plain old business IP have all been highly publicised and resulted in reputational damage.
Best Advice
As a rule a good data management policy should strive to avoid data being taken offline. If it absolutely has to be taken offline, then encrypt the data on the end user device. Consider configuring the device to automatically destroy data if incorrect passwords or decryption is attempted.
2. Where is the server?
For servers in office environments, a good standard of physical security is supported by 24/7 access control. It is preferable that this is monitored with verification of any physical access events provided by a suitable real-time technology like CCTV. Consider the benefits of encryption to provide another security layer should unauthorised data access take place.
A good dedicated data centre facility should have physical security standards rated to ISO27001. This means the facility has deployed physical security in line with accepted industry best practice.
Best Advice
Servers may be in an office server room or for a bigger business, a data centre. They may also be located at a remote location such as a head office or in a commercial third-party data centre along with thousands of others.
The question here is one of physical security. In an open plan office where a Small Business Server is tucked in a cupboard or just out in the open, data is vulnerable because there is no physical protection to prevent damage or theft. A locked server room or data centre in an office provides a minimum level of access control, but whether that is enough depends on how sensitive your data is and how much risk can be tolerated.
The Issues
3. Where is the data centre?
The Issues
Some businesses may use remote data centres to store server data. This could be replicating on-premise server data for the purposes of backup and Disaster Recovery (DR); or it could be the business uses a hosted desktop solution, where file data as well as virtual desktop processes are concentrated.
The use of discrete web applications for specific business processes is also likely to place company information on remote data centre servers. Whatever the specific of any service or solution, in all cases the issue is the geographical location of the data centres and which country (or countries) laws govern the data?
Data sovereignty is a barrier that has prevented some businesses from fully exploiting the benefits of cloud computing. In particular the question marks over which laws apply to data held in offshore locations have proved problematical.
The Safe Harbour agreement lets American companies use a single standard for consumer privacy and data storage in both the US and Europe. However, recent legal challenges have brought the validity of Safe Harbour into question. In particular, US registered companies storing European customer data in European facilities may have to surrender the data to the US authorities if so requested, and the European Court of Justice has ruled this is invalid and that individual EU nations should set their own rules.
Best Advice
For UK companies the best policy is to use UK registered companies as service providers with information storage policies that restrict data to UK-only data centres. Private cloud solutions ensure a company’s data remains under its direct control while releasing the operational benefits of the cloud to the business.
Private clouds operated by the service provider may be multi-tenanted, with the resource shared between different businesses without compromising the data security of individual companies. While this releases some economy of scale, it cannot match the financial advantages of large shared public cloud infrastructure. As in so many other spheres, the trade-off is one of cost versus risk.
Summary
Best Advice for Service Sector Businesses
When it comes to the issues of online and offline storage the best advice seems to be:
- Prevent working practices that require offline data
- Ensure servers, whether on-premise or remote, are physically protected
- Consider encrypting server data or any data that needs to be taken offline
- Store data exclusively in UK data centres
- Utilise private cloud solutions to obtain many operational benefits while training 100% control of data
- Identify and work with an expert cloud service provider to ensure any solution meets the needs of the business
Why is HTL Support a preferred technology supplier to the service sector?
HTL Support is a specialist provider of cloud technology solutions to the service sector. HTL Support has the expertise and experience to help finance, recruitment, legal, travel, and software firms to meet their regulatory obligations or follow guidelines on the use of technology. It is our confirmed belief the cloud offers outstanding opportunities for service sector firms to leverage technology so it returns more value to their businesses. Private cloud solutions enable businesses to enjoy operational benefits of the cloud computing architecture while retaining 100% control of data and meet regulatory guidance.
HTL Support works with in-house compliance experts or external consultants to ensure any solution exceeds interpretation of the applicable regulatory codes. HTL Support is able to provide the appropriate level of services required by the majority of finance, recruitment, legal, travel, and software businesses.
About HTL Support
HTL Support is a close knit and highly professional team of technology professionals that are evangelists for cloud solutions. This is because we believe the benefits are unrivalled by equivalent on-premise approaches to provisioning business technology.
The business benefits of the cloud are regularly highlighted in the press and deliberated in boardrooms. Cloud technology is a topic about which the vast majority of business leaders are likely to have more than a passing interest.
Based in the heart of London in Canary Wharf, HTL Support was incorporated in 2009 with a clear and simple vision. We are dedicated to helping business leaders in financial service organisations find the best way of successfully adopting cloud technology in their businesses. We offer best of breed Hosted Cloud Services in our ISO27001 London data centres, and help clients to create their own Private Cloud systems in their own offices or data centres.
Our friendly and professional engineers and consultants have extensive experience, proven track records and ‘can-do’ attitudes. We offer independent advice but partner with the leading cloud technology companies to ensure seamless support. We are serviced focused; our client’s satisfaction is paramount.