Contributed by: David Stalcup on April 27, 2017.

If you have outgrown your current data storage capabilities or don’t possess the resources to store your data securely, then partnering with a company that specializes in data storage may be beneficial. With your company’s data at stake, finding an expert and reliable partner is essential. To help with your vetting process, here are ten questions that you should ask a potential data storage provider.

1. Are you government compliant?
To mitigate legal concerns, ensure that your data storage provider is up to date with all government regulatory compliances such as PCI, HIPAA and SOX. Each governing body has a specific method of testing for compliance. You will want to understand the parameters of compliance and validate that your provider has all compliance metrics strictly enforced.

2. How long have you been in business?
When it comes to your data, trusting a new, untested startup is risky. Make sure that your potential partner is an established company with the necessary experience to manage your data. If it is a publicly traded company, you can review their financials. If it is a private startup, review their funding and ask questions about their current customer base. Speaking with current customers is always a great source of information.

3. Where will the data be stored?
The location where your data will be kept is critical. You need to know that your data will be stored in the country that you are doing business and that your data storage partner is bound by, and following, the laws of that country. Providers with multiple locations are always deemed more readily equipped to handle geo-distribution needs.

4. How secure will your data be?
Data breaches are one of the hot topics of technology today, and you don’t want to be part of that discussion. You should determine the methodology and technology the company will use to protect and control access to your data and ensure that it meets current security trends and regulations. Also understand the frequency and depth of the provider’s penetration testing and authentication methodology. Two factor authentication can protect you against brute force attacks.

5. How will you deal with a government subpoena?
First, familiarize yourself with the Stored Communication Act (SCA). The SCA provides the details of how the government can subpoena your data and your rights once a subpoena has been issued. Your primary objective is to place within your agreement with a provider that you are the sole owner of your data. Data owners are afforded fundamental rights protecting the data. Once a subpoena has been issued, the owner of the data will have a predetermined amount of time to respond to the subpoena. This plan should be placed in writing in your agreement with the provider.

6. What method of encryption do you use?
If the provider says that their data is encrypted, ask them what method of encryption they utilize. Some are more secure than others, such as 128 bit versus 256 bit encryption. Does the provider utilize SSL transfer encryption which provides another layer of protection during file transfer? Finally, ask if a third-party encryption can be implemented, this will allow you to own the security keys and further protect you against Brute Force Attacks.

7. Is there a capacity on stored data and are there SLA’s associated with data access?
Determine what limits, if any, the company will place on your data storage. Is there a cap on the size of an individual file or is there a total capacity limit? Does the provider place caps on daily ingress or egress of data? If those caps are exceeded what are the associated charges. Understand what services and Service Level Agreements (SLA’s) will be associated with your data as well.

8. What are your billing policies?
Their billing method and how often you will be billed is also important to find out up front. Data Storage providers will typically set a fee for PUT, COPY, POST, or LIST commands and set another fee for GETS. For example, placing data in cold storage can be very inexpensive, however when accessing data through the GET command user may be billed at a rather high cost per transaction. Costs will also be based on the speed of the storage in addition to the commands listed previously. Billing can be complicated, so understand the charges clearly for the tier you will be utilizing.

9. What happens if you decide to switch data storage providers?
If you want to leave your data storage partner, how will you retrieve your data from them? This DATA OUT process can be a completely different tier of pricing. Methods for DATA OUT can vary from physical disks to network replication. Again, the method of DATA OUT will impact your billing along with the quantity of data moved. If you need your data in a hurry acceleration is available for a fee of course.

10. What is your insurance Against Data Loss?
Finally, make sure that your potential providers architected to mitigate events that can compromise your data both virtually and physically. Understand the replication scheme used by the provider (More copies of data the better) as well as the overall arching security of the physical locations for the providers data centers. In addition, contact Sanity Solutions – our team is here to address any questions or concerns you may have.