Bookmark and Share Email this page Email Print this page Print Pin It
Feed Feed

Sep 23, 201403:28 PMLegal Login

with Mindi Giftos

Where should your business store its data?

(page 1 of 2)

Businesses of all sizes, at all stages of growth, and across every industry struggle with the same question: Where should we store our data? Emerging companies usually deal with this question early on. More mature companies have existing data-storage practices already in place but, given the growth of “big data,” are often forced to reevaluate.

Changing regulatory landscapes necessitate changes in practice and often require extensive updates to software, hardware, and physical security measures. Below is a chart comparing the three primary options for storing data: onsite, at an offsite data center, and in the cloud. While the chart is very simple and not exhaustive, it provides a basic visual comparison of data-storage options.



Offsite Data Center



Limited by physical space constraints, costly to procure additional hardware, limited options to recoup investment if downsizing is needed, and limited by availability of qualified personnel to oversee expansion and manage enhanced capabilities.

Relatively simple, and easy to add additional storage capacity by increasing number of racks leased at data center. Ability to decrease number of racks, through review contract for relevant terms and limitations. The data center itself is restricted as to facility size. Most data centers work with managed services companies that purchase data center space and then lease small portions to multiple companies to allow for enhanced scaling options.

Easy to scale up or down. Consult contract for relevant terms and limitations.


Usually the most costly, though cost depends upon a particular enterprise’s experience, capabilities, current equipment, and business sector. Costs include the initial investment into the physical space and equipment, ongoing utility access/service, regular maintenance, keeping up with changing technology, and personnel with data-storage experience.

Most likely less costly than onsite. Capabilities, security measures, and age of technology employed directly impact cost. Many companies find that data centers are not as costly as expected because data centers are able to drive prices down based on size and usage.

Least expensive.

Access to Data

Allows for greatest access to data, so long as up-to-date systems are in place and the process is overseen by qualified personnel.

Subject to contractual relationship with data center, but data centers strive to provide uninterrupted remote access and the ability to physically visit the data center site. The contract with the data center should include representations as to downtime and other issues that would limit a company’s ability to access its data.

Access is entirely dependent on third parties. Many cloud services provide very lean “guarantees” regarding access.


Onsite data storage can be very secure, but in reality companies that use onsite storage are all over the map with regard to how secure the data really is. A company must have very well-developed policies and procedures to ensure security and must be willing to continually upgrade technology and train personnel.

Good data centers have extremely impressive security measures in place. These measures include state-of-the-art technology, physical measures that limit actual access to the facility, and administrative policies and procedures. Good data centers are continually testing and upgrading security measures as new technology becomes available and new risks are identified. Contracts with data centers allow businesses to shift some of the risk associated with data security to the data center.

The cloud is not secure. Personal pictures, messages, and documents should not be stored in the cloud. Important/private/sensitive business and customer information should not be stored in the cloud. Some cloud services claim to be encrypted, but this is difficult to verify unless the service is based on open-source software.

Regulatory Compliance

Companies with a highly developed internal compliance program that is integrated with the IT department can address regulatory compliance issues, but the company must be willing to assume the cost of retaining capable, qualified personnel; continually reviewing and updating technology; and actively monitoring changes in the regulatory landscape.

While there are multiple tiers of data centers, some are PCI DSS compliant, HIPAA compliant, and SSAE 16 Type II certified. Other compliance certifications also exist. Contractually, companies can obtain warranties and indemnification related to a data center’s regulatory compliance.

Be very cautious when storing any data in the cloud that is subject to regulatory compliance requirements. Many cloud providers, for example, specifically state that the service is not HIPAA compliant.

Small or Emerging Company

Developing onsite data storage for a small or emerging company is extremely costly and would likely not be the approach used for all of the company’s data-storage needs.

Small or emerging companies may not have a large enough need for data storage to justify executing a typical data center contract. Managed service companies partner with data centers to offer small companies access to premier data centers without having to commit to extensive storage capacity.

If the data does not need to be kept secure — if it does not include personal customer information or sensitive company materials — then the cloud is a great, cost-effective alternative, but likely not the answer for all of a company’s data-storage needs.


Add your comment:
Bookmark and Share Email this page Email Print this page Print Pin It
Feed Feed

About This Blog

Mindi Giftos and her colleagues in Husch Blackwell’s Technology Law group handle a wide variety of issues related to emerging and established technologies, including intellectual property, development and licensing, commercial contracting, and corporate transactions across a broad range of industries.

Recent Posts



Atom Feed Subscribe to the Legal Login Feed »

Edit Module