Moderator: David Vellante
Analyst: User: Dick Fordham
Once a high flying Internet bubble business, managed storage services are back in vogue but this time appear to be solving real customer problems at affordable prices. In the past few years, three factors have driven the return of on-line storage services primarily focused on data protection (i.e., backup and restore):
- Technologies that make this business cost-effective are coming to the mainstream, including disk-based backup using data de-duplication, encryption, and the consistency and reliability of moving data over networks;
- Relentless compliance and regulatory requirements specifically pertaining to the explosion of data and the need to retain, re-produce and authenticate electronic records have been put on the books;
- New and emerging business models that include Software as a Services (Saas) and packaging solutions (including processes) into a repeatable offering, make the business more channel-friendly.
These factors have enabled large service providers such as IBM, HP, Sunguard, EMC, and others to leverage data center economies and offer standard building blocks for channel partners (e.g., service providers) that are beginning to provide incremental add-on services to large, medium, and small customers who themselves are increasingly comfortable sourcing remote data protection.
Storage competitors have seized this opportunity, and acquisition and partnering activity has been up lately as EMC and IBM both made moves in this space acquiring Mozy and Arsenal Digital respectively, and HP has partnered with Iron Mountain.
Who are candidates for such services and what are the primary applications? The best candidates for these services are large and mid-sized customers who generally rely on decades-old backup processes; and smaller customers that donâ€™t perform regular backups and/or have no processes. Backup/restore, backup/recovery and retention are the primary applications with the emphasis on remote services that can be purchased as an ongoing operating expense rather than as a sunk capital investment.
Pricing models for such services is based on two typical models:
- Pricing on data that is protected,
- Pricing on data that is stored.
Typically charges include a flat setup fee or a minimum requirement of gigabytes stored. Banding of services is also common with an N-month term required.
Despite the apparent convenience of these services, which includes an OPEX, versus a CAPEX, hit and the outsourcing of an increasingly problematic compliance issue related to electronic records, customers must remain vigilant in their assessments of these opportunities. Specifically, switching costs could be substantial given disparities in processes and technologies across providers. But there are examples where moves to alternative service providers have been made fairly smoothly in relatively smaller sites. In general, the larger the vault, the more difficult the migration, making pricing visibility fundamental.
As it relates to costs, most customers do not have a clear handle on the full cost of providing data protection today. Without this proper accounting, it is unclear if buyers will save money outright or be paying more for better service. In general, experience suggests that the payback on such services largely relates to very important, but harder to sell (internally) soft dollar factors such as quality, risk reduction, and speed to market.
Moreover, even though service providers are more likely to have best-in-class processes to manage data protection services, the burden of auditing and documenting such processes for defense in legal discoveries remains squarely with the customer. Finally, while service providers will contractually agree to penalties related to speed and accuracy of data recovery, the penalties will be limited to percentages of monthly service fees and not reflect the value of data lost.
Requirements As a result of these caveats, customers should choose suppliers that are financially viable and can be held accountable for process and procedure excellence and best-in-class security. As well, customers should demand flexibility in fees and service levels for factors such as retention and recovery points and backup frequency. Customers should also be aware that they are either paying for data protected or data stored, meaning the benefits of savings from factors like de-dupe will accrue differently for different applications. As well, invoking data encryption will add storage and consequently costs.
Action Item: Large customers should endeavor to consider the operational overheads associated with protecting data carefully and fully consider total costs for internally managing versus sourcing such services. In general, it is best to do your own homework and not rely solely on the analysis of the service provider. As well, given potentially high switching costs, negotiating shorter contracts is advisable. Smaller customers must begin to recognize that their information is as important as large customers and outsourced data protection services provide a path to best in class data protection.