Beware of unreliable data babysitters

The use of offsite data warehouses to store financial and client information
has become a key part of many companies’ disaster recovery plans, while also
helping them to ‘outsource the risk’ of keeping data onsite.

But determining which site to choose is one of the most important decisions a
director makes in terms of IT, and one of the most difficult.

According to Paul Williams, IT governance adviser to risk advisers, Protiviti
UK, data is the most valuable resource a business has, and sending it out is
like ‘leaving a baby with a babysitter’.

‘It’s something you have to do your due diligence on,’ Williams said.

He urged business to undertake a stringent checking process when choosing an
outsourcer to manage data offsite. ‘There are very good sites out there, and
some you can’t trust. You must at least visit the site, talk to others using the
site,’ said Williams.

Some form of security certification should also be expected, said Williams,
and a minimum requirement is ISO27001. Individuals within the company should
also hold information security certificates, such as CISSP or CISM.

‘Responsibility for selecting the vendor needs to be a joint one between your
IT security function and the business owner of the data.’

Paul Elliot, managing director of IT security business Future-Tech, warned
that many sites are inadequate, and many businesses have chosen to bring data
back in-house.

‘Sites in the Docklands go down all the time, why go into London? There are
power problems and the risk of flooding. Lots are fallen dotcom sites, and the
infrastructures in place are not up to scratch,’ he said.

Related reading

aidan-brennan kpmg
The Practitioner
Life Belt with Computer Folders