Data Protection and Backup Tape Vault Storage

Changes Occur at Warp Speed

By Michael Payton, General Manager of Records and Information Management Services, Augusta Data Storage. 

A Historical Perspective

While offsite hardcopy records storage has been around for decades, many don’t know the rich history of offsite media vaults. In North America companies started backing up records to magnetic tape as far back as the 1960s. In the late 1970sand early 1980s a number of offsite vendors started adding media storage to their list of service offerings.

By the mid-1980s, tape backup was the prevalent method for data storage and disaster recovery. And with this surge in tape backup, an increased number of record management providers began building climate-controlled data vaults.

In 1981, the National Association of Secure Data Vaults (NASDV) was formed to support these growing businesses. The NASDV was the original trade association dedicated to media storage.

It would eventually merge with the Association of Commercial Records Centers (ACRC) in the mid-90s to form PRISM International.

Media storage flourished in the late 1980s and 90s, but providers started to see companies move toward disk-based back up options, including co-locating servers. Data co-location diversified the risk of in-house data storage and management to different locations providing redundancy for protection. 

In the late 1990s and early 2000s, “cloud backup” began to emerge as another option for data backup due to the increased bandwidth of internet service. With the growth of cloud backup and the increased storage capacity on a single tape, data storage providers started to see a major decrease in tape storage in their vaults. 

As this transition took place, a core group of data storage providers sought out content specific to the data backup industry in effort to combat the downward storage trends. With a goal of building on the experience of the group and seeking out experts in the industry, the Data Protection Association (DPA) was formed in 2012. 

An eager yet small and passionate group of members strove to keep media vaulting in the forefront, while looking at forthcoming trends and alternative storage opportunities (pathology slides, art, wine, evidence, etc.). The DPA ran through 2018 when it merged with the PRISM International division of i-SIGMA.

Throughout the 2000s and 2010s, the amount of data grew exponentially, and companies continued to look at ways to store it efficiently. Companies began to use hybrid approaches, using various backup methods, but most storage providers still saw a decrease in storage and struggled to find alternative growth opportunities. 

This was the driving force behind the DPA merging with PRISM International under i-SIGMA. The move would bring the focused efforts of the DPA under the strong infrastructure and leadership of i-SIGMA, allowing members of both organizations to benefit from the merged resources.

Changing Landscape

While data continues to grow at a rapid pace, technology continues to transition away from tape as a primary backup solution. Tape manufacturers and industry experts indicate there is still a segment of data protection in which tape is applicable as a tiered backup medium and predict the explosion of data will positively affect the industry. 

Tape has a number of advantages over other backup methods, including low total cost of ownership, minimal failure rates, and perhaps most importantly, it is offline. This concept has been referred to as the “air-gap”1 meaning tape has a layer of protection between hackers and ransomware unlike disk and cloud options.

However, most RIM providers continue to see flat or negative storage growth. Many small to mid-sized companies have moved to cloud exclusive models. While large companies may employee a hybrid approach with tape being a component, there is a lack of geographical diversity. These companies are predominantly located in the large metropolitan cities (Chicago, Houston, Los Angeles, New York, Washington D.C.) or tech hubs (Dallas, Denver, Phoenix, San Francisco, Seattle, etc.); meaning, RIM providers in smaller metro areas do not have much opportunity at these accounts.

But not all of this can be blamed on technology. Another growing concern is the lack of focus on data protection by those in the industry. More and more RIM providers are diversifying into multiple service offerings including scanning and destruction services. While this is typically a sound business plan, it has had a negative impact on the sales effort given towards data protection services specifically. As data protection opportunities have dwindled, sales teams have shifted their focus on the perceived “low hanging fruit” and tend to shy away from reaching out to IT managers or CIOs.

Data Protection Strategies for the Future

What we do know is that data continues to grow, and companies will persist in looking for solutions that are both price effective and compliant. An increase in data breaches – much of which is being done electronically – is another unfortunate reality. With this trend comes the need for increased regulation. This is evident with the recent institution of the GDPR in Europe and CCPA in California. We can expect to see more regulation on data privacy, data protection, and data breach notification. 

Companies continue to review the safeguards and risk assessment plans of their internal operations and those of their vendors. This is one of the reasons for the revamping of the PRISM Privacy+ Certification – to help members stay in tune with customer needs.

Data explosion, data resiliency, data breaches, compliance – these are just some of the challenges companies face when developing a data protection program. RIM providers with data protection expertise can advance RIM service levels to meet those challenges. Identification of the service needs of clients should be collaborative between industry leaders, client data control specialists, and data protection specialists. 

Preparing for the protection of data in the future certainly requires members to embrace emerging client solutions and needs. In-depth conversations and research into the potential for new service deliveries are critical. Success in the data protection future depends on aggressive and forward-thinking strategies for today. 

This article was originally written by Michael Payton and published in the IG Journal, 2020 Vol. 1, in partnership with NAID and PRISM International.