The rise of SaaS, or software as a service, has meant that businesses no longer have to store rarely used data on site. Instead, they can offshore it to the cloud, thereby freeing up valuable infrastructure resources on the premises for data that is accessed far more frequently. Security experts, however, recommend that companies carefully analyze businesses offering managed services before they offshore certain kinds of data to the cloud.
Compliance data in particular must be stored in ways that are thought-out in advance. Compliance data includes all kinds of information that might be demanded by attorneys during the discovery process that is a part of lawsuits or other kinds of legal challenges. “From a regulatory or legal perspective, anytime you store something, you have to be able to bring it back,” remarked Phil Favaro, who works for Symantec Corporation as a discovery attorney. “Can you go through the virtual filing cabinet and pull out what you need to comply with a court order that requires you to do so within seven days? …Without that sort of structure, companies are going to get in trouble with courts or regulatory bodies.”
Not all managed services providers will be able to offer the kinds of structures and guarantees that Favaro finds essential, which is why businesses interested in SaaS must exercise both caution and due diligence before reaching an agreement with an IT company. Of particular importance are the terms in the SLA, or service level agreement, reached by a business and its managed services provider. Such documents should spell out the provisions being made for e-discovery needs.