Bill Tolson, director of product marketing/archiving solutions at Iron Mountain (, says:

Not many companies have thought about digital storage costs. Is this true, and why is this so?

Many companies are not approaching storage holistically, so they can’t analyze the true costs of storing their digital and paper-based information.

In the face of the current data explosion, storage itself is actually cheap. However, with information comes risk. Data can be subject to compliance regulations, such as SEC mandates, legal discovery requests, and security concerns with confidential and sensitive information like social security numbers. Some information is even a liability and needs to be permanently destroyed. These risks cannot be addressed by simply storing the information with a “cost per gigabyte” model.

Companies need to manage information throughout its lifecycle, from creation to destruction, and account for these different types of risk. This is where the true costs of digital storage lie – in managing the information. It’s a complex task that requires investments, expertise and scalability.

We at Iron Mountain believe that properly storing information means making it useful and accessible. Simply backing everything up to an off-site server doesn’t enhance the value of a company’s information. This is where additional costs creep in. Storing information effectively means taking a look at what your information means, the patterns and the trends within it, and determining what a company can learn from the data it has created. Adding these descriptive details or metadata can help companies improve their businesses and processes, but represents a cost that many companies do not consider.

How can enterprises get control the documents they’re storing (what’s being stored, what’s needed, and the best way to store what’s needed?

In short, there are five steps to efficient information management:

i. Identify and destroy irrelevant data
ii. Archive “compliant” data per retention policy
iii. Protect critical data for business continuity
iv. Handle “risk-relevant” data for eDiscovery
v. Manage storage of “transactional use” data

Information should be kept and destroyed for different reasons, including compliance (SEC mandates), corporate policy, litigation preparedness (eDiscovery requests), intellectual property reasons and those “just in case” situations.

Companies need to look at what data is active and what is inactive. The inactive data (not accessed in the past 12 months) should be archived intelligently that lets people find and access data when they need it. Companies keep too much data around and this stretches IT budgets and resources thin, compromising their ability to deal with the most critical information first.

How can enterprises effectively cut their amount of storage?

We have seen two general archiving policies: “keep all data” or “keep nothing.”

Companies “keeping all data” end up storing active and inactive data on tier-one infrastructure, which is expensive and inefficient. Others use backups as archiving, which is also inefficient. Depending on the reason a company needs to keep data, tape may not be the most efficient or effective media as it is not searchable and provides low accessibility. For instance, if you’re keeping data for litigation purposes, then your archive needs to be secure, auditable, searchable, and in a legally compliant format.

Conversely, “keeping nothing” is a risky strategy. Many business need to keep specific records for a seven year period, to remain compliant with federal regulations and satisfy legal or eDiscovery requests, should they arise.

Our recommendation:

• Backup only the most active and recent information for disaster recovery purposes.

• For data that is not accessed frequently, implement a storage policy that migrates old, inactive data to lower-cost storage systems, such as cloud-based storage. This allows IT to address other more important projects, such as virtualization or business continuity (Disaster Recovery and backups) plans.

• Never use your backup processes for archiving purposes.