The Cost of Inertia: Insight from the Iron Mountain Data Protection Predictors Study

Download PDF

Predictions Show Current Data Protection Efforts Will Fail to Meet Tomorrow’s Data Growth Challenges

Executive Overview

The modern data protection landscape is changing at an unprecedented pace. Data is growing exponentially, new and evolving regulations are appearing all the time, litigious activities are increasing and not a week goes by without news of a natural disaster or other emergency severely impacting a location – and the lives of the people living and working there. Clearly in such an environment, being able to protect your data is more important than ever.

It was with this idea in mind that we asked IT professionals from a wide variety of businesses and industries to help us predict the future of data protection. We asked questions about how the challenges of the current environment will evolve over the next two to three years and what strategies, policies, procedures and technologies organizations will leverage to overcome them. The results were illuminating.

Despite recognizing that data protection challenges will continue to grow, participants believe that few organizations will take decisive action to fortify their data management practices in the near future. As you read through the predictions on the following pages, you will see phrases like “keep everything forever” and “conduct periodic reviews” that show a lack of urgency for participating in this next generation of data protection. We can speculate about why — perhaps participants believe limited budgets or lack of expertise will hold organizations back – but the fact remains that “do little” or “do nothing” postures will not cut it going forward. The costs of uncertainty and inertia are just too high.

We all know the risks of inadequate data protection — they are many and well documented. Whether it’s the penalties and fees of non-compliance, the brand damage and loss of customer trust associated with an inadvertent disclosure or the bottom line impacts of not being able to recover data in a timely fashion, today’s organization’s simply cannot afford taking a reactive, “it’ll never happen to us” approach to data backup and recovery. After all, the landscape is too competitive, and one incident, quickly spread across websites, blogs and social media, has the potential to change how a business is perceived forever.

We've organized the predictions into four sections that mirror our best-practice-based approach to optimizing your data protection infrastructure:

  1. Evaluating current challenges
  2. Assessing high-level strategies
  3. Reviewing policies and procedures
  4. Determining the right mix of technologies

Our hope with this report is that it will provide a baseline of understanding upon which we can build the tools and information needed to help our clients navigate this complex environment. How? By understanding that a more proactive approach to data protection is needed — one that starts with a high-level strategy, feeds into well-defined policies and procedures and is supported by the right mix of data backup and recovery technologies.

Jay Livens
Director, Product and Solutions Marketing, Iron Mountain

Predictions: Challenges

Evaluating Modern Data Protection Challenges

Data growth, compliance, a stagnant economy and flat budgets are just a few of the challenges facing organizations in today’s data protection environment. The predictions in this section show that the risks these challenges bring with them (e.g., data loss, inadvertent disclosures, non-compliance, etc.) are top of mind for many organizations — and that they’re actively looking for strategies and best practices they can implement to overcome them.

At the time of data and asset obsolescence, the volume of data poses a greater risk than the volume of physical devices.

When it comes to aligning data protection efforts with data growth demands, limited funding will continue to challenge IT organizations.

As data and IT assets continue to grow, risk of data loss or inadvertent disclosure will be the most prevalent concerns of IT leaders.


By proactively managing the lifecycle of all devices and the data that resides on them — from implementation to decommission through destruction — businesses can protect themselves from the risks of data loss and inadvertent disclosures, including downtime, penalties, a damaged brand reputation and other high-profile consequences that will immediately affect an organization’s bottom line.

An overwhelming majority of participants believe that risk of data loss or inadvertent disclosure will be a major concern of IT leaders over the next 12 to 18 months. The next closest concern was “bring your own device” (BYOD) and mobile technology trends, followed by compliant IT asset disposal and destroying assets in environmentally friendly ways.

Expanding Data and Compliance Requirements

As data continues to grow at an exponential rate and businesses embrace more data-intensive trends, such as big data and predictive analytics, it’s not just the amount of data they are storing that has increased — it’s also the criticality of that data. At the same time, expanding compliance requirements across heavily regulated industries like Healthcare, Financial Services and others are putting pressure on organizations to secure the privacy and integrity of their data. As these data and compliance demands continue to grow, the risks around data loss and inadvertent disclosure multiply, so it’s understandable that participants viewed them as urgent data protection concerns in the near future.

Proactive Management of Data and Device Lifecycles

The BYOD issue is an interesting one, because even though most organizations recognize it as a trend that is here to stay, few seem to understand how these devices fit into their data protection strategy. That said, organizations truly concerned with protecting themselves from data loss in a BYOD world should not overlook IT asset disposition strategies. Together, BYOD and data growth trends have led to a surplus of devices organizations have to manage — each containing business data that could be compromised if not disposed of properly. These devices may create a less-visible data loss risk, but that does not mean they can (or should) be ignored.

"At least in our industry, HIPAA, protected health information (PHI) and personally identifiable information (PII) can have huge financial impact on a business, and identity and data theft are seemingly rampant, with major public visibility and brand reputation implications."

-Survey Respondent


Storing older, archived data on tape is one way organizations can eliminate data compatibility concerns. This is because tape has an incredibly mature interface and is one of the most widely supported storage technologies, so it should be no problem to maintain their archive data as their infrastructures evolve. What’s more, moving data from the primary infrastructure to tape cold storage helps control the volume of data IT has to manage on a daily basis.

At the time of data and asset obsolescence, the volume of data poses a greater risk than the volume of physical devices.

When organizations look at their IT environments, it is common for them to view the number of devices they have to manage as a reflection of the amount of data they are storing, so it stands to reason that they are more concerned with what they see as the cause (the data) rather than the effect (the devices). In addition, with data and device growth happening at such an accelerated rate, some participants are worried that compatibility will become a challenge as data moves from one storage medium to another.

Data Growth Drives Device Growth — and Vice Versa

It’s no secret that data volumes are growing at an unprecedented pace; however, BYOD and mobile technology trends are bringing new and different device types into the enterprise that are not accounted for in the “more data equals more devices” equation discussed previously. Today’s employees use an average of 3.5 devices in the workplace1, so if the time to address device management is not now, it’s coming in the near future.

Reducing Data Volumes and Compatibility Concerns with Tape

Many IT infrastructures today comprise an assortment of server, software and storage components that have been accumulated over time, with aging legacy systems running alongside the latest and greatest technologies. In such environments, it’s not uncommon for businesses to be concerned with data compatibility — especially as they consider consolidating and standardizing their infrastructures in the future.

"Storage technology is advancing so fast that enterprises have vast amounts of data stored in many different formats. As archive requirements continue to grow, data incompatibility will become a big concern."

-Survey Respondent


Data doesn’t care that there are no new budgets for data protection systems; neither do litigation requests, disasters or any of the other factors putting pressure on IT staffs. However, by making the right decisions about where to put data throughout its lifecycle, organizations can maximize their budgets, while still meeting their various compliance, discovery and recovery requirements.

When it comes to aligning data protection efforts with data growth demands, limited funding will continue to challenge IT organizations.

Few survey respondents believe that data protection systems and budgets are keeping up with data growth, but they — like many others in IT organizations today — are feeling the effects of tight or reduced budgets on their backup and recovery efforts.

A Fresh Look From A New Angle

When the people in charge of backups for their companies say that their systems are not keeping up with data growth demands, what they really mean is, “I don’t have the budget to keep buying new technology to address the problem.” What’s more, they know it’s not going to change anytime soon, because backup is rarely a priority at budget time. So, what can they do? They have to take a fresh look at their environments and make smarter technology decisions that change the economics around their backup and recovery processes. For example, by maximizing the capabilities of existing assets, incrementally adding new solutions when budgets allow and marrying this technology with innovative thinking and best practices, they can start to bridge the divide between their current and ideal future states.

Maximize Budgets With Data Tiering

There’s an old adage that there’s always money to do something over, but never enough to do it right. When it comes to protecting data, that’s a risk most can’t afford. Data tiering is a widely recognized best practice that can help drive cost reductions throughout backup and recovery practices — helping organizations take better advantage of their limited budgets.

A data tiering project can begin with the simple steps of identifying a data set and understanding how business-critical it is, how often it changes and how accessible it needs to be. For example, if 30 percent of data is volatile and needs to be on spinning disk, it’s worth asking the question: “Can the other 70 percent be moved to a more cost-effective medium?” If the answer is “yes,” the organization has freed up significant disk space to accommodate data growth without having to purchase costly new hardware.

"Until the economy improves significantly and consistently, budgets are going to be more tightly managed, making the gap between data growth and data protection a bigger problem every year."

-Survey Respondent

How is the Current Data Protection Environment Affecting You?

Here is a quick test to see how your organization is handling the challenges of the current data protection environment. If you score a three or above, you’re likely experiencing some of the pains discussed, and you should begin thinking about how you can change your data protection approach to reduce or eliminate them. If you score a two or below, you’re in pretty good shape, but with data growing exponentially and elements like compliance requirements changing all the time, you should return to this exercise in the future to make sure you’re staying ahead of these challenges.

  1. In the past year, we’ve had to purchase additional primary storage and/or backup resources to keep up with data growth. (+1)
  2. We have a pile of old and/or obsolete IT assets and storage media that we don’t know what to do with. (+1)
  3. We’ve experienced a data loss or inadvertent disclosure event in the past year. (+1)
  4. Our budget for data management remained flat or was reduced this year. (+1)
  5. Other than potentially adding more storage capacity, we have not changed our data protection strategy in the last three years. (+1)

Download the pdf version

Read more…