Tiptoeing Around the Invisible Elephant

by Rob Fitzgerald

Last month I was involved in an information exchange regarding data storage amongst some industry insiders.  Based on the reactions I received from my letter, I think it is important to open up and share.  Please feel free to share your thoughts and how your organization handles these issues.

NOTE: The premise of the question I responded to was how firms are handling the expense and risk of data storage.

My Response:

This is a GREAT question and one we have debated internally for years.
Let me share with everyone our experience and hopefully it will help you
make a better decision. The Lorenzi Group is a digital forensics firm.
To explain what we do at a high level, we are hired to forensically
harvest electronic data, restore it, analyze it, and report on it.

When we first started out, we thought that charging clients for data
storage wasn't necessary. Truth be told, we didn't even think of it
until someone asked the question and we quickly dismissed it. After a
while though, we began to see a repeat pattern/bad habit occurring.
Cases would last for a long time AND when they were finally resolved, no
one would tell us OR (worse) we would know the matter was "resolved" (I
put in quotes the word resolved because of the age-old question: Is a
matter ever REALLY resolved?) but were instructed to continue to hold
the data.

For small cases and small amounts of data this wasn't too bad. However,
once our insurance carrier understood what we were doing, they wanted
more protections in place (rates went up). We also found ourselves
needing more storage space. At first, we just added hard drives. Then
we needed to buy additional storage devices, moving from a network to a
NAS environment to a SAN environment.

Our initial step was to charge a nominal fee to hold data. I didn't
want to charge per GB, b/c that seems inherently unfair to me. There
are always questions about actual size, compression, and a monthly rate
$50 or $100/GB seems outrageous to me. If we have a 100GB hard drive or
100 PST's @ 1GB each (skipping the "compressed or not" AND "attachments
or not" questions) that would be $5,000 - $10,000/month! YIPES!

So, we went with a flat fee approach. Initially, it was $50 per media
per month. This worked really well for a long time (or so I thought).
Once the recession hit, clients stopped paying the monthly fee. I would
call them and they would say, "Rob, it's only $50, we're going to wait
until it accumulates before paying it." or something else to that
effect. Seriously. And you know what? They were right, $50 per month
per media was too small to think about.

After I began analyzing it, we were spending more money on storage than
we were being paid. This $50 did not include: time spent on
collections, increases in insurance, or time maintaining the storage
devices and network. The most simple calculation (for the IT-minded
folks this is strictly to be used as a starting point, not a religious
decree): 500GB internal hard drive = $100. If it is stored in a SAN
device, you need to add in the appropriate percentage of overhead
maintenance costs (electricity, network, FW, IT support, etc), and don't
forget the collections time. Therefore, $50 per month per media was a
joke and had to go. As I struggled to find a better solution, I spoke
with people from many different industries and some everyday examples
came to light. Let me share:

* $36/day to park a car in Boston (more at the airport)
* $25/day to leave a car at the auto mechanic
* $100/month for a self-storage container
* $5/day for clothes at the cleaners

AND REMEMBER: Not one of these comes with any guarantee of protection,
security, or safety. If you are holding data, there are specific legal
and financial requirements that must be met. Even if the client does
not pay, you may not be (are not) allowed to delete the data or post it
to the web - even though you may WANT to! ;-)

So, we came up with another pricing model that we have been using. In
this model, we no longer worry about collections expense, there are
little to none. With this pricing model, all parties are aware of the
cost of data storage up front.

And this pricing model can be YOUR for just $599! If you act NOW, I'll
throw in pricing models for all sorts of other services! LOL ;-)

Back to the pricing model, this is our new model:

We charge a flat rate per media for data storage (NOTE: If the storage
goes above 500GB per media, we alter the pricing). If the client agrees
to EFT payments (instead of us chasing them to be paid), we reduce the
flat rate SIGNIFICANTLY. The fact is, I don't want to be in the data
storage business but due to too many things to list here, we need to be.
Storing data for clients is a hassle and a constant liability that all
of our employees need to be aware of (and constantly reminded of). At
the same time, I want the client to see value in what we are offering
and to understand that it is in their best interest to not allow the
legal matter to linger. This pricing model allows the client to see how
much they are spending on necessary data storage, reduce their payment
significantly by pre-paying or using EFT, and continues to keep them in
control. At the same time, we are able to properly store the data,
don't have to chase clients for "small dollars" (By the way, many
business organizations and law firms have the greatest financial leaks
in "small dollar" services), and maintain a revenue stream.

I am always looking for better ways to run the business. If someone
else has a different perspective or idea, I would love to hear it. My
feeling is that Data Storage is the invisible elephant in the room of
legal costs. No one wants to address it, but if it isn't addressed,
some firm, some company is going to crash hard because of it.

Professionally,

Rob

So, what’s next?  I don’t know.  What I know is that I received 3 types of responses.  The first were private emails sent thanking me for posting some concrete information about how we are dealing with this problem.  The second were private emails sent from vendors offering alternatives – I have touched base with some of them, however I still need to contact a few.  The third?  Silence.  No post or reply, no one offering an alternative solution.  The silence makes me think that people haven’t been thinking about this issue.  The problem is that if your organization isn’t addressing data storage creep now, two or three years from now you will be stuck buying another large storage solution with no one to bill it to.  What do you think?  How do you manage data storage expenses?  Feel free to post your ideas here or contact me directly.