1. Survey

Ten years ago, the Storage Networking Industry Association (SNIA) 100-Year Archive Task Force developed an influential survey that was intended to determine the requirements for long-term digital information retention in the data center.  The survey was a leading instrument, bringing awareness to the extreme problem of long term digital information retention.  In this year's survey, we are seeking to assess:
  • What has changed in 10 years, are the key tenants of the original survey still true?
  • Have business drivers changed?  Have businesses raised or lowered the perceived priority of data preservation?
  • What preservation methods are being used?  What systems, and how are they being consumed (i.e., in a data center or in the cloud)?
  • Are users meeting their goals for data preservation? What challenges remain?
We appreciate your time, and we look forward to sharing the results of this survey.

 

* 1. Email Address

* 2. First Name

* 3. Last Name

* 5. What Industry or sector does your organization represent?

* 6. What geographic area are you personally responsible for and in which geographic areas is your organization represented? (select all that apply)

  Personal Company
North America
Europe
Asia
Africa
Australia/New Zealand
South America

* 7. What is your job Position/Title?

* 9. What is your responsibility relative to long term archive or digital information/record retention? (Meaning - what do you do in your organization relative to long term retention - position, responsibilities, etc.)

* 10. In your business, which groups own long term retention of information?

  Compliance information General business information
IT
Records and Information Management (RIM)
Business Group/Business Management
Archive
Security/Risk Management
Legal
None of the above

* 12. How is your organization structured to meet long term retention and viability requirements? (Rate how true each statement is) 1=Not true, 5=True

  1 2 3 4 5
IT is closely aligned and coordinates with Records and Information Management (RIM)
IT is closely aligned with the Business Group
Legal runs the show
IT is autonomous and sets its own rules
IT, RIM, security, and the business never talk about requirements 
Security has an important role in setting requirements 
An external organization handles retention for my company

* 13. What external factors are driving the requirements for long term digital archives? Rank these factors by risk (1 lowest to 5 highest

  1 2 3 4 5 N/A
Business Risk
Legal Risk
Security Risk
Compliance/Regulatory Requirements
Preservation of business/organization history or assets
Customer privacy
Business value of the information
Other (if specified below)

* 14. Rate the business requirements for long term archives? (on a scale of 1-5, 5 high)

  1 2 3 4 5 N/A
Cost Control
Confidentiality/Privacy
Legal Discovery
Coordination
Migration
Ability to read & interpret info
Ability to make the data accessible to internal groups
Ability to make the data available to external parties
Historical Preservation
Future business (not legal/compliance) use or monetization of information

* 15. How have business requirements for long term retention changed over the past 10 years?

* 16. How will the business requirements for long term retention change over the next 10+ years?

* 17. What type of organizational information is retained long term? Please rate how important each type is to retain & protect
Rate 1-5  1=low 5=high

  1 2 3 4 5 N/A
Legal records
Regulated
Departmental
Finance
Executive Offices
Company Business Records
Customer Records 

* 18. What type of data is retained long term?  Please rate how important each type is to retain & protect  Rate 1-5  1=low 5=high

  1 2 3 4 5 N/A
Databases
Encryption keys
Log files
Internet of Things (IoT) Data
Security records
Scientific Data
Proprietary data formatted information - e.g., Designs, CAD, GIS files, Product Development artifacts
Final digital product (i.e., software, digital video, etc.)

* 19. What risks does your business face if long term information is lost?  - Rate 1-5, 5=high

  1 2 3 4 5 Don't know
Legal (fines, penalties, jail, etc
Additional business expenses (i.e., to re-generate data or re-design a product)
Loss of customers 
Loss of revenue/funding
Shutdown of business
Reputational harm

* 20. Are information retention policies audited?

  Yes No Don't know
By an internal group
By an outside auditor

* 21. Is your organization required to destroy expired data?

* 22. Does your business face a risk if expired data is not actually destroyed?

* 23. What is your organization doing to deal with media migration and long term readability issues? (Migration means periodically moving information to new media to assure readability. Readability refers to both physical and logical readability - is the information in a format that your applications can read and interpret?) (Rate how true each statement is on a scale of 1-to-5, 1=not true, 3=sometimes true, 5=always true)

  1 2 3 4 5 N/A
We have implemented pre-planned MEDIA migration schedules for long term storage (physical preservation)
We have implemented pre-planned FORMAT migration schedules (logical preservation)
Writing information in archival document/image formats (XML, PDF-A, TIFF, JPEG)
Utilizing archival container technology with embedded metadata (OpenAXP, SIRF, BagIt, etc.)
Routinely scan archives to verify data integrity
Following standards such as ISO/IEC27040,  ISO16363, ISO24619 or the OAIS standard
Outsourcing archival to general purpose cloud storage providers (e.g., AWS, Azure, Google)
Outsourcing to an archival storage cloud/Software as a Service provider (e.g., Preservica, Duracloud, Arkivum)
Storing data with multiple service providers to mitigate service provider failures

* 25. Does your long term archive use... (select all that apply)

* 26. When retrieving data is it typically ad-hoc files or more often bulk restores?

* 27. How often is data retrieved from your archives?

* 28. Which applications produce information that is of highest concern in maintaining long term readability of information? (Readability implies the ability to read the physical media and to logically interpret and use the content in an application context.) (Rate how important each of these application types are to your organization on a scale of 1-to-5, 5 high)

  1 2 3 4 5 N/A
Databases
Email
Custom Business Apps
Customer records
ECM/Document Management
Personal Productivity Apps
Accounting & Financial Apps
Log Data
Internet of Things (IoT)
Scientific Applications
Other

* 29. What data formats do you preserve? (Select all that apply)

  Yes No Don't know
Text Files
XML
PDF
PDF/A
TIFF
JPEG2000
Office formats (Word processing, spreadsheet, presentation, etc.)
Email
HTML
Source code
Database files
CAD/CAM files
Video formats
Audio formats
GIS
Other

* 30. Where are long term records kept? (meaning location of repositories) Select all that apply

* 31. How large are your current long-term digital information archives (repositories)?

  0TB-100TB 100TB-1PB 1PB-100PB >100PB Don't know
On Disk
On Tape
Cloud
Optical
Other/Unknown

* 32. Do you utilize backup formats or technologies (as opposed to archive technologies) for storing your archives?

* 33. How often do you physically migrate your long term retention data (i.e., move it to new media)?

  Every year Every 2-3 years Every 4-6 years Every 6-10 years Every 10-15 years Longer than every 15 years Don't know
On Disk
On tape
Cloud
Optical
Other

* 34. What type of public/multi-tenant cloud storage do you use? (Mark all that apply)

* 35. Do you audit/verify the integrity of data stored by a managed service provider or cloud? Yes/No? How (open ended)?

* 36. What cloud storage APIs do you use (select all that apply)?

* 37. What best practices guidelines, source material, or resources do you use for reference and training for long term retention?

* 38. Rate how satisfied each organization is with its long term retention methods (rate 1-5, 5 high)

  1 2 3 4 5 N/A
Storage systems used for long term retention
Ability to comply with legal discovery requirements across the various repositories 
How well the organization works together to assure retention and readability 
Ability to access and read information in 7-10 years 
Ability to access and read information in 50+ years
The cost to maintain long term archives/repositories 
The cost and ability to migrate data to newer media technologies 
Retaining value to the organization in its long term archives 

* 39. Rate the importance of the following to your long term digital information retention requirements: (1-5, 5 high)

  1 2 3 4 5 N/A
Common archive/retention format across applications 
Ability to switch the archive application without having to convert existing archived data to new format 
Ability to retrieve archived information with a different application than the one that wrote it 
Interoperable long-term storage systems 
The ability to elastically grow and shrink the system to meet dynamic processing and storage needs.

* 40. What are your top pain points in long term digital information retention?

* 41. What are you doing about these problems?

* 42. What security and privacy controls/technology are you using in long term retention? (Rate how true each statement is on a scale of 1-to-5, 1=not true, 3=sometimes true, 5=always true)

  1 2 3 4 5
Data Classification based on sensitivity and criticality
Data integrity
Immutability technologies (e.g., WORM)
Access control mechanisms (RBAC, multitenancy, etc.)
Encrypting data in-transit (link encryption)
Encrypting data at-rest
Persistent key management
User/Administrator Authentication (e.g., multi-factor)
User/Administrator monitoring and reporting (e.g., audit logging)

* 43. What types of statutory, regulatory, or legal requirements/obligations impact your long-term archives? (Rate the impact on a scale of 1-to-5, 1=no impact, 5=high impact)

  1 2 3 4 5
Privacy (e.g., GDPR)
Healthcare (e.g., HIPAA/HiTECH)
Financial Services (e.g., Fintech/PCI)
Government
Energy
Legal (e.g., electronic discovery)

* 44. What multi-jurisdictional issues influence your organization’s use of long-term archives? (Rate the impact on a scale of 1-to-5, 1=no impact, 5=high impact)

  1 2 3 4 5
Reconcile requirements from multiple countries)
Honor cross-border restrictions)

* 45. When considering long-term archives what are the threats and/or risks that cause your organization the most concern? (Rate the level of concern on a scale of 1-to-5, 1=no concern, 5=high concern)

  1 2 3 4 5
Data breaches
Data integrity
Advanced persistent threats
Crypto agility