For most IT professionals, the concern around keeping specific copies of data occurs when that data has particular value. The motivation to pay attention to this data comes from a government regulation, corporate governance or there is potential for a reoccurring value to that data. Once the data is identified the question becomes where to stash it and is cloud storage a viable option?
In reality for most companies we are not really talking about the actual last and only copy of a particular piece of data, but more so that this is going to be THE copy that you count on when at some point in the future you are under pressure to recover. For example, your organization is being sued in a lawsuit and you have a discovery request to fulfill.
There are many companies competing for the right to store the copy of data that you are going to count on. For local premise storage you have companies like EMC, Nexsan and Permabit. This class of solutions for this type of data need to offer advanced retention capabilities to be able to lock down data and insure that you have a verifiable original. They also need the ability to replicate that data and have full knowledge of the replicated copy. If you decide to destroy data you probably want the replica destroyed as well. Finally you will want some form of space efficiency, compression and deduplication for example, so that the cost of the final resting place stays in check.
If you decide to investigate the cloud, much of the answer is the same. You want the provider to be able to deliver the same functionality as above but on a subscription basis. Companies like Permabit and EMC are arming providers with these types of solutions and companies like Iron Mountain, Nirvanix and Amazon are offering more of a turnkey or partner driven service.
In the cloud you have to make sure that the company you partner with has similar or better best practices as you do when storing and protecting data. Most will offer Service Level Agreements (SLAs). Make sure you read the SLAs very carefully. There are a few major providers offering SLAs that are very vague about things like guaranteed recovery and assured destruction of data. You want to look behind the Wizard's curtain to see what is really there.
The SLA can say anything it wants, its just a piece of paper. If the company fails to live up to the terms of the SLA you may win a legal judgment but you may loose a precious data asset. The key question to get an answer to is can the company standing behind the SLA actually back up what it says or is there an empty room behind the curtain?
Look at the company longevity, number of and quality of their facilities. Examine their data protection and retention practices. You are counting on this company to deliver back to you your most precious data assets. It is important that they can protect and deliver as well as destroy those assets specifically when you need them to. Anything less and you might as well do it yourself.