Use ILM to Store Data Properly and Securely
Compliance with regulations like HIPPA and GLBA requires data to be stored in a way that protects personal information. Disaster recovery means backup data must be available at a moments notice to ensure business continuity.
|Five Questions to Ask Before Implementing ILM|
The ILM "Solution"
Is there any way to logically balance data storage requirements without driving IT mad? Information lifecycle management (ILM) vendors believe so, and they think they are properly positioned to rescue data from these storage nightmares.
The problem, though, is ILM is more of a concept than a product, so you cant expect to buy a solution that will solve all of your problems.
ILM is a catch-all that can mean just about anything, said Steve Duplessie, senior analyst, The Enterprise Strategy Group. The first step, as usual, is planning. But, before you plan, you must clearly define your organizations problems and search for solutions that solve those problems. If they just say we are an ILM vendor, close the door, Duplessie warned.
When talking to analysts and vendors about ILM, the overriding theme was that ILM is a process not a product. If youve been in IT for more than two weeks, youve heard this logic before. Whether its about security, collaboration, or ILM, youve been told the business process, not the technology, is the key to success.
Okay, so its a process. How does that change anything? According to Duplessie, the most important process to navigate is learning how to treat data differently. Instead of asking how to store data, organizations must ask how to classify data and make it more available, reliable, and useful at an appropriate cost.
Data itself is the relevant consideration, not the infrastructure, Duplessie said. How we treat data, secure data, and use data all have very specific tactical and strategic ramifications.
For instance, when TJXs (the parent company of retail chains TJ Maxx, Marshall's and Bobs Stores), customer data was stolen by hackers this past month, the companys problem wasnt that it lost data to outsiders. Nearly every credit card on the planet has fraud protection. The problem was they valued secrecy over disclosure and the public is now outraged.
TJX had legitimate reasons involving forensics and attempts to minimize the damage, but they underestimated how customers would react to a perceived cover-up. Clearly, their incident-response process needs to be revised, and no security system in the world can protect you from public relations nightmares.
Now, besides negative publicity and customer defections, TJX also faces a class-action lawsuit, which engenders its own data discovery requirements. Its a tactical and strategic mess and one that wont be solved by technology alone.
Data is Data
How does the TJX case relate to ILM? It illustrates how valuing the wrong thing can come back to haunt you. Hackers breaking into databases is so common now that security expert Bruce Schneier estimates everyone in the U.S. has had their personal information stored on at least one compromised system.
How ILM can help is by transforming data from just raw information to more granular categories of information, each with its own security, availability, and recoverability requirements. Too often, data is just data, no matter its sensitivity.Developing data hierarchies is the foundation of ILM. The idea is that less critical data can be moved to cheaper, less available storage. Less sensitive data can have easier access requirements.
The first step, though, is to do a data inventory and then determine value. Enterprise search tools like those from Google, FAST, or Endeca will dig up whatever data youre looking for, while tools from Kazeon, StoredIQ, and EMC with its Infoscape product will help you figure out how to classify that data.
Thats the easy part. The hard part is determining value.
This is the biggest ILM abyss, said Brian Babineau, analyst for The Enterprise Strategy Group. Departments will bicker and personal agendas may trump true value. There are few types of data that everyone will value similarly. Confidential customer records and things like credit card numbers will have a high value, Babineau said. Beyond that, its up for grabs.
If its just a file server where people can keep old Powerpoints, you dont need expensive infrastructure, Babineau said. Objectively, this is true, but Babineau noted the trouble with this logic is someone in marketing or some C-level executive may disagree with archiving these files. All of their data is especially important, they believe.
One shortcut that avoids intra-organizational feuds is to rate the data by how frequently and how recently it has been accessed. The data resides on the optimal tier of storage based on usage and cost requirements, said Bruce Kornfeld, VP of marketing for Compellent, an enterprise storage vendor. You want the lowest tier possible without impacting performance.
This makes good sense except in those rare instances when infrequently accessed data is of the utmost importance. National defense and nuclear launch codes are good examples, said Dan Cobb, CTO of EMCs Information Management Software Group.
This is an extreme example, he said, but if Im in national security, I want the launch codes on the highest level possibly, and I hope that I never actually access them. A less extreme example is your customers personal information. You can move it to less available storage, but never less secure storage.
Kornfeld noted that a frequency- and time-based system can adapt quickly to changing values, dynamically moving newly important data to higher tiers. Additionally, most systems have overrides, allowing you to lock certain information to specific types of storage.
Assuming your organization can agree on some data policies, whats next? Cobb reiterated the need for articulating concrete business goals. The most important thing to do is to meet the needs of the business, in terms of cost, service level, IT efficiency, risk management, security, and recoverability.
If ILM makes data more available and secure, while lowering your costs, then its value is obvious. However, Kornfeld cautioned against ignoring the implementation pains that some solutions necessitate.
Often, ILM doesnt get implemented due to labor issues, he said. Many solutions in the industry require the manual movement of storage among tiers, which can push ROI well off into the future and place too much of a burden on IT.
Cobb warned against looking at ILM too narrowly. Parts of the industry believe that ILM equals tiered storage. Thats not the most valuable thing to business. A holistic approach to policy is where the value is, he said. You need to ask ILM vendors how they store, protect, and optimize information. All of these are important and none can be taken in isolation.