Use ILM to Store Data Properly and Securely - Page 1

Compliance with regulations like HIPPA and GLBA requires data to be stored in a way that protects personal information. Disaster recovery means backup data must be available at a moment’s notice to ensure business continuity.

The ILM "Solution"

Is there any way to logically balance data storage requirements without driving IT mad? Information lifecycle management (ILM) vendors believe so, and they think they are properly positioned to rescue data from these storage nightmares.

The problem, though, is ILM is more of a concept than a product, so you can’t expect to buy a solution that will solve all of your problems.

“ILM is a catch-all that can mean just about anything,” said Steve Duplessie, senior analyst, The Enterprise Strategy Group. The first step, as usual, is planning. But, before you plan, you must clearly define your organization’s problems and search for solutions that solve those problems. “If they just say ‘we are an ILM vendor,’ close the door,” Duplessie warned.

When talking to analysts and vendors about ILM, the overriding theme was that ILM is a process not a product. If you’ve been in IT for more than two weeks, you’ve heard this logic before. Whether it’s about security, collaboration, or ILM, you’ve been told the business process, not the technology, is the key to success.

Okay, so it’s a process. How does that change anything? According to Duplessie, the most important process to navigate is learning how to treat data differently. Instead of asking how to store data, organizations must ask how to classify data and make it more available, reliable, and useful — at an appropriate cost.

“Data itself is the relevant consideration, not the infrastructure,” Duplessie said. “How we treat data, secure data, and use data all have very specific tactical and strategic ramifications.”

For instance, when TJX’s (the parent company of retail chains TJ Maxx, Marshall's and Bob’s Stores), customer data was stolen by hackers this past month, the company’s problem wasn’t that it lost data to outsiders. Nearly every credit card on the planet has fraud protection. The problem was they valued secrecy over disclosure and the public is now outraged.

TJX had legitimate reasons involving forensics and attempts to minimize the damage, but they underestimated how customers would react to a perceived cover-up. Clearly, their incident-response process needs to be revised, and no security system in the world can protect you from public relations nightmares.

Now, besides negative publicity and customer defections, TJX also faces a class-action lawsuit, which engenders its own data discovery requirements. It’s a tactical and strategic mess and one that won’t be solved by technology alone.

Data is Data

How does the TJX case relate to ILM? It illustrates how valuing the wrong thing can come back to haunt you. Hackers breaking into databases is so common now that security expert Bruce Schneier estimates everyone in the U.S. has had their personal information stored on at least one compromised system.

How ILM can help is by transforming data from just raw information to more granular categories of information, each with its own security, availability, and recoverability requirements. Too often, data is just data, no matter its sensitivity.