During a recent discussion about data management and storage, the basic question arose about policies: who sets them and how?
A seemingly simple question, but unfortunately in many environments the answer is not as straight forward as would be hoped. The issue is not that policies don't get set but that the right people may not be setting them. Each day in companies across the country decisions are made based on operational factors like needing to free up tape library or disk capacity rather than more appropriate business-related considerations.
What is the right approach to setting data management policies? The first step is to understand that there is a really a hierarchy of policies within the organization and all must be in place to manage data effectively. At the top are strategic policies. These are the laws of the organization that define at a high level the manner in which data will be managed, protected, and retained. Strategic policies provide the foundation for governance and oversight and tend to be statements of direction. These policies are established by senior management within the organization or specifically designated functional units tasked with an area such as regulatory compliance. A rule that storage will be provided under a service provider model with service level agreements and known costs is an example of a strategic policy.
Tactical policies support the achievement of strategic policies and focus on particular functional groups like storage. These policies address areas relating to accountability and execution of functions including provisioning, change management, data protection and security. Policies relating to who, where, and when to classify, archive, and purge data on a periodic basis represent tactical policies.
Operational policies are the rules that govern specific procedures. The actual activities related to moving data to an archive and purging would be governed by these policies. Sending tapes offsite on a daily basis, and multi-pathing hosts in a fabric are also examples of operational policy areas.
There are always operational policies in an organization whether they have been formally established or not -- otherwise nothing gets done. The problem is that the required strategic and tactical policies are often lacking. The result is the misalignment that we hear so much about between business and IT.
Jim Damoulakis is chief technology officer of GlassHouse Technologies, a leading provider of independent storage services. He can be reached at firstname.lastname@example.org.