Growing regulatory requirements for data retention and encryption are forcing enterprises to overhaul their data management strategies.
Already beset with the cost and complexity of their storage and data protection systems, they now must add whole new layers of intelligence to distinguish how different types of data are encrypted, retained, archived and retrieved.
This has generated a burst of interest in information management strategies, often called information life-cycle management (ILM). This concept takes a top-down, application-centric approach to managing information according to its value across its lifetime. Effective ILM demands a rigorously structured data management strategy, often called data life-cycle management (DLM). While it can be confused with ILM, DLM is the infrastructure that enables ILM. For ILM to be implemented successfully by an enterprise, DLM solutions must be designed to meet the needs of ILM.
For an analogy on how a sound technology structure can enable new methods for extracting increasing value from assets, consider the evolution of money management. In the past, when you wanted to store money, it was very simple: You brought it to the bank, and the bank would store it. Whether you wanted to store it for a long time or a short time wouldn't matter; the bank would store it the same way.
Today, individuals and companies manage money according to its investment goal and time value across a wide range of financial systems and products. Short-term funds remain in checking or money-market accounts. Money that isn't needed for several months goes to CDs or treasury bills. And longer-term funds go into stocks and corporate bonds.
Technology has allowed us to automate the flow and management of money. Our paychecks are directly deposited. Spare cash in brokerage accounts is swept into money-market funds. Dividends are automatically reinvested. And automated bill payment has replaced check-writing. Personal finance software goes out on the Internet and captures all of our financial transactions, directing them to the proper accounts, reporting our financial position and balancing our accounts. Continuing the analogy, accurate reporting and accounting is demanded by regulations. Violations can lead to penalties and fines.
Because of regulatory and legal demands for document retention and discovery, companies can no longer afford to keep storing their data like an old-fashioned bank stored money. Instead, the data needs to be processed upfront and handled differently depending on its value. To enable effective ILM strategies, DLM solutions need to automate the flow of data across all types of storage, from the moment it enters the system until it is deleted. These automated, policy-based systems must handle the classification, encryption, segregation, movement, protection and retention of the data.
The DLM foundation needed to enable ILM handles three key functions:
Data protection: This means protecting data across all tiers of the storage hierarchy, providing fast and efficient backup and recovery. Regulatory and legal requirements for document retention and discovery require that for any file, any volume, any directory, companies must know where it is at any point in time, and must be able to retrieve it rapidly and with 100% accuracy.
Data retention and compliance: This involves automated management of data movement, encryption and archiving for all data types and applications. It demands policy-based systems to ensure compliance with a wide range of regulatory requirements mandating varying data retention periods and encryption methods, and segregating sensitive data between departments or users.
Data resource management: This involves systems to manage resource allocation and storage efficiency. Data resource management systems help companies categorize their data, the data's location and its rate of growth; identify data redundancy and enable consolidation; and conduct provisioning.
Data movement lies at the core of DLM. The success of a DLM implementation will rest on its ability to manage and track the movement of data between storage tiers, automatically and according to policy, whether it is live data, replicated data, snapshots, near-line disk storage, tapes or off-site archives.
In building a DLM foundation, IT managers are advised to keep these key points in mind:
- An open architecture is crucial to enable data management across heterogeneous systems and to avoid vendor lock-in. Broad ILM solutions aren't going to be pulled off by any one company. The complexity of the problem requires a range of components: document management systems, encryption software, data movement software, data protection software and storage hardware. Use standards-based systems that work with the hardware and software of multiple vendors.
- Data needs to be secure as it moves through the system. This requires encryption at the front end, and at the storage device, to ensure that unencrypted data isn't viewed or altered as it passes through the network.
- Data needs to be classified, and retention policies need to be applied at the beginning of the process, when it is created, not at the end. The classification needs to follow the data throughout its life cycle. In the short term, it may appear cheaper to store data and worry about its contents later, but organizations do so at their peril. It often costs hundreds of thousands of dollars to meet a legal requirement for document discovery by sifting through backup tapes to find a needle in a haystack.
Francois Gauthier is chief technology officer of Atempo, a California-based independent software vendor specializing in data protection and data management enabling information life-cycle strategies.