Being a good steward of your company’s information

Today, we’re continuing our short series quizzing some of the analysts who will present keynotes at Network World’s IT Roadmap conference happening on March 20 in Boston (the conference will tour other cities – see below for details). The conference, which is free to qualified attendees, features talks by six analysts and case studies from four user organizations. The organizers of the event say the conference will be an opportunity for attendees to educate themselves on the IT issues that will be explored in six tracks: application and content security; wireless LANs and enterprise mobility; network and application acceleration; storage and data compliance; VoIP and collaboration; and network management.

A couple of weeks ago, we spoke to Nemertes Research analyst Andreas Antonopoulos, who is heading up the application and content security track. See our Q&A here. This week, we talk to John Burke, also a Nemertes Research analyst, who will moderate the storage and data compliance track. The theme of Burke’s talk is information stewardship: holistic data management in the enterprise. I asked him what is meant by information stewardship and what are the top issues for storage managers today and what issues and technologies are on the horizon. Here’s our Q&A:

Q: What will you discuss in your keynote?

A: I will discuss some of the current challenges in storage and compliance through the lens of information stewardship. Information stewardship is an organizing principle for dealing with institutional data, a framework of policy, practice, and tools to manage information from the time it enters your systems until the time when it is archived and removed. One of the key components of information stewardship is information lifecycle management (ILM), of which storage, storage networking, and storage management are parts. Another key component is compliance.

Q: What are the pros and cons of ILM, and what are the first steps to ILM?

A: ILM is a key component of information stewardship, and not an easy thing to implement. ILM is built around the idea that you need to have the right kinds of resources devoted to storing information at each phase of its life, both to ensure appropriate access to and security for that information, and to get the most out of each storage technology, whether the very expensive (RAM disks), the merely expensive (high-speed FC disks), the inexpensive (SATA disks) or the relatively cheap (buckets of tape). The hard things – and also the first steps – are the identification and classification of institutional data: getting your arms around where it is, what it is, how it needs to be stored.

Q: What is data quality management and what should organizations do to ensure DQM?

A: DQM is working to make sure that data entering your systems is clean and accurate and not duplicating existing records. In a sense, it is trying to reduce the amount of “garbage in” to thereby reduce the amount of “garbage out” – and possibly avoid compliance issues – in the future. DQM is strongly reliant on institutional culture – getting the people who handle data to invest themselves in collecting it accurately and handling it carefully – and on work processes that promote it. There are tools available now that can help with DQM, and organizations that use them (or even create their own) tend to be happier with their DQM than organizations that don’t.

Q: What should IT execs have done by now to ensure regulatory compliance for data?

A: First and foremost, know which regulations apply to them! This changes both as the pool of regulations changes and as the company changes – if it expands operations into California, for example, or overseas. If the effort to achieve compliance is not already being led by a compliance group – out of the legal department, perhaps, or existing as an independent entity – then IT should take the lead in assembling such a group, drawing members from HR, legal, and the business lines, and undertaking the requisite classification of data and users. With a compliance group in place, one of the most important remaining steps is outreach – educating the user community on the compliance framework within which they live, working with them to develop work processes that meet the needs of compliance. Certainly using tools can also be an important aid to achieving compliance in operations, but these organizational steps are important to making sure that a technological aid can be used properly.

Q: What is information protection and why is it a concern of IT pros?

A: Ensuring the security of information where it lives and when it is in transit is integral to proper stewardship of institutional data, and often a requirement of compliance.

Q: What is continuous data protection and what should customers ask when evaluating vendors of such products?

A: Continuous data protection is just what it sounds like – ongoing backup, capturing and logging each change to data as it is made. Of course, there is some wiggle room in actual implementations. Sometimes a CDP product does provide truly continuous and synchronous backup in that changed files are echoed off to a back-up system as they are created, or snapshots of a disk are logged each time blocks are modified. Other times, a product billing itself as providing CDP has to act in a more opportunistic and asynchronous fashion – say, on a laptop, where backup is continuous to a special area on a drive, which is then uploaded to back-up servers on a schedule or whenever the device is connected to the network.

When looking at services, for corporate laptops for example, you need to ask about granularity in time and in storage units, about methodologies – for example, compression, full backup of files each time, full plus incrementals, and if so, how many incrementals between fulls? And you need to ask about retention periods. If you are deploying a solution in-house, you need to consider all these factors while evaluating your users and their usage patterns. You also need to distinguish between CDP products for central servers vs. CDP for desktops, and between products that work at an operating system level (like the SprialLog file system) vs. those that work in the storage subsystems (as with disk snapshotting). One very important question to ask, especially with storage-hardware-based solutions, is: How many sites are currently using the CDP features in production, and can you talk to some of them?

Q: What are the mistakes that early adopters made in building this new storage infrastructure and what can we learn?

A: A couple of big mistakes people made along the way were:

1) trying to handle ILM as an IT initiative rather than an IT-led, all-inclusive effort, with the result that the business owners of data, those most in touch with its business importance, were not properly included in the key, early steps of identifying and classifying institutional data.

2) Paying too much attention to online storage technology and management and not enough to appropriate tools and processes for finding and recovering data that has migrated off the system. An important discovery many early adopters have made is that it pays to have a dedicated storage management group.

Q: What future technologies should organizations keep an open mind to as they implement this new storage infrastructure?

A: Right now, look for stronger, directory- and policy-driven security built into storage management, devices, and nets; and keep an eye on the possibility of consolidated data center networking in the near future – using the same switches for storage and servers. In the next year or so, watch developments like Sun’s Honeycomb project, which shifts more intelligence and processing power – and therefore more flexibility in function – into distributed, Ethernet-attached storage devices. In the slightly longer term, watch for holographic storage, especially for mass near-line storage.

Q: Why should attendees attend the storage and data compliance track in particular?

A: To get a jump on how to address a critical business imperative – stewarding institutional information throughout its lifecycle while meeting the challenges of compliance.

Q: What will be the key take-aways for attendees to the storage and data compliance track?

A: Concrete first steps to take in becoming good stewards of their organization’s information, and, via vendor case studies, how some of their peers have dealt with various aspects of the storage and compliance challenges associated with that stewardship.

* Network World IT Roadmap begins in Boston on March 20, more details can be found here. The conference will also travel to Chicago in June, Dallas in September and the Bay Area in November. You can pre-register here and be notified of the actual date when those details are available.