Hidden threats to data


This article can also be found in the Premium Editorial Download "Storage magazine: Better disaster recovery testing techniques."

Download it now to read this article plus other related content.

Roles and responsibilities: Well-defined roles and responsibilities are essential, but lines of demarcation between job functions must be clearly drawn. In many organizations, these lines are often vague and responsibilities seem to overlap. For example, who's responsible for host bus adapter installations--the server group or storage staff? Another example may involve interaction between backup architects and operations staff regarding ownership of backup servers and the backup LAN. Poorly defined responsibilities could result in important activities being overlooked, leaving data insufficiently protected.

In most organizations, IT services are requested in a variety of ways and in a timeframe that inevitably requires an understanding of cross-functional workflow, inputs, outputs, handoffs and control points. A classic example of such a cross-functional requirement is the process governing change control and provisioning. The interactions, roles, responsibilities and cross-functional handoffs involved in these processes must be documented and understood, and buy-in by all those participating in the process is required. If roles, responsibilities and demarcation lines aren't clearly understood, there will be no accountability.

Staffing and organization: Staffing levels ensure that defined responsibilities can be met, but they're often a cause of friction between IT and those who control the budget. This contention may be exacerbated because IT often

Requires Free Membership to View

has difficulty making an empirical case for staffing (see "Building a staffing model," below). The old adage of "X number of storage administrators per a certain number of terabytes" is too broad to be useful. A method to calculate workload for each task based on tangible entities such as alerts, provisioning requests and changes is essential to make accurate staffing decisions. This ensures that workloads can be staffed without compromising service levels or opening the firm to risk by using underskilled people for critical storage tasks.

Procedures: Standard operating procedures (SOPs) are a key element to mitigating risk. Procedures need to be in place to ensure data consistency and quality. SOPs provide a baseline, demonstrate to auditors that a defined process has been executed, and show that compliance, completion and quality metrics have been produced. SOPs allow a consistently repeatable process with lower-level skills. Without SOPs, consistent results can't be guaranteed.

Building a staffing model
An understaffed storage department contributes to risk when mistakes are made or staffers take risky shortcuts. Each company's unique blend of skills and capabilities will influence its staffing model, but the following assumptions can serve as a baseline development model.

The first step is to list the number of major technologies used in storage and backup. Typically, an individual can competently master three significant technologies. You should also consider the requirements for daily operational activities such as provisioning, tape handling and responding to alerts. Finally, complexity factors are used to weight the calculation. These factors might include the physical complexity of the environment, average skill levels and perhaps the maturity of standard operating procedures.

An example of a baseline staffing model:

The table demonstrates a staffing algorithm that considers the impact of heterogeneous technologies, operational transaction volume levels and other complexity factors within a storage environment. Each of the three areas (technology, transaction and complexity) has weighting/assumption criteria (shown on the right). The data on the left in each area will be weighted by the criteria on the right (e.g., 5,000 tape ejects at 2,500 ejects/person = 2 people). 

Assumptions for each parameter are general-purpose values based on experience within a number of environments, but can be fine-tuned as appropriate to fit the needs of a specific situation.

This was first published in October 2005

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: