This article can also be found in the Premium Editorial Download "Storage magazine: Inside the new Symmetrix DMX model offerings."
Download it now to read this article plus other related content.
Storage services groups have two main goals: to offer great storage services to business units and end users, and to cut IT costs. Although achieving these goals should be a primary focus, the storage group doesn't work in a vacuum. Storage service plans need to be well coordinated with overall IT strategy, direction and initiatives. This is exactly where things get dicey. Years of hype, technology churn and marginal ROI are driving major changes in IT departments. Outside influences like regulatory compliance and security threats will receive more and more IT attention. And budget dollars, which once ran like water, will continue to be tight for a long time.
Before proceeding with any independent plans, storage service managers need to prepare for these impending changes. Three of the most important trends to get ready for are IT governance, security strategy and the budget crunch.
Restoring sanity in IT governance
Let's face it, the period of time from 1995 through 2000 amounted to a five-year fire drill. Those days are gone forever. CIOs realize that they need a much stricter regimen of processes and procedures to improve operations, lower costs and cope with complexity. IT governance defines every day processes and procedures like configuration management, change management, incident management, availability management, capacity management and service-level management in a step-by-step, detailed manner. The two most
These best practices aren't the sexy part of IT that vendors and analyst tend to talk about, but they do help companies improve upon IT services and reduce costs. The results can be impressive. After adding ITIL standards to IT operations, Proctor & Gamble reduced its IT operating costs by 8%, while Help Desk calls declined by 10%.
Before putting your own operations plan in place, storage service managers should find out if the company is planning on moving toward an ITIL or CobiT model. If the answer is yes, structure the storage operations processes and procedures with this in mind. This will require a full understanding of what information needs to be collected and documented, what metrics will be required and which other groups within IT the storage services group will be working with. Training will also be important. The CIO will probably foot the bill for global ITIL or CobiT training, but the storage services group may want to customize a training class for its own purposes.
If your firm has no plans to move toward formal corporate governance, it's still worthwhile to look at the ITIL and CobiT specifications as a potential best practice model. After a review, storage service managers may come up with a few good ideas of their own. After all, these are widely supported international standards.
Companies have embraced the Internet as a vital business and communications tools but these benefits come with a price--greater security risk. According to the CERT Coordination Center, a center of Internet security expertise, computer viruses alone cost companies $15 billion in 2001. Many firms felt this pain directly by way of unwanted guests like Code Red or Nimda.
In a recent Morgan Stanley survey of 225 CIOs, security was their number two priority. This is especially true for companies in regulated industries. For example, the Graham-Leach-Bliley bill places new security requirements on financial services firm, while the Health Insurance Portability and Accounting (HIPPA) Act of 1996 creates pressures on healthcare providers.
When it comes to information security, many companies and IT departments are in transition. In the past, security was viewed as a technology problem that firewalls, intrusion detection systems, and virus protection could address. Numerous firms now realize that a technology-based view of security was too narrow and have expanded their efforts to include a combination of physical security, corporate security policies, and cultural changes. Like corporate governance, companies look to outside standards such as ISO 17799 for guidance in this area. ISO 17799 is a comprehensive set of security best practices including business continuity planning, system development and maintenance, physical/environmental security and security policy.
What has all this security activity have to do with storage services? Plenty. Just as with ITIL and CobiT, security is bound to introduce the need for new processes and skills within the storage group:
- Storage devices and software will need to be tested and monitored for security vulnerabilities;
- When any vulnerability arises, devices will need to be assessed for risk and patched as necessary, which may mean taking storage offline at a moment's notice;
- The storage team will be required to participate in a security emergency response team to isolate problems, minimize damage and perform computer forensics;
- Physical security may need to be enhanced and supported by sophisticated authentication technologies like biometrics;
- Due to the sensitive nature of the corporate data, managers may be required to do extensive background checks on potential hires; and finally
- If your company plans on implementing ISO 17799, the storage services group will have to coordinate with the security officer on a whole new set of guidelines for business continuity planning.
If your company has a chief information security officer, (CISO) make sure you open communications with them to understand any impending changes that will impact the storage group. If there is a plan to go forward with ISO 17799, get familiar with the specification and get involved with the planning effort. Upfront planning will help the storage services group adjust strategy, amend budgets and factor new costs into its service offerings.
This was first published in February 2003