Information lifecycle management (ILM) has become a familiar acronym in storage, but storage professionals aren't buying into it with much enthusiasm. Despite the hype surrounding ILM, or maybe because of it, storage managers aren't just in a quandary about their next move--in many cases, they simply don't know where to start.
ILM is a complex process; it's not just a matter of moving infrequently accessed information to inexpensive storage. It involves the greater challenge of addressing the overall holistic management of information from its creation to its demise. This requires an effective method of classifying data, but this is only part of the picture. Accessibility, archiving, migration, backup and recovery must also be addressed and integrated with corporate security and business-continuity frameworks. In addition, any effective ILM system must provide a mechanism for finding specific pieces of information based on indexed keywords.
The ILM process includes:
- Determining information classes based on the business importance of the information (critical to disposable), as well as security and privacy requirements (public, customer or confidential).
- Understanding when each class is created, accessed and retained, and when it can be deleted.
- Assigning a policy to each class of information that defines backup, recovery, accessibility and storage requirements throughout its lifecycle.
As if the concept of ILM alone didn't conjure enough confusion, some established vendors are relabeling existing products as ILM tools. A liberal definition of ILM may suggest that any product dealing with information at the storage level for migration, backup, recovery, archiving or replication could be construed as an ILM product. But that's far too simplistic. ILM tools should also provide a holistic approach to information management.
While there's no immediate solution that will satisfy all ILM requirements, there are applications available that solve common information management issues for electronic messages, document repositories and databases. Sorting through them to find the most appropriate solution is the key.
When implementing an ILM system, users should look for three main functions:
- Mobility–moving information between storage platforms or tiers.
- Management–interfacing with the application managing the information.
- Organization–having the ability to track, index and retrieve the information.
There are also several key characteristics users should identify when assessing ILM tools. ILM products that move information around the storage hierarchy should be capable of maintaining metadata information so that the original application or user can locate and retrieve it. Most current ILM tools don't integrate with middleware applications and rely on the application that created the data to move the information to different storage tiers.
Users should note how information is managed to ensure it's protected and integrated with the file owner's application. For example, you should determine if the tool interacts with the information application so that its data continues to be backed up appropriately, or if it provides a pointer to the information for an audit trail or tracking. In addition, an ILM application should provide some structure and organization to the information. Ask how data is classified using the metadata and indexing so it can be searched and retrieved easily. Ideally, the application should let you find information, regardless of its location on different tiers of disk or on tape, using search criteria such as dates, keywords, topics or file type.
Unfortunately, a "magic bullet" ILM tool that correlates, monitors, tracks and manages all structured and unstructured information isn't even on the horizon. But there are many point solutions that are mature and effective at managing certain information pools. The most mature product areas in this arena are electronic messaging, document and database archiving and management. All allow for indexing and categorization of the metadata associated with the storage medium, and all can provide some insight into the information contained within messages and documents.
Tools that monitor, report and manage file-level information in Windows and Unix environments are also beginning to appear. These products are designed to view file systems, find old and infrequently accessed files, and to assist with some level of migration among storage tiers. Some of these products allow you to traverse file systems, review files and produce reports on stale files, orphaned files, files not accessed for a specified period of time, duplicate files, specific file extensions and more.
|A real ILM tool will:|
While the ILM application market matures, organizations should do two things:
- Evaluate and purchase tools that can be managed effectively for compliance and other legal reasons.
- Review the people, processes and policies related to information management.
Companies that have embarked upon this process realize it's not solely an IT function, but rather a corporate effort that requires information owners and legal, management and compliance groups. Once the genesis, metamorphosis and demise of information are understood, businesses can apply policies for storing, securing, backing up and recovering information.
ILM evaluators are frequently asked to justify a return on investment or a TCO for an ILM project. But this may be shortsighted. In Information Nation: Seven Keys to Information Management Compliance, Randolph A. Kahn and Barclay T. Blair write: "One must ask what the cost and risk of doing nothing would be: the total cost of failure." We no longer have a choice about whether to organize, track and retrieve information on demand. Companies have paid dearly because they weren't able to produce information in a timely manner. Some have been penalized for not auditing policies, and ensuring their enforcement and compliance. Firms must weigh the expense of instituting information management practices against the risk of litigation and damage to their reputations.
Information Management Framework
Whether considering ILM or not, companies should build an information management framework with the data lifecycle in mind. In assessing current operations, these questions should be asked:
- What are the policies for access, retention and deletion of information?
- How is storage monitored, managed and reported for insight into holistic management?
- How is storage tiered to make the most efficient use of assets?
- How are information classes protected and integrated with security and business-continuity objectives?
Simple adjustments, such as using standard naming conventions for unstructured files, can make a difference by providing an intuitive template for finding information. For example, a specifically formatted name along with a timestamp, customer name, owner or other identifier lets information be organized and retrieved.
Socializing and adapting an enterprise to the concept of information management with assigned ownership and fiduciary responsibilities is key. Many companies are forming document management groups or task forces to focus on the treatment of information. While firms often choose IT groups to spearhead these initiatives, some put the onus on the information owner because they understand the nuances of the information.
This information awareness and socialization exercise will challenge many corporations, as everyone in the information path will have different expectations and opinions about the value of information. Not surprisingly, most business units and application owners will insist that their information is the most critical and should therefore receive the highest performance and recovery SLAs. So it's important to identify an arbiter who will make the final decisions.
Today, compliance and privacy laws are the major drivers of ILM. Regulatory requirements can be encapsulated so that policies and practices account for the availability, authenticity, accessibility, security, recoverability, documentation, audit and checkpoints for the treatment of information. The ramifications of compliance affect people, processes and technology. Organizations must understand how the underlying technology needs to be architected to satisfy compliance requirements. Executives must consider how security and business-continuity frameworks overlap and complement the information management framework.
These actionable items will help you find the right tools to build an information management framework:
- Complete a data flow diagram and understand how all information is created, accessed, protected, retained and when it can be deleted.
- Don't cheat on policies for information. Have policies in place that dictate the treatment of information no matter what the situation requires.
- Examine the tools used to manage information, including backup, migration, archival and access, and determine how they interact and integrate with the information applications. Identify the tools that satisfy your immediate and future needs, and provide an integration roadmap that meets information management goals and objectives.
- Start now. Take advantage of tools that can manage certain information pools, and expand the use of these tools for the other types of information they can manage effectively.