This article can also be found in the Premium Editorial Download "Storage magazine: The 15 top storage products of 2004."
Download it now to read this article plus other related content.
|A real ILM tool will:|
While the ILM application market matures, organizations should do two things:
- Evaluate and purchase tools that can be managed effectively for compliance and other legal reasons.
- Review the people, processes and policies related to information management.
Companies that have embarked upon this process realize it's not solely an IT function, but rather a corporate effort that requires information owners and legal, management and compliance groups. Once the genesis, metamorphosis and demise of information are understood, businesses can apply policies for storing, securing, backing up and recovering information.
ILM evaluators are frequently asked to justify a return on investment or a TCO for an ILM project. But this may be shortsighted. In Information Nation: Seven Keys to Information Management Compliance, Randolph A. Kahn and Barclay T. Blair write: "One must ask what the cost and risk of doing nothing would be: the total cost of failure." We no longer have a choice about whether to organize, track and retrieve information on demand. Companies have paid dearly because they weren't able to produce information in a timely manner. Some have been penalized for not auditing policies, and ensuring their enforcement and compliance. Firms must weigh the expense of instituting information management practices against the risk of litigation and damage to their reputations.
Information Management Framework
Whether considering ILM or not, companies should build an information management framework with the data lifecycle in mind. In assessing current operations, these questions should be asked:
- What are the policies for access, retention and deletion of information?
- How is storage monitored, managed and reported for insight into holistic management?
- How is storage tiered to make the most efficient use of assets?
- How are information classes protected and integrated with security and business-continuity objectives?
Simple adjustments, such as using standard naming conventions for unstructured files, can make a difference by providing an intuitive template for finding information. For example, a specifically formatted name along with a timestamp, customer name, owner or other identifier lets information be organized and retrieved.
Socializing and adapting an enterprise to the concept of information management with assigned ownership and fiduciary responsibilities is key. Many companies are forming document management groups or task forces to focus on the treatment of information. While firms often choose IT groups to spearhead these initiatives, some put the onus on the information owner because they understand the nuances of the information.
This information awareness and socialization exercise will challenge many corporations, as everyone in the information path will have different expectations and opinions about the value of information. Not surprisingly, most business units and application owners will insist that their information is the most critical and should therefore receive the highest performance and recovery SLAs. So it's important to identify an arbiter who will make the final decisions.
Today, compliance and privacy laws are the major drivers of ILM. Regulatory requirements can be encapsulated so that policies and practices account for the availability, authenticity, accessibility, security, recoverability, documentation, audit and checkpoints for the treatment of information. The ramifications of compliance affect people, processes and technology. Organizations must understand how the underlying technology needs to be architected to satisfy compliance requirements. Executives must consider how security and business-continuity frameworks overlap and complement the information management framework.
These actionable items will help you find the right tools to build an information management framework:
- Complete a data flow diagram and understand how all information is created, accessed, protected, retained and when it can be deleted.
- Don't cheat on policies for information. Have policies in place that dictate the treatment of information no matter what the situation requires.
- Examine the tools used to manage information, including backup, migration, archival and access, and determine how they interact and integrate with the information applications. Identify the tools that satisfy your immediate and future needs, and provide an integration roadmap that meets information management goals and objectives.
- Start now. Take advantage of tools that can manage certain information pools, and expand the use of these tools for the other types of information they can manage effectively.
This was first published in January 2005