Feature

The business aspect of data storage security

Ezine

This article can also be found in the Premium Editorial Download "Storage magazine: Survey says storage salaries are climbing."

Download it now to read this article plus other related content.

Subtle DR issues lurk around every corner
To meet recovery point objectives and recovery time objectives, strong DR practices depend on meticulous attention to detail. Services professionals I spoke with pointed to the following common areas where this discipline is lacking:

  • DR sites are often too close together. I heard several stories of large companies with DR facilities a few miles from production data centers. This model usually had historical roots to when a "disaster" equated to a hard disk crash.

    Back in the good old days, you could put your storage professionals in a car and drive them across town to grab some backup tapes. Unfortunately, today's disasters aren't as quaint. Storage professionals need to think in terms of events like Sept. 11 and Hurricane Katrina. Geographic separation is important when an entire area is out of commission and employees are too busy protecting their families to show up for work. This is such an important detail that the SEC once suggested (and nearly mandated) that DR facilities should be located hundreds of miles apart. If your DR facility is a short drive away, you'd better find a more distant location, pronto.


  • DR is built around systems not business applications. Storage professionals are trained to ensure that data is available, but raw data isn't very useful without the applications that turn ones and zeros into business processes.

    Requires Free Membership to View

  • To obviate this problem, storage professionals need to map data, files and LUNs to applications to understand data value and properly plan recovery, and then work with IT to establish a map of application interdependencies. This will help to ascertain the data's value and set the process for seamless recovery.


  • Testing is too high level. This results from an IT- and storage-centric perspective. I heard numerous stories about how storage professionals did regular DR testing of their storage and system infrastructure, but not all the way up to the application layer. Restoring business applications is certainly a harder task, but ask yourself this question: "Does anything else really matter?"
Data management is out of control
To me, the downside to the ever-lower price of magnetic disk is the challenge of managing data. Service professionals I spoke with reported that most people have a very limited knowledge about what they have stored and where it lives. Common scenarios include:
  • Loads of garbage. I heard identical stories from two different service providers after each one performed a storage assessment to determine the actual content being stored on an enterprise-class storage system. One found an IT administrator's complete music library, while the other found a terabyte of porn. To some extent this waste is understandable as it costs more to police disk utilization and content than it does to just let it go. Nevertheless, an employee's private terabyte directory is a bit excessive. This is especially true when it contains offensive material that could lead to legal trouble. Companies should adopt acceptable-use policies with strict penalties, but the storage team is a last line of defense. Audit storage content on a regular basis to avoid legal problems and unnecessary capital spending.


  • Confidential data proliferation is out of control. Many storage professionals have no clue as to how many copies of confidential data exist across the enterprise. One service company told me of an incident where they showed a distraught storage executive 12 copies of the payroll file. To be fair, this isn't solely a storage problem--it's chock full of user access, data replication and privacy policy issues. Nevertheless, the storage team needs to be a part of the solution by proactively monitoring data movement and embracing information lifecycle management tools as they become available.

This was first published in November 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: