Recently this column has focused on methods for data disaster avoidance and recovery -- "the dark side of storage management" if you will. While effective data protection is an important dimension of good systems stewardship and a requirement increasingly imposed by a burgeoning regime of laws and regulations in the US, it is more often than not contextualized simply as a response to threats from terrorists, hackers, and other disgruntled users.
The situation has reached a point where we can expect, following a wave of the latest virus-laden email, that there will be a follow-up wave of spam messages from anti-virus software makers warning us that it could happen again if we don't install their wares. This is an interesting observation given that anti-virus software is essentially a protective measure that is only effective in blocking yesterday's virus patterns and not tomorrow's. I think of it as a modern equivalent of the Maginot Line, which was deployed to prevent a repeat of World War I, but failed to consider the mechanized and airborne combat techniques that characterized World War II and rendered it obsolete before it was completed.
Similarly, over the past couple of weeks, the power outage in the Northeast and Hurricane Isabel generated torrents of unsolicited e-mail from vendors of power protection gear. These messages advised that power-related disasters were likely to happen to us again and again if we didn't buy the senders' brand of surge arrestors
I was personally put off by all of the full page ads purchased lately by one storage management software vendor that declared its products to be synonymous with disaster recovery. Interesting observation that, considering the many problems my clients have reported with the software's volume manager, which has a tendency to abend during volume resizing operations and, in so doing, to delete all of the file handles from existing volumes: creating a very big data disaster. The same vendor's product introduces a write penalty when used with many third party tape backup and restore software packages that can slow data restore from tape to about 1TB per 100 hours.
The threats cited by all of these vendors are real, of course. However, it bothers me that vendors continue to pitch data security and recovery technology simply on the basis of fear, uncertainty and doubt (FUD). The ultimate effect of such campaigns is to whip the emotions of consumers into such a frenzy that earnest IT souls look rather like frothing-at-the-mouth doomsayers when they approach management for funding of their data protection strategies. Moreover, in their efforts to "educate" non-technical business managers through FUD campaigns, the effect they achieve is often the reverse of what is intended. The vendors inadvertently communicate a sense of hopelessness or powerlessness in the mind of the business manager, which doesn't inspire his or her approval of the IT manager's request for data protection strategy funding. Worse yet, the barrage of FUD often dulls management's sense of the efficacy of data protection.
Recently, the FUD campaigns have taken another twist as vendors target each other's solutions. Several name brand firms, for example, have begun talking down the technologies of burgeoning competitors, who are usually second-tier storage companies like Nexsan or XIOtech or innovative start-ups like Revivio or Avamar Technologies. Rather than evaluating the technologies in a meaningful way by measuring their performance, throughput, and compatibility, these vendors are raising an emotional issue of "trust." They're striving to generate fear, uncertainty and doubt in the consumer mind about the technologies of the small vendors that threaten to nibble at their stranglehold on customer accounts.
This phenomenon first appeared at the 2003 Veritas Vision conference with an unprecedented condemnation by an Intel Corporation speaker of several new disk-to-disk data protection technologies. The speaker said that internal testing had revealed these products to possess such poor performance and reliability that the storage manager should ask himself the question, "Do I feel comfortable entrusting my critical data to these products?" No evidence or details of testing methodology were provided. The only thing that the products shared in common was that none used Intel or Veritas technology.
I have been made aware of similar campaigns that are about to be launched by other vendors with three-letter acronyms for names. So, be on the lookout for FUD to be taken to the next level.
A final word of guidance to those involved in data protection: it is increasingly critical for data protection capabilities to be considered at the time of infrastructure design and product selection, rather than as a bolt-on-after-deployment. In this way, protected configurations can participate in the general business value case made to management for platform acquisition. Technology is being purchased today only if a compelling case can be made for its business value in terms of cost-savings, business enablement, and risk reduction. After-the-fact data protection additions tend to avail themselves only of a risk reduction business value proposition and make a less compelling argument to budget conscious business managers.
That's all for now, except for one other timely piece of news for the Halloween season: when you have a chance, check out www.transorbital.net, which is promoting a unique data protection strategy: placing backup data on the moon. Presumably, data will be safer there than here.
This was first published in September 2003