How to evaluate policy manager software
Storage has no intrinsic knowledge of what it's storing -- a storage system does not understand the relative importance of data to the enterprise. Policy manager software (policy managers) provides the guidelines that dictate which data to store, where to store it, when to move it and, finally, when to dispose of the data once it's aged.
Policy managers must support a wide range of data types including structured data such as databases and email, unstructured data such as documents and rich media, and semi-structured data such as spreadsheets. Policy managers also rely on heterogeneity to support an assortment of storage tiers and systems, automatically moving data from Tier 1 to Tier 2 and finally to archival storage over time. The software must also scale to accommodate huge numbers of files across hundreds of terabytes of storage, and to maintain records of every activity to address compliance needs.
To optimize the use of policy managers, storage professionals should have a thorough understanding of the data being stored in the organization, its relative value to the business and associated compliance requirements, and the appropriate retention goals to meet those needs. Storage administrators should start to think about retention before the policy management step, since automated policies are often derived from legacy (paper) retention policies.
SearchStorage.com has already covered the issues involved in any archive product purchase. Here is a list of the criteria for purchasing policy manager software from vendors such as Abrevity, IBM, StoredIQ, Symantec Corp. and others.
Criteria for purchasing policy manager software
Supported data types Policy managers apply and enforce rules based on file types. Some policy managers focus on structured (or semi-structured) data, specializing in database or spreadsheet management. Most tools support today's broader range of unstructured data.. For example, the Information Governance product from StoredIQ can establish policies for files, documents, archives, email messages and data within document management systems. Policy managers support "alternative media" such as video and audio -- both as attachments for email and as stand-alone data.It's important to consider policy managers that offer superior support for the file types that are relevant to your business or industry.
Scope of retention, hold and deletion features Policy managers influence data retention, so the product must be able to track data between storage locations based on policy rules like data type, age, or access frequency and then define how long that data should be retained. For example, a policy manager might be configured to retain all document data on Tier 1 storage for 60 days, on Tier 2 storage for one year, and on Tier 3 (archive) storage for 10 years before deleting it. Any data that becomes subject to litigation must be exempted from the normal retention and deletion policy. Data (not under hold) that meets its retention period should be deleted with relevant proof of its deletion in accordance with corporate and regulatory policies.
Data movement features or integration with data mover software Policy managers often complement retention features by including data movement (migration) capabilities -- shuffling data down through the organization's storage tiers until the data "ages out" and is deleted. However, not all policy managers can move data. If the policy manager does not handle tasks like data migration or deletion directly, it must interface with other tools to meet those specific tasks.
Compliance objectives Organizations implement Policy Managers in order to help meet their regulatory compliance objectives in terms of retention and deletion. Companies are often subject to more than one set of compliance regulations, so it's important to understand the compliance needs of your organization before selecting a policy manager. For example, a health care provider may need to retain certain documents for five years under Sarbanes-Oxley, but HIPAA may require the same documents be retained for seven years. The policy manager should provide the intelligence to accommodate multiple compliance needs. Corporate compliance officers or legal council can assist in sorting out the organization's data retention needs.
Scalability in storage coverage or file counts. Policy manager features should scale to accommodate growing data volumes and an increasing number of files. When selecting a policy manager, consider the amount of storage (or the number of objects) that the policy manager must accommodate by the end of its anticipated working life -- don't select a policy manager against today's figures. For example, StoredIQ's product can index up to 200 million files, Sun's product cites a practical limit of 300 million files, and IBM's DDR550 platform touts support for about 500 million objects.
Virtualized storage environment support. Storage virtualization implements a layer of abstraction between physical storage and the applications that use storage. Ideally, virtualization enhances heterogeneity, forming one ubiquitous storage pool and improving storage utilization. However, virtualization can also be problematic for management applications, you should verify that the policy manager will operate properly in your virtualized environment -- or will support storage virtualization if it is implemented later on. Otherwise, you may face an incompatibility that will render the policy manager or the virtualization layer unusable.
Reporting and auditing features. Policy managers need to keep track of the data they are managing. Anytime that data is added, moved, held,or deleted, that activity should be logged and made available for review. Logging provides confirmation of the policy manager's behavior, and the log may be essential evidence during litigation or a compliance audit. For example, suppose an old file is appropriately deleted according to established retention policies. If that data is later requested during a discovery process, the log reporting its disposition may be the only protection your company has against charges of spoliation. Make sure that the product's reporting/logging features are suitable for your specific business or industry.
Storage platform integration and system requirements. Policy managers must interoperate with multiple storage tiers and numerous storage platforms, so heterogeneity in your storage environment is crucial. Thorough testing can often identify incompatibilities prior to the purchase.
Following are the product specifications for the following policy manager software products:
- Abrevity; FileData Manager
- ByCast Inc.; StorageGrid software
- IBM; DR550
- Solix Technologies Inc.; Enterprise Data Management suite
- StoredIQ; Information Governance
- Sun Microsystems Inc.; Sun Customer Ready Infinite Archive System
Symantec Corp.; Enterprise Vault
10 Apr 2008