Features - Enterprise Data Insights:

THE EVOLUTION OF DATA PROTECTION: FROM BACKUP TO ILM
By Francois Gauthier, CTO, Atempo

The traditional notion of data protection in the enterprise is morphing rapidly. Systems designed for basic backup/restore or disaster recovery operations often lack the architectural flexibility and scope enterprises need as regulatory requirements drive them to adopt information lifecycle management (ILM) strategies.

Data protection once simply meant backup and restore. It later developed to include more comprehensive disaster recovery capabilities. But increasingly, a data protection strategy must accommodate data retention policies, security procedures, encryption and data migration across multiple tiers of storage technologies. The penalties for failed data protection are growing more severe -- huge fines have been levied against U.S. financial institutions and executive officers of these same firms are at incarceration risk for inadequate data retention and other data-management failures, and similar pressures are now building in healthcare and other industries.

Data protection is evolving now the way money management did over the past few decades. In the past, when you wanted to store money you simply brought it to the bank and the bank would store it. Whether you wanted to store it for a long time or a short time, the bank would store it the same way. Today, individuals and companies divide money into buckets, managing funds differently according to varying investment goal and time horizons. Short-term funds remain close at hand in money-market accounts, medium-term funds may go into Treasury notes, and longer-term funds go into stocks and corporate bonds. Technology automates the migration and management of funds across these instruments over time. Our paychecks are directly deposited, spare cash in brokerage accounts is swept into money-market funds, dividends are automatically reinvested, and automated bill payment has replaced check writing.

Just as financial technology manages the flow of funds, emerging ILM strategies manage the flow of data over time and across storage technologies. The core of a successful ILM strategy is an automated, intelligent system for data movement across functional and hierarchical storage tiers.

With growing regulatory requirements for document retention and security, together with all-too-common litigation-driven demands for document discovery, companies can no longer afford to keep storing their data the way an old-fashioned bank stored money. Instead, the data needs to be processed up front and handled differently depending on its value. Effective ILM strategies need to automate the flow of data across all types of storage, from the moment it enters the system until it is allowed to be deleted. These automated, policy-based systems must handle the classification, encryption, segregation, movement, protection and retention of data.

ILM, with its top-down, application-centric approach to managing information, in turn depends on Data Lifecycle Management (DLM) systems, which are bottom-up, data-centric technologies for managing data according to its value across its lifetime. Robust DLM systems manage three key functions that extend traditional data protection capabilities:

• Multi-tier data protection -- effective data protection systems must function seamlessly across all tiers of the storage hierarchy in use -- live data, replicated data, snapshots, disk-based nearline backups, tape and offsite archiving -- providing fast and efficient backup and recovery across these tiers. Regulatory and legal requirements for document retention and discovery demand that for any file, any volume, any directory, companies must know where it is at any point in time, and be able to retrieve it rapidly with 100% accuracy.

• Data retention and compliance -- data protection systems must provide or seamlessly mesh with systems for automated management of data movement, encryption and archiving for all data types and applications. This demands policy-based systems to ensure compliance with a wide range of regulatory requirements mandating varying data retention periods and encryption methods, and segregating sensitive data between departments or users.

• Data resource management (DRM) -- systems to manage resource allocation and storage efficiency. DRM systems help companies categorize their data, its location and its rate of growth; identify data redundancy and enable consolidation; and conduct provisioning.

As companies strengthen their data management systems to achieve regulatory compliance, the process will be made easier by following some key guidelines:

• Stick with an open architecture -- this enables data management across heterogeneous systems and helps companies avoid vendor lock-in. Broad ILM solutions aren't going to be pulled off by any one company. The complexity of the problem requires a range of components: document management systems, encryption software, data movement software, data protection software and storage hardware. Use standards-based systems that work with the hardware and software of multiple vendors.

• Data needs to be secure as it moves through the system. This requires encryption at the front-end to ensure that data is not viewed or altered as it passes through the network to its retention media.

• Data needs to be classified and retention policies applied at the beginning of the process, when it is created, not at the end. The classification needs to follow the data throughout its lifecycle. In the short-term, it may appear cheaper to simply store data and worry about its contents later, but organizations do so at their peril: it often costs hundreds of thousands of dollars to meet a legal requirement for document discovery by sifting through backup tapes to find a needle in a haystack.

When the CFO walks into your office and says the SEC is demanding that you retrieve a few dozen e-mails from the several million that passed through the corporate system in 2002, will you be able to produce them? Without a solid DLM foundation, your chances are slim; your corporation is at risk of being monetarily penalized and your executives may be at risk of being incarcerated. A robust and resilient infrastructure with well defined DLM solutions is the proper choice.

About Francois Gauthier

Francois Gauthier is chief technology officer of Atempo, a Palo Alto, Calif.-based independent software vendor specializing in data protection and data management enabling information life-cycle strategies.