Wrestling the storage animal

Managing ever-increasing amounts of data while complying with corporate governance and legislative requirements is something every IT department is considering at present, or should be, anyway. From local legislation like the EC Act, to international regulations such as Sarbanes-Oxley and the like, managing the data beast is becoming critical.

Data that is currently being created needs to be available for use, has to be stored to be referenced in the near future, and needs to be stored and easily retrievable in the long-term in terms of regulations and legislation.

Constantly changing storage media means that data stored on older media becomes unusable once the media used to read it becomes obsolete. While vendors are getting better at ensuring backwards compatibility between various iterations of their products, ensuring that data is always available on readable media is still yet another item on the data management to-do list.

Data that needs to be available for up to 10 years cannot, for obvious reasons, be left on expensive high-end storage. It also cannot merely be dumped to tape and sent to offsite archives - if only because it takes too long to retrieve, and tape media can be notoriously unreliable. Managing and storing data effectively and efficiently thus requires sound policy, efficient processes and management tools to automate these policies and procedures.

Notes CA senior storage solution strategist Sagaran Naidoo: "Companies need to retain, manage and secure data, ensure it is not tampered with and be able to ensure discovery within a reasonable timeframe when required, all in terms of different sets of requirements and regulations, including company policy. As far as discovery is concerned, you need something that is purpose-built to support litigation and auditing requirements, and businesses need to take this into account."

Says Business Connexion operations manager for EMC, Vic Booysen: "The critical thing at the moment is to have information move during its life cycle."

He says companies need to put tiered storage infrastructures in place, from high-end, high-speed, high-cost storage for current data, and lower-end, cheaper and slower discs for archived data. This ensures data needed for compliance remains online, but isn't taking up valuable space needed for data that is used for day-to-day operations.

The critical thing is to have information move during its life cycle.

Vic Booysen, operations manager for EMC, Business Connexion

"Once you have tiered infrastructure, you need to put business policies in place to move data across the enterprise from its date of creation to the date of deletion. Proper, business-driven policies and software will enable data to move around the enterprise, across applications. Any one application must be able to read data created by another. For example, HR systems should be able to read data generated by financial systems," he says.

A major risk to corporates these days is the data stored on mobile devices that, in theory, are backed up on a regular basis, but in practice, are not necessarily backed up at all. Of further consideration is the data stored on desktops, also not usually backed up, and the personal archives (like e-mail) that companies must now back up and archive.

The threat from personal archives is two-fold. Firstly, offensive material in an employee's private mailbox may be taken onto a corporate server, or conversely, critical company information may not be backed up, such as electronic confirmation of a contract. The third challenge around backups is backup windows. As data volumes get larger, simply backing up changes to stored data can take an increasingly long time.

Storage is getting cheaper every year, but people fail to decrease costs.

Grant Morgan, data centre and storage solutions GM, Dimension Data

"Disk is like paper," says Dimension Data's data centre and storage solutions GM Grant Morgan. "You just have to keep buying it. With that mentality, there has been a lot of waste."

Symantec estimates that data volumes are doubling every two years, while average storage utilisation rates remain at 30% to 35%.*

"This means that 70% of storage is going to waste," says Morgan. "Storage management and storage as a service are thus becoming important. We're seeing people tackle this in four phases. Firstly, what have we got, what is being utilised and where are we losing it?"

Once this is done, Morgan says, the next step is to tackle the job of improving utilisation.

"You need visibility from the storage and the server side. Put it together and start reclaiming [lost or unused storage]. Set targets, set objectives, reclaim it and use it through tiering."

The third phase, he adds, is to start transforming storage operations and to put tools in place that allow for provisioning at a click, which means storage is allocated in minutes instead of hours or weeks.

"From there, integrating with business processes, setting service level agreements and agreeing on charge-backs based on service provision is the next step," he says, noting that only once business units are being charged back on a usage basis will the organisation start seeing returns.

"Once you've defined service levels and designed classes of service [bronze, silver, gold or platinum], you then implement a decreasing charge-back model. Storage is getting cheaper every year, but people fail to decrease costs, so you get rebellious business units going out to buy their own. You need to have a model where the charges decrease by 20% to 25% per annum on a per-gigabyte basis. Also, write decreasing costs into the contract with your supplier."

Companies need to get a handle on what storage they have, where it is being used and where it can be better utilised. A storage policy needs to be designed, implemented and documented to cover data retention and management. Furthermore, companies need to understand the difference between backups and archives, and should design policies appropriately.

Digitising paper records, says BCX's Booysen, is one of the reasons that storage volumes are growing so rapidly. That said, this needs to be done, and newly created or newly digitised data needs to be managed according to the policy, which, naturally, needs to be enforced or it will not be worth the paper it is printed on.

CA's Naidoo points out that there is a much higher degree of concern around storage costs than compliance in South Africa. He says only once the first CIO goes to jail will people stand up and notice. The only question is: do you want to be the first one?

* News release - Symantec launches strategy to unite enterprise storage environments - 12 June 2007