Storage: Getting the strategy right
Q: Is there still a role for in-house storage?
Adam Day, storage category manager, Hewlett Packard Enterprise: There's most definitely still a role. As the world is progressing to hybrid IT, there will perhaps be a marriage between the traditional IT world and the cloud computing world. So, depending on what the business application is, there's definitely still a requirement to do in-house storage.
Claude Schuck, regional manager: Africa, Veeam: I think we get tied into concepts like onsite storage, offsite storage and cloud, but where we should start is application availability. This comes down to how important an application is to a business' requirements, and once this is determined, then a storage strategy should be figured out.
Belinda Milwidsky, IT manager, Fluxmans: It also depends on the type of organisation and who's running it. The law firm I work at, for instance, is not comfortable moving storage offsite and is very conservative when comes to considering things like cloud computing. Given the kind of sensitive data we are working with, we are sticking with onsite storage. Moving storage to the cloud would mean we would have to deal with sovereignty issues and we would also want to know who has access to our data.
Hayden Sadler, country sales manager, INFINIDAT: Cloud storage is growing, but it's not the be-all and end-all for all cases, as there are regulatory and security issues. Even so, what we are seeing are storage vendors adapting to the cloud by either offering their own cloud product, integrating it with someone else's, or offering products that are alternatives to the cloud.
Cloud storage is growing, but it's not the be-all and end-all for all cases, as there are regulatory and security issues.Hayden Sadler, INFINIDAT
Nick Saunders, cyber resilience expert, Mimecast: What people are looking at is how do they unlock the value of the data being stored? Sometimes that requires slow access, so, for instance, if I'm accessing information off a file server, I don't need it to be instantaneous. But if I need data for an artificial intelligence application, the data has to be stored differently, to get instant recall. The challenge that comes with having a range of options when it comes to data storage is that it makes it hard for businesses to connect the dots. They have information in the cloud and onsite, but what companies are looking for is how to use all of that data holistically.
Mike Rees, district channel manager, Commvault: The important thing to me is that there is value in the data. This means securing it is very important, even if this data is in the cloud. Just because the data is not on your premises, it's still your responsibility to make sure it's properly protected.
Who is responsible for what? Where does the responsibility for the client end and the outsource partner begin?
Mike Styer, Dell-EMC business unit manager, Aptronics: That depends on the personality of the company. A law firm, for example, doesn't trust anyone. A lawyer I used to know wanted everything deleted from his email every seven days, but the chairman of a company he did work for wanted to keep his emails forever. So, where does the ownership start? I think it boils down to your storage strategy. This mean figuring out stuff like whether your disaster recovery site is storing its data at the same offsite premises as your primary storage site, knowing if the first iteration of your email is stored offsite, and knowing what your audit requirements regarding data storage.
The important thing to me is that there is value in the data. This means securing it is very important, even if this data is in the cloud.Mike Rees, Commvault
Claude Schuck, Veeam: There are two laws coming into place this year that will force you to take responsibility for the data. One of these laws, the European Union's General Data Protection Regulation, which comes into effect in March, will have a bigger impact in South Africa than most people expect. South African businesses that are dealing with data that's based in Europe will be held liable for it under this law.
Are companies ready to comply with this kind of legislation?
Belinda Milwidsky, Fluxmans: Most definitely not. There's a tendency to wait until the legislation is in effect and then react to it. We saw this with legislation like the Regulation of Interception of Communications and Provision of Communication-Related Information - RICA. Companies waited until the law was enacted before putting processes together to deal with it.
Mike Rees, Commvault: I think we should take it back one step. From a compliance perspective, organisations are going to have to comply. It's easy to pass on the responsibility to the storage guy or the IT guy. But compliance is actually a business requirement, so businesses have to decide what steps they are going to take to remain in compliant. Taking compliance seriously is also a good business decision. A lot of people in South Africa think they won't get sued for not handling data correctly, but if they are doing business in the EU, the Europeans will definitely sue them if they find out they are non-compliant.
Claude Schuck, Veeam: Suddenly, directors of the business are asking themselves, 'What are we going to do about data?' What we are seeing is regulation driving a revaluation around what to do with data. About 20 years ago, business basically put all their information in a box and stored it at Metrofile. But now the regulations say, you can't just do whatever you want with the data, and you have to handle it in a specific way. This means, for example, that your security guards and receptionist have to be trained to handle signing-in information in a way that's compliant with the law.
Adam Day, Hewlett Packard Enterprise: What also needs to be realised by the public who think there is legislation coming into effect that can better protect them, is that when they download an app, and click yes on the T&Cs, they are giving away their personal rights to that information.
Are company boards sufficiently concerned about putting in place a storage strategy?
Mike Rees, Commvault: In a lot of cases, companies just don't have a clue. There are some that want to keep everything forever. But they haven't discussed the cost of storing it. And then there are others that just want the information around for a few days. But they don't really understand the liability that comes with doing this.
What companies should do is look at it from a business process and compliance perspective. If the law says they must keep the data for a specific period, then it should just be kept for that period, and have procedures in place to delete it automatically.
Without going through a data classification process, they won't know how to safeguard the information that's really important to them.Nick Saunders, Mimecast
Belinda Milwidsky, Fluxmans: It should also be pointed out that there is a major difference between large enterprises, which have the resources, and smaller businesses, when it comes to putting in place a storage strategy.
Different types of industry also have very specific challenges when it comes to implementing a storage strategy. The culture of law firms, for example, is very paper-driven, which means they have file cabinets of case files they have to plan for.
Nick Saunders, Mimecast: Data classification is something critical. It's something a lot of organisations are realising they have to go through. Data classification makes it easier to locate and retrieve information, by categorising information by how important it is to the business. Without going through a data classification process, they won't know how to safeguard the information that's really important to them.
This article was first published in the April 2018 edition of ITWeb Brainstorm magazine. To read more, go to the Brainstorm website.