Centralized data protection plans high priority for IT. - Systems Management News On The Web

DEPARTMENTS

HOME

TOP STORIES

DATA CENTER NEWS

ON THE WEB

PRINT EDITION

BZ MEDIA

AS OF 1/7/2009 6:03AM EST

Centralized data protection plans high priority for IT.
By Jennifer deJong

April 15, 2008 — Until the data center at headquarters started asking for them, no one at the regional sales office even knew they were missing. Now all 10 staffers are scrambling to lay their hands on the backup tapes believed to contain sensitive data, including customer social security numbers. Are they in that stack sitting on the receptionist’s desk, waiting to be shipped off site to storage? Or maybe the tapes went out with the last batch—and fell off the truck?

Employees at small, remote offices without local IT staff hate to admit their data protection approach is that haphazard. But storage experts say the missing tape scenario and chaos that surrounds it isn’t at all far-fetched. Lacking clear direction from corporate IT, remote offices don’t know how to protect data properly, said Gail Greener, a senior director of product management for storage solution provider EMC, and many still rely on older technologies likes tape backup. “The receptionist is dealing with the tapes, stacking them, shipping them.” Most small sites make some effort around backup and data retention, but such efforts are typically error prone and inconsistent, the experts said.

“Often, corporate [IT administrators] don’t know if backups are even being run [at remote sites],” said Forrester analyst Stephanie Balaouras. A company may follow a rigorous data protection plan at headquarters, added Steve Rodin, president of Storagepipe, a Web-based provider of backup and recovery software. “But the plan doesn’t extend to remote offices.”

At many organizations, the haphazard approach to remote storage is beginning to change, chiefly in response to federal regulations like Sarbanes-Oxley, which, among other things, forces public companies to retain e-mail and other records that document key business activities. To ensure compliance with this other mandates, top executives are demanding corporate IT shops develop formal data protection policies and apply them across the enterprise—including remote sites. For a long time, there wasn’t wide enough recognition of this risk, and that was a real weakness in IT strategies, said Balaouras. “But now regulatory compliance is having a big impact.”

When the auditor says “I need this information,” you have to be able to produce it quickly, added Darrell Heaps, president of Q4 Web Systems, a Web-based service for creating documents pertaining to public disclosures. Top executives understand full well that “the inability to produce records can derail a company,” he said.

Remote Storage 101
There are two ways to meet the most basic data protection needs of remote offices, and both demand that central IT get involved, the experts said. The first is to conduct backups locally, saving data to a disk and replicating it back to a central location. Alternatively, you can forgo the local effort entirely and back up directly to the corporate Wide Area Network. Both approaches are easy to automate with software. Both provide central IT with the ability to restore lost data, without having to assign administrators to each remote site. Better still, said EMC’s Greener, “you don’t have to worry about tapes, or the trucks to take them away.”

Also essential is providing a way to recall the information easily, said Forrester’s Balaouras. “Corporate wants central visibility and insight.” Although tape remains the least expensive backup method, it is also the least flexible when it comes to restoring lost data, or querying information from backup files, the experts said. Tapes are not only easily lost, stolen, or misplaced, they are also unreliable. “They can fail and the data is not always recoverable,” said Storagepipe’s Rodin.

John Sing, a senior consultant for IBM Systems and Technology Group refers to that group of activities—the ability to backup, restore and query data—as the “foundational practices” of remote data protection. But there are things to consider beyond that. Other issues to consider include figuring out what data needs the most protection, which data is ready for the archives, implementing employee policies aligned with the data protection strategy, and making sure the storage capacity you have on hand is being used fully and cost effectively.

Practical Tactics
In a perfect world, every company would have what Sing calls a centralized storage architecture, “where all servers have connectivity to all of the storage devices.” But reality is never that neat, he said. Instead, most companies use different storage technologies for different departments and remote offices, often without a broader plan. “You have direct-attached, older SCSI devices that cannot be shared, you have departments using storage area networks, [among other storage approaches,],” he said.

SCSI, which stands for Small Computer Systems Interface, is a standard for attaching peripheral devices to a computer, including those for storage.

The trick to moving toward a unified storage architecture is to do so gradually, taking a practical approach. First, take inventory of what’s out there, he said. “Then, on a weekend night, begin taking data off older [storage devices] and move it to [newer ones], retiring those devices that reached end of life.” Also key is getting a handle on the how much storage capacity is available overall, and using it cost-effectively, he said.

Cost savings also come from backing up only the information that has changed since the last backup. “You don’t want to do 50 gigs on Monday and another 50 on Tuesday,” said Sing. Tools make it easy to analyze what has changed, said Storagepipe’s Rodin. But policies that stipulate best practices for employees play an important role, too. “You don’t want people backing up their own data,” he said. That can vastly increase the volume of data you have to contend with.

“Half of the information contained in corporate applications, such as Oracle and Siebel, is inactive,” said Joshua Alpern, vice president of sales engineering for Applimation, which sells software for managing and archiving data from packaged applications. “It just sits there, and yet it has a profound impact on the nightly backup process.” Much of that of data can be archived, he said.

The most effective backup strategies analyze the data itself to determine which information is most crucial to the business. Customer data and information pertaining to core business processes, such as managing inventory and suppliers, need to be backed up daily, said Storagepipe’s Rodin. “But there’s another tier that’s not changing as rapidly: marketing brochures, Web site content.” It doesn’t need to be dealt with every day, he said. If data hasn’t changed in two years, it’s typically a good candidate for archiving, he said. That’s especially true for sensitive information, such as social security numbers from customer accounts that are no longer active, added Alpern. That kind of data remains protected in the archives. “But if it’s lost or stolen, the story will end up on the front page.”

That’s sure to get the CEO’s attention—and prompt corporate IT to reign in remote sites.

Related Search Term(s): Missing Tapes, Chaos Rule, Remote Sites

Share this link: http://www.sysmannews.com/link/31956

EMAIL THIS ARTICLE

SEND FEEDBACK

MORE SPECIAL REPORTS