Management by Security Class

Sooner or later, technology to allow a true ILM was bound to come along.

At Storage Networking World Europe in Frankfurt, Germany a couple of weeks ago, I stopped by a booth at the trade show featuring a minimalist placard with the handwritten slogan: "Save money; Comply with law." Try as I might, I can’t remember the vendor’s name—testimony perhaps to poor marketing, but the message stayed in my mind .

From where I sit, such a succinct value statement has been exactly the bill of goods that the storage industry has been selling for the past four years or so.

If you are a storage or IT manager, you probably can’t count using only your fingers and toes how many times you've been told that Brand X data management wares are a silver bullet for meeting regulatory or legal requirements for data retention and deletion.

"Using Brand X software, together with an inexpensive SATA array, will save you major coin, while putting you in good stead with the Fed." For a time, this mantra was proffered by the industry under the rubric of "information lifecycle management” (ILM) or in some cases "Data Lifecycle Management (DLM)" or in a few cases "information/data lifecycle management” (I/DLM). Analysts were quick to flock around the concept early on, perhaps encouraged by EMC’s marketing blitz, which other vendors invariably followed with their own. Analyst attention helped to raise ILM to an exaggerated level of notoriety.

Desperate to find ways to comply with new regulations around electronic information handling, the ILM "thing" found favor with many business leaders. A lot of bad technology and incomplete solutions have been sold in recent years under the guise of automatic compliance. Some vendors went so far as to assert that their products were "certified compliant" despite the fact that no certification authority is specified in any of the current crop of regulations or laws around data management.

At one point, IT managers were balking that their shops would soon be run by the corporate lawyers and that they would have no authority whatsoever. The CIOs of several Australian companies told me point blank that they might cease to be supply chain partners of American firms, so costly was the technology upgrade required to satisfy compliance requirements.

Then, just as I was returning to the U.S. from Frankfurt, I saw a column by a writer in another publication. The headline jumped out at me: "ILM is dead."

Borrowing from Gartner, the writer suggested that ILM had moved from the peak of the "hype curve" (which Gartner had helped to create) down into the "trough of disillusionment." Customers were no longer buying into ILM or its value because of either cost savings or regulatory compliance.

I agreed with this assessment based on the fact that no one was really selling ILM; they were only selling data movers. Data movers are important to be sure, but they are only one component of an ILM strategy and can only be used intelligently—that is to move data around according to a business-savvy policy—after other parts of ILM have been accomplished.

The Need to Classify

Before you move data around infrastructure, you need to classify data so you know what you are moving. You also need to classify infrastructure components on a price/performance basis, so you know where to move the data to. Likewise, you need to monitor access to data so that, to the extent that access frequency comes into the calculus of when to migrate data, you can consider this variable when deciding to move the data.

As stated previously in this column, none of these three components was being provided by the purveyors of ILM. Without them, data movers were pretty pointless—except if you were just building archives of anonymous data—which is what is happening in many companies today.

At a minimum, you needed data classification to make data movers purposeful. As far as I could see, the capability to classify data could not be provided technologically. This was partly because of the lack of metadata (data about data) available for automating the classification process. No classification scheme, no ILM.

However, as I set about to look at various ILM offerings in the market, my travels took me through Pittsburgh, PA. In truth, I made a side trip to visit an old friend, Mark Buczynski, who had recently become vice president of marketing for a start-up called BitArmor. I expected to learn about some nifty new security technology from a smart young fellow, J. Patrick McGregor, CEO of the company.

When I saw the work that BitArmor was doing, I was surprised. On its face, the concept was simple enough. Their software added another bit to the file description bits used by Microsoft in its file system, NTFS. The extra tick box, labeled simply as "Secure," sat next to other familiar attribute designations such as "Hidden" and "Archive." Clicking the box would place the file under the aegis of a top-notch "keyless" encryption engine developed by BitArmor, providing no muss, no fuss encryption for data in flight and at rest. I reported this much in this column several months ago, but I was under nondisclosure until the company formally announced its product on September 18.

The “Secure” Attribute

What I didn’t report then was some magic that came out of a discussion we were having around a conference table in the incubator facility where BitArmor was hatched. It occurred to me that the "Secure" attribute might well provide a springboard for real data classification and an enabler for ILM.

Think about it: if you needed to retain data securely for a certain period of time. You would encrypt it on the disk where it was being stored. When it was time to delete the data, you would break the encryption key as StorageTek was suggesting prior to its acquisition by Sun.

I noted that such an approach made sense for tape-based storage, since capacity loss would be of short term duration (tapes are cycled back to the mother ship from time to time for scratching and reuse, so you wouldn’t lose capacity for long for data rendered unreadable by breaking keys). To extend the technique to disk, you would need a way to reuse the space freed up by the quasi-deletion of data represented by breaking encryption keys.

When I was briefed on the final BitArmor products just prior to its announcement, lo and behold McGregor and company had found a way to delete the quasi-deleted data. In its current manifestation, the BitArmor solution enables users to mark a file or set of files for encryption via a policy engine. When the expiration date for data retention is reached, it can break the keys associated with certain files so they can no longer be accessed. With the approval of an authorized person in the company, the files that have been quasi-deleted can either be re-encrypted and retained for a new period, or marked for full deletion from the disk, freeing up space.

This simple innovation means something important: we now have the capability to classify data, develop policies for its retention and deletion, and secure it during its useful life. With BitArmor, you can designate where to send the encrypted data via policy, so if you spend some time looking at the cost and performance characteristics of your various storage repositories, you can actually target data to whatever platform makes dollars and sense. This storage classification function is not automated … yet. However, it is a natural evolutionary step for the BitArmor wares (called the BitArmor Security Suite version 2.0, by the way). Add in an access frequency counter and you will have something that looks and acts a great deal like real ILM.

Challenges Ahead

The challenges ahead are many.

For one, the company will need to get its wares sanctioned by Microsoft if they want it to work with Redmond’s next generation OS, Vista.

Second, it is unclear to me whether McGregor and company expect to spread the wealth of this innovation to non-Microsoft operating system environments—various Linux and UNIX operating systems are still more plentiful in the enterprise data center than are Microsoft systems.

Third, I would like to see a clear solution to the problem of search and retrieval in environments where data has been encrypted—something that no vendor has solved to my satisfaction, and an issue that a lot of IT people are sweating right now because management wants to encrypt everything to prevent embarrassing data disclosures.

Even these questions do not diminish my enthusiasm for BitArmor. The new slogan on the company's Web site speaks volumes about their grand strategy: "If it’s not secured, it’s not managed." Using the primary classification attribute of "secure," the people from Steeler country are making an important advance in the cause of data management.

Once their beta customers decide to talk about it, we will cover the continuing story here. Your thoughts are welcome.