New Year’s Resolution: Put Your Data Center on a Storage Diet in 2011

Best practices for trimming your storage waistline.

By Sean Regan, Director of Product Marketing, Information Management Group, Symantec

If your doctor tells you that you are living an unhealthy lifestyle, chances are you will try to improve your health by exercising, watching what you eat and getting regular physicals. You may not become a model of perfect health overnight, but at least you are not ignoring the doctor's advice. When it comes to managing the health of their data stores, many enterprises are ignoring their own advice and letting those stores grow out of control. That's the finding of the 2010 Information Management Health Check Survey, conducted by Applied Research and Symantec, which asked 1,680 senior IT and legal executives at enterprises in 26 countries how they are managing business-critical information. Eighty-seven percent of respondents indicated they believe in the value of a formal information retention plan, but only 46 percent have one in place. Far fewer can actually enforce their policy. The survey showed that too many enterprises save information indefinitely even if they have a policy that dictates otherwise. Instead of executing policies that allow them to confidently delete data that is no longer required, they let it accumulate.

The survey outlines three key findings:

  • There is a gap between enterprise information management goals and practice.
  • Many companies are incorrectly using their backup systems for archiving and can’t even explain why they are keeping 40 percent of the data they have on backup tapes.
  • This gap is causing rampant storage growth, unsustainable backup windows, increased litigation risk, and expensive and inefficient discovery processes driving serious enterprise problems.

A comprehensive information management plan is critical to effectively managing ever-growing data volumes while making it quick and easy to search for and recover specific information. However, it’s the fear of accidentally deleting important information that keeps enterprises from moving away from the wasteful strategy of keeping everything forever. This is especially common in the backup environment where organizations have simply started hoarding backup data in case it is needed at some point. Such an approach shows little concern for the corporate retention plan or IT resources.

In other words, people are using backup as an archive, not just as a tool to help recover systems in the event of a disaster.

Performing legal holds incorrectly is a major issue for enterprises. Most (70 percent) are using their backup systems to perform legal holds -- something backup systems were not designed to do. Worse yet, 25 percent preserve the entire backup set when they perform a legal hold on files and documents. This creates an environment in which nearly half (45 percent) of backup storage comes from legal holds alone.

IT must stop the insanity! Backups are system-based and inappropriate for legal holds because system-based retention casts too wide a net. Instead, legal holds should be custodian-based, preserving only what is relevant to an investigation. This is one reason why enterprises need to start thinking about archiving as a supplement to backup. Organizations need to restore backup to its intended use -- disaster recovery -- while preparing for end-user needs, search, discovery, and investigations through archiving. Backup is for system recovery, archiving is for user recovery and legal discovery.

Sill, enterprises are confused about archiving. For example, according to the survey, three-quarters of backups have infinite retention or are on legal hold. Although 51 percent of enterprises prohibit employees from creating their own archives on their local machines and drives, 65 percent said that end users are doing so anyway.

How does an organization explain this gap between policy and practice? It is not easy, especially if you are serving as a 30(b)(6) witness -- the person responsible for detailing an organization’s policies, procedures and IT practices. Do you know who your 30(b)(6) witness is? Is it you? Do you know what a 30(b)(6) is?

Thankfully, The Sedona Conference sums it up for all of us in their E-Discovery Glossary. Here’s the short version: Under Federal Rule of Civil Procedure 30(b)(6), your organization is subject to the deposition process, and may need to provide a witness to testify about information technology practices if requested by another party to the litigation or the courts.

Studies show that storage continues to consume a larger percentage of IT budgets year over year while budget growth remains roughly flat. The willingness of enterprises to continue buying storage to support over-retention has created an environment where three-day weekends are becoming increasingly common. These are not vacation days but rather weekend backups that take more than a single weekend to complete.

Recovery times are even worse. The time it takes to restore such massive backups will bring any disaster recovery program to its knees, and the process of satisfying discovery requests is exponentially more difficult with such massive amounts of information and inefficient tools. When one gigabyte of storage can hold 100K e-mail messages, it isn’t difficult to exceed your budget for attorney-review expenses. Some estimates place the cost of review at 1,500 times the cost of the actual storage on which the data resides.

What cure can organizations take to ensure the health of their data center? There are key steps that will help convert an overworked data protection plan into a faster, more efficient, and more cost-effective information retention plan. By following these steps, enterprises can regain control of their information and relieve the stress caused by storage overspending, longer backup windows, and litigation risks.

Save backups for 30-60 days only, then delete them. Backup is not an archive. Do not use backup for archiving and legal holds.

Automate retention beyond 30-60 days. Information that cannot be deleted at 30-60 days due to business, legal, or regulatory reasons should be automatically assigned a retention and deletion policy by an archiving system. The 46 percent of respondents that have a retention policy should consider taking immediate steps to begin executing those policies. Paper policies that are not executed can be a litigation risk.

Delete confidently and enjoy rapid data protection. Having 30-60 days of backup data means that enterprises can backup and recover faster while deleting older backup sets within months instead of years. That’s a huge amount of storage and potential legal liability that can be confidently and legally deleted.

Dedupe everywhere. Start at the source application with archive deduplication, then move to the backup environment. Deploy deduplication as close to the information sources as possible to free network, server, and storage resources. Finally, eliminate the review of duplicates in discovery to speed the process of early case assessments.

Discover efficiently. Search, preserve, and review information more quickly and with more granularity than is possible in a backup environment. This will reduce the time and cost to evaluate litigation risk, resolve internal investigations, and respond to compliance events.

Protect against data loss. Enterprises should deploy data loss prevention technologies to measurably reduce their risk of data breaches, demonstrate regulatory compliance, and safeguard their customers, brand, and intellectual property. IT administrators should look for a solution that discovers, monitors, and protects confidential data while providing insight into the ownership and usage of information.

Enterprises no longer need to surround themselves in outdated and unhealthy data managing practices. Although the serious mistakes and consequences caused by the gap between information management goals and practices are real, the prescription is available and effective. By practicing these steps, you can improve the health of your data center, thus strengthening the company as a whole. It’s time to listen to your own advice and emerge from the comfort of old habits. It’s time to delete confidently and have your information management plan work for your company, not against it.

Sean Regan is director of product marketing for the information management group at Symantec. For additional information, please visit Symantec www.symantec.com.