[BreachExchange] Three approaches to strategic data management: Good, better and best
Destry Winant
destry at riskbasedsecurity.com
Sat Jun 10 02:04:16 EDT 2017
http://searchstorage.techtarget.com/opinion/Three-approaches-to-strategic-data-management-Good-better-and-best
In a vlog earlier this year, I spoke of the concept of "Y" and how
data protection must evolve toward data availability and data
management. Regarding the latter, it is time for organizations, and
vendors, to take a more sophisticated approach to managing their data.
To get the maximum benefit from this important resource, I suggest
using what I call the good, better and best approaches to strategic
data management.
Good. Keep data for as long as it's needed. This may sound
fundamental, but many organizations only hold data for six months or a
year. As such, they may not be able to roll back their data as far as
needed when the situation requires it, for example, when told to
retrieve historical data during an e-discovery event or regulatory
audit.
Some organizations also don't protect data frequently enough --
perhaps only once or twice per week -- which can result in more data
loss than is tolerable when recovering from a malware attack or other
corruption event. One vendor refers to this as the "protection gap"
between what business units expect in data recoverability and what IT
is able to deliver.
Bottom line: Good strategic data management requires a modern approach
to data backup and recognition by senior management of the importance
of data retention and recovery.
Better. Keep what you need and get rid of what you don't. As soon as
many organizations have "solved" their data retention issues --
keeping data as long as they should for compliance reasons and backing
up as often as necessary -- they discover the storage burdens
associated with doing so. Similarly, as soon as you satisfy lawyers
and compliance teams that you're keeping data long enough, they will
amend their requests with "and not one day more." Data destruction is
as important a facet of data management as data retention.
Your data protection budget would appreciate it if you removed or
destroyed data that has been sitting in storage longer than its
mandated retention window dictates. Previous versions of data used for
operational purposes aren't useful after 18 months to 24 months. Yet a
minority of your data likely has strategic or regulatory requirements
warranting five or more years of retention.
Bottom line: Better strategic data management requires the use of
archiving technologies, as well as improved communication and
collaboration between compliance teams and IT professionals. You have
to stop thinking about backups in terms of blind copies of folders,
databases or other data containers. Start acting with contextual
insight regarding what information is contained in the data.
Best. Do more with protection and preservation copies than just
restoration. Backups, archives, snapshots, replicas and so on each
have their own purpose, but implementing a modern data protection
infrastructure can get expensive. What else could you do with the
dormant data within those repositories? Consider the following:
- Boot up a dormant remote copy for business continuity and disaster recovery.
- Update a copy of an operating system or application in a test
environment to ensure that a new OS patch or application update won't
negatively affect your users when they're actually implemented in the
production environment.
- Run analytics or reporting on dormant data to gain new insights
without affecting production performance.
- Provide DevOps with a near-live copy of production data to
accelerate its efforts, and thereby accelerate the organization.
Those are just a few potential scenarios. You should ask yourself what
additional capabilities and business value you could achieve by
leveraging the otherwise dormant data within protection storage.
Bottom line: To gain the best in strategic data management means
embracing what the industry terms copy data management (CDM),
sometimes referred to as copy data virtualization or active copy
management. Some vendor approaches start with copy enablement, where
data protection is just one of the outcomes. Other vendors augment
their core data protection offerings with mechanisms similarly
intended to provide new operational capabilities such those listed
earlier.
There is a lot of warranted excitement and focus, as well as some
hype, in the area of CDM. But make no mistake, data protection and
preservation are becoming foundational elements of a broader data
management strategy. This strategy allows you to not only keep what
you need and remove what you don't, but to do more with the data you
have.
More information about the BreachExchange
mailing list