The oft-abused acronym ILM purports to provide cradle-to-grave tender loving care (TLC) to one of the two most important assets of an enterprise: data (the other being its people). Part of providing that TLC is to move the data, as its value decreases over time, from high-speed, robust, industrial-strength—and thus expensive—storage devices to mid-range storage devices and ultimately to low-cost storage (e.g., tape cartridges) stored first perhaps in an automated tape library and ultimately off site in a vault.
The words "move data" are the operative ones here. Moving data is exactly what an IT organization does to ensure that appropriate data retention/protection processes are in place, to ensure that the enterprise is in compliance with all appropriate regulations, to support disaster recovery/business continuity plans and objectives, etc.
This article discusses how implementing ILM strategies should exploit the intersections and overlaps of already-existing processes and disciplines to minimize duplicate efforts and expenses and ultimately reduce overall IT cost of these in their totality.
One must understand that ILM is not a part number, not a SKU (stock keeping unit). One cannot order ILM from any IT vendor, receive a brown box, and install ILM over the weekend. Rather, ILM is an architectural blueprint, a strategy, a culture. It is an enterprise-wide plan to provide that TLC for all of the enterprises' data—and to do so while meeting all of the business and regulatory requirements at least cost.
Let's examine the concept of placing data on the right device at the right time based on the "time value of data." As illustrated in Figure 1 below, "data" is most valuable to an enterprise at the moment of creation. Data is most likely to be accessed in the hours and days following its creation. As time goes by, the value of that data diminishes greatly to the point where, in mere days or weeks, that data is unlikely to be accessed again and it is most appropriate to move that data to slower, and less expensive, storage devices as quickly as possible.
Figure 1: Data is most valuable immediately after creation. Because its value diminishes rapidly as time passes, it should be expeditiously moved to less-expensive storage devices. (Click images to enlarge.)
But moving that data requires the same processes and disciplines as are required to satisfy other business requirements.
Enter the six other components of ILM. As Figure 2 illustrates, there are redundancies and overlaps between existing business processes that compose the totality of ILM.
Figure 2: Six disciplines or processes, already performed by IT within the enterprise, overlap and are part of ILM.
Let's look at each one in a bit more detail.
Data protection is simply the processes, hardware, and software used to ensure the readability and security of data. It usually includes backup jobs and replication techniques to ensure against device and/or media failure, loss of the backup copy, or loss of backup copies of backup files (citing recent media reports). Is copying and/or moving data beginning to sound familiar?
- Complying with the estimated 50,000 (globally) legislatively mandated regulations is not optional. It is mandatory. Does anyone choose to go to war with the IRS to cite an example?
- Does any enterprise executive choose to wear the orange jumpsuit with silver bracelets and take the "perp walk"? Not likely.
- While recent history proves that both C-level executives and corporate board members are personally liable for infractions, despite directors' and officers' liability insurance policies, it is a well-known fact that culpability flows downhill toward lower-level executives, toward CIOs and their teams, who are most often charged with ensuring the enterprise is capable of responding to discovery subpoenas and motions and ensuring the integrity of stored data.
Note too that legislation originally targeted toward one industry (e.g., the Sarbanes-Oxley Act targeted at large public enterprises) will ultimately be expanded to other enterprises. In July 2007, Section 404 of the act will apply to and affect smaller capitalized enterprises, private companies, non-profits, and even municipal governments.
Can one ignore regulatory compliance requirements? And the impact on IT? No. Are we backing up and protecting data again? Yes.
Data security involves the physical access to data, the ability to steal or corrupt it, and the ability to utilize that data if unauthorized access is gained (which is prevented through encryption). Again, you have an obvious overlap between making and protecting encrypted copies of databases and files.
Disaster Recovery/Business Continuity
Continuing our journey around the ILM "wheel," consider our history since 9/11, Hurricane Katrina, and the 2004 power outage from Ohio to the northeast. Can anyone logically argue that construction and execution of a tested DR/BC plan is optional? While DR/BC was often deferred and "de-prioritized" in the past, regulators are now demanding to audit the DR/BC plan. The board is pressured to ensure that one exists. Insurers are demanding to examine the DR/BC plan before writing the insurance policy; otherwise, they may dramatically raise insurance premium rates.
And if one simplistically assumes that the executives of an enterprise wish that the enterprise continue in existence (in the event of a "disaster") for the benefit of all stakeholders (stockholders, employees, etc.), is not a DR/BC plan a requirement? And here we go again, "moving data" to backup media in case of an "event."
Regulations require an enterprise to maintain original data, or copies of data, for long periods of time, ranging from one year to literally over 100 years based on the type of data. In this context, data of all types must be retained—data from electronic files and databases, email files, instant messages, electronically stored data, and original hardcopy documents. IT is usually vested with this responsibility and must accommodate it amidst all of the other responsibilities. Are we talking about the TLC of data again? Moving data?
Archiving (automatically moving data from one storage device to another, perhaps from online to offline) may be the one aspect of ILM that is not mandated by regulations. It may be, however, one tool that can be effectively employed to make ILM a reality, to simplify IT operations overall, and to increase ROI.
All Tied Together
By now, one hopes that the reader is seeing the overlap, redundancies, and potentially repetitive requirements and processes of these six elements alongside the simple notion of moving data to less-expensive storage devices as that data ages. Addressing all of these subject areas with an enterprise-wide ILM strategy and implementation plan can help to ensure the long-range viability of the enterprise, protect the stakeholders, and save money at the same time!