More Related Content Similar to Mesabi Group paper: Rethink Data Protection and Retention Now Merchandising Similar to Mesabi Group paper: Rethink Data Protection and Retention Now Merchandising (20) More from IBM India Smarter Computing More from IBM India Smarter Computing (20) Mesabi Group paper: Rethink Data Protection and Retention Now Merchandising 1. Mesabi Group
Commentary
April 27, 2011
Rethink Data Protection and Retention
Now
In an ongoing race to remain competitive and grow, enterprises are making greater demands
upon IT. To better service these needs, IT itself is evolving to eventually provide true “IT as a
service.” For both enterprises and IT, a top challenge is to provide the scalability and agility re
quired for 24x7 data availability, as well as the ability to service evolving retention needs for
compliance, legal discovery, and business analytics. But in light of explosive growth and distribu
tion of information, cost efficiency is essential to provide the necessary level of protection afford
ably, for the life of the data.
To better help the business meet its
Business is Changing: Data Protection challenges of change, IT is in a process
and Retention Practices Need to Keep Up of transformation itself. IT is moving
The future holds major challenges for through stages such as virtualization
all enterprises. Businesses face great and cloud computing to true IT as a
pressure to not only preserve but take
service, which can be measured (guess
market share with both existing and
new products and services. But what) by agility and efficiency.
businesses have a heightened aware Data protection and retention are core
ness that events outside their control IT competencies that must keep up
(macroeconomic, political, and natural with ever increasing challenges along a
disaster) also pose threats. number of dimensions. These include
The ability to deal well with change increased demand for 24x7 availability,
(both planned and unplanned) will be increasing need to manage and protect
the hallmark of successful enterprises. more data, and the no longer ignorable
The twin pillars by which success will need to have true data retention
be measured in managing change are management policies that balance
agility and efficiency. Agility is the compliance and data disposal needs.
ability to respond to meet changing The manual, nonintegrated approach
business objectives rapidly. Efficiency to data protection and retention needs
is the ability to use economic resources to be rethought and replaced with an
in as close to an optimal manner as automated and integrated approach
possible to meet those business that meets the necessary agility and
objectives. efficiency requirements.
© 2011 Mesabi Group LLC Telephone: 781 326 0038
26 Country Lane Fax: 781 326 0038
Westwood, Massachusetts 02090 www.mesabigroup.com
2. Rethink Data Protection and Retention Now
Commentary Page 2
Data Protection Is Not Keeping Up The net result is that no downtime is
The problem is that data protection tolerable for key applications and
processes and technologies that were “always on” is becoming highly
designed to meet past requirements are desirable for any application that is
not able to keep up with the changing accessed for business reasons on a
times. 24x7 basis.
Just a couple of key ways that the Among the impacts of these trends on
changing times affect how enterprises data protection technologies are the
are using IT are: need to make sure that replication
approaches (such as remote mirroring)
Integration of key applications —
transparently fail over from physical
take, for example, enterprise re
failures (such as the loss of a disk
source planning (ERP), customer
array) and that snapshots are properly
relationship management (CRM),
integrated with backup software. The
and supply chain management
traditional backup window where
(SCM); they now have key points of
applications were brought down for a
integration (orders, inventory, bill
period of time is now an anachronism.
ing).
IT is also making key changes, such as:
New modes of doing business —
the rise of the Web as a business Server virtualization — a key
network has led to online e objective of server virtualization is
business as well as social media to better utilize physicalserver CPU
and collaboration (including email) and memory resources by consoli
from disparate devices dating multiple applications using
(smartphones tablets, and laptops virtual machines (VMs) on the same
among them) without regard to physical server. An unintended
location or time. possible consequence is that back
ing up a number of VMs may lead
Distribution of data – Today
to contention problems with physi
critical information resides both
cal servers or network resources.
inside and outside a single data
center, including remote servers, Cloud computing — the cloud
additional data centers, PCs and promises flexibility and efficiencies,
laptops. such as for resource provisioning,
as well as offsite protection for
The implication of integration from a
disaster recovery. Currently, the
data protection perspective is that
best cloud solutions are addressing
downtime in one critical system
concerns such as how to provide
impacts the ability of other key systems
security and multitenancy proper
to function as well as they should.
ly.
One implication of new modes of
For both server virtualization and cloud
business operation is that almost
computing, combining automation and
everything IT is 24x7 including the
integration with data protection
integrated systems (which may use the
technologies is essential for achieving
Web for SaaStype CRM).
the levels of data protection and
availability that each must deliver.
© 2011 Mesabi Group LLC Telephone: 781 326 0038
26 Country Lane Fax: 781 326 0038
Westwood, Massachusetts 02090 www.mesabigroup.com
3. Rethink Data Protection and Retention Now
Commentary Page 3
Employing automation properly is ment and the business unit have to
necessary in order to deal with new make those decisions.
levels of complexity. In conjunction The second is that the business
with automation, integration ensures department that benefits and the one
that multiple tools, such as snapshots, that pays are not necessarily the same.
backup software, and storage virtual For example, a business department
ization, run in harmony with one may not care that unnecessary data is
another. not destroyed, but IT bears the burden
Data protection is unlikely to have kept of the storage costs.
up with structural changes (such as The third reason is the hierarchical
the effective use of an active archive) or management of enterprises results in
new needs for discipline (such as a welldefined roles with specific tasks
thorough, enforceable, and enforced for individuals, but that can leave gaps
data retention management policy). in accepting responsibilities as things
And what is often lacking is the change.
planning and management process
that enables structure and discipline — For example, the exploding growth in
the process called information govern data has resulted in retaining data that
ance. serves no useful business purpose,
even compliance. Legal is concerned
Formal Information Governance Policy about retention rules only for data
Must Link to Data Retention Practices involved in legal matters and business
Business processes (and that includes units generally pay little attention to
data retention processes) tend to run older data that does not have an
the same way today as they did ongoing business value.
yesterday and will run the same way Information governance is necessary to
tomorrow in most cases. overcome the three problems cited
How can an enterprise rethink those above. Information governance (a.k.a.,
data retention processes and employ data governance) includes the people,
the necessary data retention technolo policies, practices, and procedures to
gies? ensure the preservation, availability,
confidentiality, and usability of an
Well, an IT architect can sit down and enterprise’s data.
rethink what needs to be redone for
data retention. That is a necessary Information governance involves the
condition, but not a sufficient condi formal collaboration of all the data
tion. Why not? There are at least three protection stakeholders in an enter
fundamental reasons. prise. The information governance
team can deal with the policy, cost,
The first is that IT is the physical and responsibility issues that might
custodian of business processes and otherwise sidetrack an effective data
data, but does not set the business protection strategy, including planning
rules for the enterprise. For example, and guidance on service level agree
IT cannot make arbitrary rules for the ments, retention management practic
destruction of data. The legal depart es, and compliance.
© 2011 Mesabi Group LLC Telephone: 781 326 0038
26 Country Lane Fax: 781 326 0038
Westwood, Massachusetts 02090 www.mesabigroup.com
4. Rethink Data Protection and Retention Now
Commentary Page 4
IT can work with the information use shortlatencyacceptable asyn
governance team to define a compre chronous remote mirroring. The total
hensive (not oneoff or piecemeal) mirroring process needs to be auto
approach (with the necessary technolo mated to assure proper failover to an
gies) that can be implemented in a active copy of the data, and failback
planned sequence to meet prioritized when appropriate.
business objectives within the neces Note that in the old days, mirroring
sary financial restraints. had to be done to identical vendor disk
storage systems and to the same tier of
Getting Data Protection and Retention to storage, typically Tier 1 FC or SAS
Keep Up with Business Needs storage. That no longer has to be the
Three key aspects of data protection case. For example, Tier 2 SATA storage
and retention that together illustrate may be used at the nonproduction
the need to rethink data protection are: site. Yes, performance degradation
continuous data availability for high might take place, but then again it
service levels, retention management might not as some critical applications
and archiving, and managing the may not be I/O intensive in failover
growth and cost of the data footprint. mode. That makes mirroring more
affordable (think costefficient).
Continuous Data Availability Is Required for High
But mirroring provides robustness
Service Levels
against physical failures, not logical
How are IT organizations going to
problems (data base corruption,
deliver always on (i.e., 24x7) availabil
viruses). Snapshots are an answer for
ity of data to those applications that
quick restoration after a logical
demand it? The answer is, on the
problem, but snapshots today are not
physical data protection side, to be
your father’s snapshots. Today
able to failover transparently and as
incremental snapshots can be taken
nearly instantaneously as possible to
over time on the original full snapshot.
an active copy of the data.
These spaceefficient snapshots
Now, both local and remote mirroring improve the economics of taking
have probably been done for years, but snapshots by shrinking the recovery
one still has to perform a careful review point, dataset size, and the recovery
to ensure that the right type of time for restoring data. Snapshots are
mirroring and the necessary automa now the first line of backup defense for
tion software is applied appropriately. business applications (although there
Onsite local mirroring and short is still a need for the other lines of
distance (less than 60 miles) synchro defense).
nous remote mirroring protect against So the addition of modern mirroring
operational failures (say, two nearly and snapshotting provide the agility to
simultaneous disk failures on a RAID 5 respond to failure (negative changes) as
array) at the original production data well as greater efficiency than in the
site. Long distance (300 miles or past.
greater) separation of facilities for
disaster recovery purposes needs to
© 2011 Mesabi Group LLC Telephone: 781 326 0038
26 Country Lane Fax: 781 326 0038
Westwood, Massachusetts 02090 www.mesabigroup.com
5. Rethink Data Protection and Retention Now
Commentary Page 5
Retention Management and Archiving The active archive is not just about
Retention management requires clear cost efficiencies; it is also about
policies, the ability to precisely identify business value. The archive provides
what policy rules apply to every piece the basis for meeting compliance
of data in an enterprise, and an audits and aids greatly in the legal
enforcement mechanism to ensure the discovery process. But the real
retention policies are actually carried business value comes from using the
out. archive for the ongoing business needs
of the enterprise. These needs can
A necessary consequence of retention
include the retrieval of key information,
management is the need to build an
such as an MRI medical image, an old
active archive to house the data that is
contract, or customer history infor
retentionmanaged. For the most part,
mation. However, the archive can serve
retention management impacts data
not only for the retrieval of individual
that is fixed, which means no longer
information items, but also as the
changing. In fact, fixed data is most of
foundation for analytics that detect
the data in an enterprise. Also, the
patterns that can give key insights to
retentionmanagement application has
management.
to have control over what can and
cannot be deleted or changed (which is So retention management leads to
necessary to preserve chainofcustody archiving, which has data protection
for legal purposes). benefits, but also provides other
business benefits as well.
So retention management involves
moving all fixed content (not just e
Managing the Growth and Cost of the Data Footprint
mail) to an active archive that can still
Data space management is about
be read by the originating application.
efficiency, which is necessary to deal
Once this is done, a lot of good things
not only with the increasing volume of
happen for both the business and IT.
original data, but also with all the spun
First, the active production systems off copies that are needed for data
shrink dramatically in size, which protection.
saves bandwidth and time when failing
One of the hottest topics in data
back from a remote mirror, and greatly
protection today is data deduplication,
reduces the size of a full snapshot.
but deduplication is only one in what
Moreover, full backups to disk and/or
should be a comprehensive approach
tape are smaller and faster. And on the
to data space management.
production side, less system storage
means better performance. The first step in data space manage
ment is to properly apply retention
On the archiving side, more cost
policies to dispose of all unnecessary
efficient disk (SATA) can typically be
data. Propagating deletion to all copies
used. Moreover, either on the way into
of the original as well as the original
the archive or shortly after insertion
saves the most space. The second step
into an archive, one can dispose of
is copy management. A presumed
data that no longer has any business
benefit of data deduplication is to
or legal value. Deleted data costs the
reduce the number of data copies
least — none.
© 2011 Mesabi Group LLC Telephone: 781 326 0038
26 Country Lane Fax: 781 326 0038
Westwood, Massachusetts 02090 www.mesabigroup.com
6. Rethink Data Protection and Retention Now
Commentary Page 6
needed (read storage space). An ensures continuous data availability.
obvious, but sometimes overlooked, In addition, making an archive active
step is to determine whether extra improves agility when a business
copies are really needed. Note that needs to find ongoing value from
data deduplication technology can fixed content data as well as to meet
operate at a file level (single instance evolving compliance and legal
storage) or at the subfile level (a finer discovery requirements.
level of granularity than a file) to To do this efficiently in the face of
generate space savings and reduce increased data growth with con
the bandwidth required for online strained budgets requires storage
backup. management strategy that can take
Finally, data space management advantage of storage tiering,
efforts should consider compression. retention management, and data
Note that deduplicated data can still space reduction management.
benefit from compression, and vice
versa. Conclusions
In the past, compression was An old familiar saying is “that if isn’t
typically applied to data on tape. broke, don’t fix it.” Well, data
Today, an evolving strategy is to be protection is broke and needs fixing.
able to compress on primary For many organizations, the fix is not
production storage. A potential just a patch, but a rethinking of the
problem is performance degradation, total data protection strategy. That
but at least one solution has does not mean that IT organizations
overcome this objection, so watch are going to have to undertake a
that space carefully. massive rip and replace process. It
does mean that IT is going to have to
In cases where data growth contin create a more comprehensive
ues even with efficient management strategy that goes beyond a piece
and deduplication, a solution should meal approach, and must prioritize
scale automatically to meet the the introduction of new and extended
changing needs without significant data protection and retention
investment expenditures. technologies as time goes on.
Tying It All Together All in all, enterprises need to rethink
The robustness to handle shocks their data protection and retention
that would otherwise disrupt a practices, and they need to do it now.
business is the key agility benefit
that data protection provides when it David Hill
Analyst Name: David Hill This document was developed with IBM Funding. Although the
Topic Area: Data Protection document may utilize publicly available information from various
vendors, including IBM, it does not necessary reflect the position
Mesabi Group LLC of such vendors on the issues addressed in this document.
26 Country Lane
Westwood, MA 02090 Phone: (781) 3260038
www.mesabigroup.com email the author: davidhill@mesabigroup.com
The information contained in this publication has been obtained from sources Mesabi Group LLC believes to be reliable, but is not
warranted by Mesabi Group LLC. Commentary opinions reflect the analyst’s judgment at the time and are subject to change without
notice. Unless otherwise noted, the entire contents of this publication are copyrighted by Mesabi Group LLC, and may not be
reproduced, stored in a retrieval system, or transmitted in any form or by any means without prior written consent by Mesabi Group
TSL03033-USEN-00