On the Brink of Storage Disaster

Just how much control do you really have over your IT infrastructure? Pundits say plenty, as long as you see trouble before it happens. On Friday the 13th, we are taking a look at how storage managers can paint themselves into a corner.

What are the warning signs that you may be headed for the Storage Styx? Follow along with us as we examine the leading pitfalls that tempt the unwary.

Getting Too Close to the Cutting Edge

Do you really need all those bells and whistles? In some cases, the answer may be yes, but for the majority of firms the answer is a categorical no, according to Joe Martins, research director of analyst firm the Data Mobility Group. All too often, he warns, IT managers see the latest technology as a silver bullet.

The analyst recounts the tale of a major telecom company, which recently got its fingers burnt by paying big bucks for a supposedly state-of-the-art storage resource management (SRM) product. "The features that they were hoping it would deliver, it didn't deliver, and they found that they had other products already in house that handled things just fine," he explains. "They overbought and spent tens of thousands of dollars that they didn't need to."Information Lifecycle Management (ILM) is another area where users should look before they leap, according to Martins. "They dont realize how many hundreds of applications and file formats that can encompass." Despite a plethora of hype from vendors such as EMC, however, some users have also started to voice their concern about the technology. (See Users Mull ILM Muddle, EMC Vows More for Infoscape, and ILM = Invest Lots More.)

Another emerging technology, the blade server, has also proved problematic. Last year, for example, energy consulting firm New Energy Associates opted to replace a slew of Dell blades with conventional servers, citing major savings in heat, power, and staffing costs. (See NewEnergy Chops Its Blades, Study Highlights Blade Disappointment, and Are Blades Cutting It?)

Consolidating Your Way Out of a Job

Listen to vendors, and consolidation, either of servers or storage, is a great way to boost efficiency and cut costs. (See State of Indiana Office of Technology, Convergent Roads Diverge, University Picks EMC.) While a number of firms have successfully achieved this, there are instances where consolidation has opened a can of worms.

"It's not unheard of to hear of a CIO who gets fired because a [consolidation] project fails after an over-zealous implementation," says Rob Whiteley, senior analyst at Forrester Research.Other users have also ended up with egg on their faces. "There have been companies that have bought the [hardware and software] capacity to do this, and not used it all," explains the analyst. "They will buy a lot of server licenses, and have these grandiose plans, but then, once they get it installed in a development network, they realize they are not ready to do it on their production network."

There are any number of ways that consolidation could turn into a potential career-buster. By directing traffic to a certain number of ports, firms run the risk of building queues and aggravating end-users within their organizations. There have also been situations where users that rely on a single vendor's gear have found their hands tied when they want to add other suppliers to their storage mix. (See Consolidation's Downsides.)

Storage managers should also beware the impact on their networking infrastructure, according to Whiteley. The current trend of consolidating hardware, such as file and print servers, from branch offices to central data centers, he warns, is particularly problematic. (See No Easy Fix for Branch Office Blues.) "Now, all of these system and application access requests have to traverse the network."

Next Page: Wearing the Compliance Target

Wearing the Compliance TargetCompliance has been the word on everyone's lips at recent storage conferences, evidence that storage managers are feeling the strain of Sarbanes-Oxley, the Health Insurance Portability and Accountability Act (HIPAA) et al. (See Storage Goes to Law School, ITIL Irritates IT Managers, and EU Compliance Looms for Stateside IT.)

But IT managers should resist attempts to push them into a compliance corner. "Management is overextending IT guys beyond what is their core expertise -- [IT] are going to be the poor guys that get fired," says Martins.

The analyst told Byte and Switch that it is not uncommon for firms to foist responsibility for HIPAA compliance, for example, onto the shoulders of an IT professional with little or no legal and compliance background. This, he adds, is simply asking for trouble.

"You're setting them up for failure," says Martins, explaining that an IT manager may not know what specific pieces of information he should be looking for. Email, in particular, he adds, is one area where there is immense potential to get into compliance hot water.

Email archiving, for example, has already proved crucial in at least one high-profile legal dispute, with the Securities and Exchange Commission (SEC) slamming Morgan Stanley with a $15 million fine when it was unable to produce email evidence in court. (See Email Travail, A Fine Mess,Email Looms as IT Threat,Stop That Email!, and Outsourcing Email Not an Easy Choice.)Tolerating Remote Renegades

Laptop thefts, such as the one that rocked the Department of Veterans Affairs (DVA) earlier this year, could have grave implications for IT managers. (See Laptop Liabilities.) In that case alone, some 26.5 million veterans and family members were put at risk of identity theft and fraud.

Thankfully, the DVA laptop was recovered a month after the theft, although the media circus that surrounded the Department could just as easily descend on your business. "It's something that users should be concerned with," says David Hill, principal at analyst firm the Mesabi Group. "This gets into the whole issue of not only Social Security and credit card numbers, but also sensitive business documents."

Users, however, have still got plenty of work to do in this area. In a recent user survey by sister publication Dark Reading, 61 percent of 229 security professionals reported they either don't have a policy for protecting removable storage devices, or their organizations were vulnerable because their policy was unenforceable. (See Portable Problems Prompt IT Spending.)

Over at the Mesabi Group, however, Hill says that help may be at hand from the Trusted Computing Group (TCG), a group of vendors which includes IBM, Microsoft, HP, and Sun. "The TCG is working on a technology that will eventually enable you to have full disk encryption on your PC," he says. "You're going to want to have that as a capability."Sticking to the Tape

Sadly, the list of firms that have had problems with tapes is growing. Chase Card Services, for example, recently hit the headlines when it had to notify 2.6 million Circuit City credit card holders that tapes containing personal information were "mistakenly identified as trash and thrown out." (See Chase Trashes Tapes and Chase Throws Out Tapes.)

Even NASA is getting in on this act. (See NASA Goes to the Dark Side and Houston, We've Got a Storage Problem.) Back in August, the space agency confirmed that it somehow managed to misplace 13,000 magnetic tapes containing data from the Apollo space missions. As well as moon buggy performance data, this includes astronauts' biomedical information, and, sadly, footage of the most famous step and line in history.

Such is the perceived vulnerability of tape that some IT managers are now looking to remove as much of it as possible from their infrastructures. (See The Year in Insecurity and A Tale of Lost Tapes.) One firm, for example, has already bought an EMC Centerra box to store its email in an attempt to get away from tape. (See Top Tips for Compliance .)

The Mesabi Group's Hill, however, urges storage managers not to get too caught up in the tape brouhaha. "There's a question of whether it's confidential information," he says, adding that not all firms need to store credit card and Social Security data on their tapes anyway.Got any additional warning signs to share? Hit the message board or write to us at [email protected].

— James Rogers, Senior Editor, Byte and Switch