Users Face Classification Crisis

The work users put into storage archiving, data protection, and disaster recovery could be for nought, unless they start classifying the mountains of corporate data held within their organizations.

"I don't know how you do data protection when you have an undefined mass of data," says Jon William Toigo, chairman of the Data Management Institute, and president of analyst firm Toigo Partners International. At a New York City event for IT managers this week, he warned, "The only way to build a data protection strategy is to understand the data itself." Firms will never lock down their back-end systems until they get their data sorted up front, he said.

Simply put, the problem facing many storage managers is an overgrowth of data, some of which warrants costlier treatment than other information. The process of determining the data that gets priority treatment on disk-based backup systems with higher-end security, though, requires sifting through terabytes or even petabytes of data. Users attending this week's event said identification must be followed by the application of stringent rules to complex corporate information and overcoming resistance from other parts of the business.

The bigger the business, the tougher the challenge. "It requires a lot of understanding of the business and the regulations you are working with," says Geoffrey Chen, systems architect at pharmaceutical giant Sanofi Aventis. "Because we have data centers in different countries, the regulations that we have to consider are not just from the U.S.A."

Chen is working on a country-by-country basis to solve his data classification problem. Long term, he's looking to ILM technology to help him harness his data. "The ultimate goal is to know our information better, save money, and streamline our storage," he says.But the exec would not reveal which vendors are in the frame for his ILM deal. "I am talking to everybody. I have set up a lab and we're testing equipment."

Other users have not even started their data classification work. "That's something that we haven't looked at yet," said a New York-based IT manager at a major financial firm, who asked not to be named. "But we're re-architecting our storage to get ready for something like this. We use HDS for primary storage, and we're looking at SATA disk as an alternative for less important data." This, he added, will replace a series of small SAN islands that his company currently uses.

Another publicity-shy IT exec from the utility sector admits his data classification task is a matter of urgency. "That's a major issue, without that, we have nothing," he says. "We're going to implode because of the amount of data that's being retained -- it's just getting extremely expensive."

But the exec concedes that, surprisingly, his own company is the biggest hurdle in his path. "I cant see [data classification] happening in the near future, because people are resistant to change."

The IT manager already has Hierarchical Storage Management (HSM) tools, such as Tivoli Storage Manager, at his disposal, which would let him classify his data, and he wants to set up a gold, silver, and bronze system for retaining corporate information. But getting other parts of his business to buy into this strategy is easier said than done. "It’s an internal problem, and there's a lot of people that are entrenched in the way that they do things."Data classification has implications for data at rest as well as in transit on the SAN. A recent Byte and Switch Insider suggested that firms should split their data into four distinct security categories, from high-end "mission critical" and "business critical" data, through to "important" information that can be easily recovered, and "non-critical" data that can be removed from the disaster recovery equation altogether. (See Insider: Encryption Means Planning and New Threats Drive Encryption.)

— James Rogers, Senior Editor, Byte and Switch

Organizations mentioned in this article: