Storage policies

Storage is one of those things that nobody thinks about until it runs out. End users just expect it to be never-ending, then shout and scream when capacity runs low. IT managers know it is not and face a constant struggle to provide the consistent level of service users expect without spending the earth.

Most firms simply end up stumping up extra cash for ever more storage capacity - recent figures show that 80 per cent of IT managers bought storage capacity beyond their needs. But while easy to implement this is not cost effective. In fact a recent survey revealed that three quarters of the cost of storage goes on administration and maintenance, which means that buying more capacity effectively costs businesses twice over.

There is still an issue to be addressed here, however. Data storage needs keep expanding with regulatory concerns increasingly having an impact, the stuff still needs to go somewhere. By one estimate there are currently 15,000 pieces of legislation and directives pending in the US on how information must be stored, accessed and maintained over time.

So you can see that there are some very good reasons to establish a storage policy. It will save you money. It will save you time. And it might even save your business. But how do you go about setting one up?

The main considerations in establishing a manageable storage policy are human, business and technical. For a storage policy to work it must cover everything from primary storage for active applications to archive management to disaster recovery to protocols for laptop use.

The Technology

A storage policy is as much an exercise in how to use your existing infrastructure more effectively as it is buying new hardware. Data storage policies tend to build up organically and unchecked over time in most organisations and this means that, quite often, information is stored on inappropriate platforms. If you don't need to access information instantly, for instance, why store it on an expensive storage platform such as Fibre Channel?

So before you do anything you'll need to find out exactly how much capacity you have and which platforms make up that capacity. And while you're at it, conduct an audit of your backup procedures. A good storage policy will need to detail when backups occur, put in place procedures that verify all your data can be retrieved and will put in place plans for disaster recovery (keeping backups of all of your data secured at another site, for example).

The Business

Statistics say that businesses are generating more information than ever before, causing headaches for IT managers. But even when you know how much there is, do you know how much it's worth? Put another way, problems will arise in assigning value to the data. So the challenge surrounds knowing which data is valuable, which is critical and which is worthless. When it comes to finding out what constitutes valuable data, begin with senior management. Like the fable of the man asking the King to double the grains of rice on each square of the chess board you will now begin to see how you generate much more information than you thought possible and which outside forces will shape your policy.

The main external force is regulation. From the United States there is the Sarbanes-Oxley Act which directs how businesses must protect their data. This affects not just US businesses but also their foreign subsidiaries. In Europe there is the European Banking Capital Accord, or Basel II which requires companies to show how they can maintain operations in the event of an IT failure. There is the Data Protection Act in the UK, which governs how businesses and institutions must store personal data. There is the Freedom of Information Act which affects not just public bodies but has implications for any business trading with the public sector. And there are plenty of others. Which do you have to comply with?

Email to a friend

Print this page