Information Age: News, analysis & insight for IT & business leaders

Protecting data is an expensive and time-consuming struggle for most IT departments. In fact, says Phil Goodwin, an analyst at IT market research company the Meta Group, back-up and recovery processes remain "a primary pain point for most storage support organisations", taking up around 60% to 70% of the time allotted to general storage management tasks.

Information lifecycle management (ILM), however, can help organisations take away some of that pain. Once data has been classified according to its value, a vital part of the ILM process is to apply policies that ensure critical data is not lost forever if a server fails, for example, or if fire or flood strike.

"ILM and business continuity are complementary, in that both are concerned with looking after data," says Nick Bunyan, IDC's European storage research director. "ILM is all about making best use of your storage assets by storing data on the appropriate level of resilient hardware. [And] you have to manage your data in a way that, if a machine breaks down, you are still able to operate as a business."

Many companies try to get round the data protection challenge by simply backing up every piece of data they hold - a practice sometimes known as 'blanket back-ups'. That is not a good strategy, says Randy Chalfant, chief technologist at data storage and ILM supplier StorageTek. "Not only are you opening yourself up to unnecessary costs in storage media - because you are probably throwing everything onto disk -- but you will expand your back-up window to a totally unmanageable length of time," he says.

Organisations that take that approach, he adds, commonly find that not only do they back up vast quantities of irrelevant or redundant data, but that redundant data is duplicated many times.

Back to basics

Under ILM, says IDC's Bunyan, a policy is applied to data or content, defining where it should be stored and what level of protection it should be afforded: "The clever way to do it is upfront, so you decide at the moment that you create the data what sort of protection you need to move it to. If you don't make some sensible analysis of your data, you can be holding a huge amount of data that may be of little use."

A good first step in the assessment process, then, is to categorise information according to its purpose and relative value. For example, finance employees may need access to the past month's transactions held in an accounting system in order to perform even day-to-day tasks. For that reason, this data must be rapidly available to them if the primary system fails.

Email archives, by contrast, will not require the same level of protection and may be stored, for example, in a near-line tape library. After a certain period (for example, one year) it may be sufficient to remove those tapes from the tape library and keep them in a secure storage facility, possibly off-site.

Once complete, classifications will span from data that is essential to the mission of the business to data that is merely convenient to retain (see table, Data protection levels).

The aim: to group data into categories based on each group's relative worth to the organisation and the risks to which it is exposed, based on probable risks (most of which can be found by looking over events in the recent past) and possible risks (those that are unlikely but could potentially cause the loss of data should they arise).

The next step is to apply different levels of protection to each group. Vital to that process is the understanding that not all data requires the same sort of protection all of the time. As Laurence James, ILM Solutions business manager at StorageTek UK explains: "The value of data typically changes over time, so you have to have a hierarchy of products at different price points, so that data moves through that hierarchy over time." Thus, it is critical that each level of that hierarchy offers a data protection level that makes data findable, movable and recoverable at each phase of its life. Not only that, but the speed at which it can be found, moved and recovered must meet business needs.

Underpinning these policies, meanwhile, are robust storage systems and media, also offering different levels of data protection. These might include, from lowest to highest:

° Automated tape back-up for a baseline level of data protection and availability;
° Disk-enhanced tape back-up for environments with lots of data to back-up within small windows;
° Disk journaling for continuous protection by capturing every data exchange, enabling fast recovery to any point and eliminating back-up windows;
° Disk mirroring with storage failover for high data availability and elimination of back-up windows.

"What disaster recovery and business continuity does is ensure information is available to you when you need to retrieve it whether it is on a server or a back-up tape or off site. ILM encompasses all that information," says Nigel Ghent, UK marketing director at storage systems and software company EMC.

Challenges ahead

Aligning existing disaster recovery plans with a new ILM strategy is a big challenge. According to Keith Tilley, UK managing director and senior vice-president of Europe at business continuity specialist SunGard Availability Services, the key is to keep one important issue at the forefront: information availability.

At all times, storage administrators need to be asking of line-of-business managers: "What quantity do you need back, how quickly and what does it need to look like?"

The answers, he says, will help their decision on the kind of back-up or replication to perform for each category of data or content. Those options include vaulting (overnight, point-in-time back-up) or more regular replication processes (such as every hour or for every transaction).

At the top end for vital applications, some companies have two physically separate locations with access to the same set of applications and data. If one site has a problem, the other takes over. "That's the highest level available," says Tilley.

Companies working on ILM and business continuity projects, says Tilley, should plan for worst case scenarios in order to ensure that they can quickly recover from more simple problems.

"What we do is look at the information and say what is the priority; what do you need back first? You might not need to have it straight away but you do need to be confident that, if you need to recover certain data, you can," he explains.

And in the final analysis, successful disaster recovery is the proof that you have established a successful ILM strategy in the first place.