IBM Global Services

Managing data in the 21st century
The amount of data generated by organizations continues to grow at a staggering rate. Conservative estimates from the International Data Corporation (IDC) show data expanding approximately 50 to 80 percent per year, while other industry analysts place the growth rate closer to 100 percent annually.1 In addition, sources estimate that data now constitutes 80 percent of all corporate assets. Likewise, the costs associated with managing and storing everincreasing volumes of information are increasing dramatically. Sources estimate that these expenditures can be anywhere from three to 10 times the cost of the storage system itself, depending upon the degree of storage centralization and consolidation within the environment.2
Introduction Increasingly, data is viewed as a core business asset. Yet many businesses have grown used to having slow access or no access to applications during data backup and recovery periods. While this may have been acceptable in the past, the requirements of today’s on demand, 24x7 world call for seamless, virtually anytime/anywhere access to information and applications. Companies of all sizes must also consider that backup and recovery are no longer separate processes.

Managing data in the 21st century

IT budgets, on average, have not kept pace with the growth of data. This situation is continuously straining organizations’ infrastructures and compromising their ability to adequately protect and recover information. At the same time, administration of data for compliance availability and recovery can take a giant chunk out of an organization’s data-management budget. Organizations that have historically treated budgets for backup, storage and recovery as isolated entities must now address them as one integrated process enterprisewide. Organizations must manage access to a growing range of information, including data for operational processes, regulatory compliance and recovery activities. In particular, the growth of regulatory information and digital assets retained for reference and value — including e-mail and e-mail attachments; presentations; CAD/CAM designs; Web content; medical images; and more — is quickly outpacing that of traditional operational data. With the downturn in the economy, complying with standards, best business practices and regulations — a growing amount of which now dictate continuous availability of business information — is becoming mandatory. At the same time, companies must continue to optimize costs on supportive infrastructure processes as well as expenditures associated with traditional backup storage/retrieval and restoration processes.

Optimizing spending on day-to-day backup processes allows businesses to transfer the savings to be more effectively used in support of an improved recovery posture. In addition, this can help improve operational efficiencies, and the reduction of cost. This involves learning how to utilize tools, techniques and solutions that are not only effective, but also imply a sound return on investment (ROI).

Conservative estimates from the International Data Corporation (IDC) show data expanding at a rate of 50 to 80 percent per year approximately, while other industry analysts place the growth rate closer to 100 percent annually.

2

Facing ever-increasing regulatory requirements
Given that a large percentage of companies that lose their data in a disaster shut down permanently, organizations have a responsibility to their shareholders to properly manage critical business information. The inability to access information means unknown delays in conducting business that can negatively impact the bottom line. While the data generated in the average organization is increasing in volume and diversity, the time available for backup and the time allowable for recovery is decreasing. The Health Insurance Portability and Accountability Act (HIPAA), for instance, requires confidentiality of patient information, which often must be readily available. Similarly, the Sarbanes-Oxley Act stipulates that certain financial records must be retained for a specified amount of time. It also compels companies to establish an infrastructure to protect records and data from destruction, loss, unauthorized alteration or other misuse — holding executives personally liable for the inability to recover those records. Yet, keeping pace with and sifting through the ever-changing regulations that govern offsite data protection and retention periods is a challenging task for businesses across industries. Companies need assistance in understanding new requirements and implementing compliance policies, and must verify that content is kept safe and unaltered for the required period. Content that must be kept is an asset; content retained past its retention period may become a liability. These dynamics mandate tight coordination of the content lifecycle — key to improving corporate operations and driving new value.

Content that must be kept is an asset; content retained past its retention period may become a liability.

3

Managing data in the 21st century

Industry-spanning regulations...data centric, driving diverse data-storage requirements Each industry has its own set of regulations for storing and protecting data. The rules are constantly changing. The following are just a sampling of the myriad regulations across industries: • Sarbanes-Oxley Act — This 2002 corporate anticrime law applies to all publicly traded U.S.-based companies, and requires CEOs and CFOs to certify the accuracy of their company’s financial results. While the act doesn’t specify storage requirements, storage plays a key role, as it pertains to records retention. • GoBS — Generally Accepted Principles of Computer-aided Accounting Systems (GoBS) is a German banking law referring to the use of computers in maintaining books and other necessary records; regulations such as “an entry may not be altered” have specific storage technology implications (WORM). • SB 1386 — California Senate Bill 1386 is a consumer privacy bill affecting all companies with customers residing in the state of California. While the bill contains no specific storage technology requirements, it offers companies large incentives to consider data privacy. • SEC 17a-4 — This SEC regulation for financial institutions details what data must be saved, how long it must be retained, and on what type of media — resulting in a significant storage impact. • National Association of Securities Dealers (NASD 3010 & 3110) — NASD 3010 monitors electronic communications in securities industries; NASD 3110 specifies a retention program for all correspondence. • USA PATRIOT Act — This act requires the development of anti-money-laundering programs, bans offshore “shell” banks, and increases data availability and accessibility to the federal government. • Gramm-Leach-Bliley (GLB) Act — The GLB Act, which protects the privacy of consumer information held by financial institutions, has very specific data-storage security requirements. • Check 21 — The Check Clearing for the 21st Century Act provides a legal structure for banks to clear checks based on electronic images, which require storage. • BASEL II — The 1988, G10 countries’ New Basel Capital Accord (BASEL II) goal is to regulate capital requirements for credit exposures. Basel II could consume as much as 10 percent of the banking industry’s IT resources over the next three years.

4

Whose responsibility is it?
Traditionally, one of the primary responsibilities of a corporate executive was to optimize cost; maintaining business continuity and data center availability were considered “luxuries.” Thanks to changes in corporate governance
3

What are the top three applications that are most critical to your organization from a backup and recovery perspective? 222 respondents answered 5: • 61 percent: e-mail/messaging • 37 percent: OLTP/OLAP/RDBMs • 32 percent: Financials • 29 percent: Business intelligence/data warehousing • 21 percent: Customer relationship management (CRM) • 13 percent: Enterprise resource planning (ERP) • 11 percent: Supply chain management (SCM) • 10 percent: CAD/CAM

and responsibility (due in large part to headline-grabbing accounting scandals, plus the threat of terrorism), executives now have a clear duty to protect their business’s data. Decision-making responsibilities surrounding the storage and recovery of an organization’s data are no longer the exclusive realm of the IT department. Everyone now plays a role in verifying that enterprise assets are safeguarded and available — from the CEO to line-of-business executives responsible for corporate asset protection, to IT experts and technologically informed C-level managers. These key players must analyze their organizations’ business needs, state and federal regulatory requirements, as well as the potential threats to system uptime and data retention.

Relying on tape alone for data recovery is no longer a best practice.4

5

Managing data in the 21st century

Those charged with optimizing ROI, streamlining processes and operational efficiencies, and reducing costs and complexities should also understand the spectrum of possible threats to their information assets, and stay informed about the technologies used to combat them. Only then can they apply the appropriate solution to help ensure that their organization’s information assets are properly equipped with efficient backup, retention and recovery processes.

Recovery point objective (RPO) measures the point in time at which an organization needs to restore information — or, simply, how much data it can afford to lose. This can be anywhere from seconds to days before a disruption. For example, if an organization using traditional tape-based backup processes experiences database corruption, then its point of recovery would start from the last backup, which could be from the previous night. Recovery time objective (RTO) is the length of time it takes

Evolving regulatory requirements, coupled with the need to rigorously adhere to best practices and regularly test their data-recovery capabilities, are driving organizations to reevaluate their current strategies for assuring business continuity and disaster recovery, and develop backup and recovery solutions that address both local and regional situations. At the same time, companies must establish reasonable expectations in terms of the costs associated with such solutions, and determine the level of risk the enterprise and its associated business functions can assume — currently and into the future — with appropriate budget allocations. Organizations must also weigh the cost of data availability against business risk and consider all vulnerabilities, both perceived and real.

for a company to resume business operations following an outage. For example, if an organization’s RTO is to have a particular data set available within three hours after a disruption, then that objective should drive the infrastructure’s design for data protection.

6

Today’s conundrum: Supporting next-generation requirements with past-generation processes
Data recovery requirements have changed dramatically and transactions have increased substantially over the last five years. Yet data backup processes remain the same as they were 35 years ago. In most cases, nightly incremental and weekend backups are just not enough to meet today’s requirements of little to no downtime. What’s more, costs associated with downtime and unavailable data are exorbitant across industries. Identifying the necessary RTOs and RPOs for each Without efficient and appropriate data backup strategies and processes, organizations can find it difficult to perform effective data recovery and meet today’s recovery time objective (RTO) and recovery point objective (RPO) requirements. At the same time, enterprises need to verify that their data availability and recovery infrastructure is specifically configured to meet changing RTOs. Depending on the industry, the need to develop different RTOs for different types of data may vary. For example, a brokerage firm might determine that it has to be able to recover its e-mail data within seconds of an event; a government office may only need an RTO of several hours. Rapidly growing data volumes can negate the sole use of tape-based backup as a complete solution. This is a particularly acute problem in distributed and open-system environments, where traditional management tools are key business function can help organizations efficiently allocate resources. Consider, for example, a billing application. Although critical to the business, the billing process in many organizations has a fairly lengthy RTO. In these cases, the cost to have an RTO measured in hours does not make business sense unless interdependencies present within the system cause another crucial business function to fail.7 Ultimately, the owner of the business function must decide on the appropriate level and type of recoverability, and leaders of the enterprise must prioritize across business functions. While last night’s copy once provided a commonly acceptable RPO, most organizations are now striving to reduce the amount of data exposed to risk during the production day.6 Like RTOs, organizations must establish different RPOs for each specific type of enterprise data; business-critical data is typically given a shorter RPO, while less-critical data can be given a longer RPO.

7

Managing data in the 21st century

not applicable. Relying solely on traditional tape-based backup methods may no longer meet a company’s evolving needs. While tape provides low cost method for storing vital information, new technologies have emerged that augment traditional tape processing, and may reduce both the RTO and RPO times. Organizations are often unaware of the costs and restore capabilities of their current backup process — making it difficult to compare new solutions and therefore justify adopting a new solution. Data protection at remote data centers can also be costly. Lack of expertise can lead to a poorly implemented storage architecture, which can force companies to purchase a large amount of storage, additional tape libraries and backup licenses they may not need.

The impact of downtime spans industries All organizations across industries are susceptible to the detrimental effects of data outages and downtime. Although revenue actually lost depends on the criticality of the system experiencing an outage as well as the number of users affected, businesses can nonetheless experience significant immediate losses — resulting in negative publicity, loss of customer trust and a host of other intangibles. Consider the following: How much is one hour, for instance, of downtime worth to each? • A brokerage firm handling two million transactions . . . • A home shopping network receiving 300,000 calls . . . • An online advertising campaign getting 500,000 hits . . . • A credit card sales authorization company processing 750,000 transactions . . . • A manufacturing organization producing one million parts . . . • An ATM dispensing 15,000 transactions . . . • A healthcare organization managing 10,000 medical records . . . • A transportation company shipping 30,000 packages . . .

Enterprise Storage Group predicts that worldwide storage of compliant records will increase from 376 petabytes in 2003 to more than 1,600 petabytes in 2006.8

8

Electronic data management readiness: Assessing organizational requirements
Answering the following questions can help you assess your company’s readiness for electronic data management. 1. Are you satisfied that your company is compliant with all data centric regulations? 2. Is there a linkage between those regulatory requirements and your current data management processes? 3. How well do current data backup processes support your business requirements for data recovery and protection? 4. Is your current backup window beginning to impact your production activity? 5. Do you know how much your organization is currently spending on tape-based backup recovery? 6. Are you certain that your enterprise is spending that money optimally? 7. Do you understand the risks that might impact your operations or regulatory compliance? 8. Do you have a data backup, retrieval and recovery strategy in place? 9. If so, does each component of the strategy fully support your organizational goals? Companies can also enhance productivity, sharpen decision-making capabilities and drive revenue by gaining faster, easier access to important information. What’s more, organizations can improve their RPO and RTO by implementing technologies that allow live, frequent and strategically timed recovery points that help reduce the impact on production systems. Reaping the benefits of a new-century approach Building effective data management processes can help companies strengthen their competitive advantage, lower costs and reduce the risk of losing data. It can also heighten their ability to demonstrate regulatory compliance and better plan for future requirements.

9

Managing data in the 21st century

Traditional tape backup is no longer the only viable option for rapidly growing storage requirements
In today’s distributed environments, traditional tapebased backup is no longer the only viable option for rapidly growing storage requirements. Implementing an integrated approach is imperative, and must address the three major issues of data backup: storage, retrieval and recovery. To optimize spending, companies must consider the most appropriate, cost-effective solution. Although many competitors are touting themselves as having the best software, hardware or appliance solution, IBM has the technology, solutions and depth of skills to integrate best-of-breed hardware, software and services into cost-effective and managed solutions. At the same time, IBM can identify the best, most appropriate solution to meet individual client requirements. Companies across industries of all sizes can look to IBM as a trusted advisor for addressing the issues of data management. With a comprehensive range of options and approaches companywide, IBM is providing fully integrated offerings — solutions that are helping our clients justify, design, deploy and manage robust, efficient and effective data management programs relevant to the needs of twenty-first century businesses.

10

Summary
Costs associated with managing and storing the burgeoning amount of enterprisewide data continue to expand exponentially. Now, more than ever, companies need to analyze their ability to backup, recover and manage that data — which is now the key business asset. As businesses continue to do more with less, they are inadvertently exposing their environment to a number of liabilities. At the same time, it is imperative that they comply with standards, best business practices and regulations. Companies must make information available to the appropriate people at the appropriate time, leveraging solutions that are not only effective, but also optimize ROI. Efficient ibm.com/services/continuity For more information To find out more about improving operational efficiency and cost optimization; enhancing data security; addressing regulatory compliance; or improving business resilience, please contact your local IBM sales representative, or visit our Web site at: backup is the basis upon which an effective data management solution can be built. Using automated backup, replication and restoration solutions helps organizations reduce costs and complexities, streamline operational efficiencies and gain significant competitive advantages.

11

© Copyright IBM Corporation 2005

IBM Global Services Route 100 Somers, NY 10589 U.S.A. Produced in the United States of America 11-05 All Rights Reserved IBM, the IBM logo and the On Demand Business logo are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. Other company, product and service names may be trademarks or service marks of others. References in this publication to IBM products or services do not imply that IBM intends to make them available in all countries in which IBM operates.
1

Market View, META Group, April 1, 2004. Paul Mayer, “Data recovery: Choosing the Right Technologies,” Datalink Corporation, October 2003. “A Comprehensive View of High-availability Data Center Networking,” META Group white paper, April 2004. Market View, META Group, April 1, 2004. “Market Update,” Network World, March 29, 2004. Paul Mayer, “Data recovery: Choosing the Right Technologies,” Datalink Corporation, October 2003. “A Comprehensive View of High-availability Data Center Networking,” META Group white paper, April 2004. Elizabeth Clark, “Data Retention Regulations — Keeping IT Legal,” Network Magazine, March 2004.

2

3

4

5

6

7

8

G510-6052-01

Sign up to vote on this title
UsefulNot useful