By Koh Ee Laine

The surging cost of storage is a headache to many companies as they deal with issues in managing and storing data, and addressing question on what information should be retained, how the information should be available, and how long should it be kept?

The consequences of information management missteps are severe and far-reaching. It is now 1,500 times more expensive to review data than it is to store it, highlighting why proper deletion policies and efficient search capabilities are critical for enterprise organizations. Backup windows are soaring while recovery times have become prohibitive. In addition, with the massive amounts of information stored on difficult-to-access backup tapes, eDiscovery has become a lengthy, inefficient and costly exercise.

Symantec’s 2010 Information Management Health Check Survey, highlights that a majority of enterprises are not following their own advice when it comes to information management.  While a large majority of respondents believe in the value of a formal information retention plan, but only a small number actually have one.  The survey also found that too many enterprises save information indefinitely instead of implementing policies that allow them to confidently delete unimportant data or records, and therefore suffer from rampant storage growth, unsustainable backup windows, increased litigation risk and expensive and inefficient discovery processes. 
Infinite retention results in infinite waste

Enterprises see the value of a solid information management plan, but too many still follow the outdated practice of keeping everything forever. The sheer volume of data is growing exponentially, so trying to keep everything consumes large amounts of storage space and demands too much of IT's resources.  As a result, businesses spend far more time and money on the negative consequences of poor information management and discovery practices than they would by working to change them. 
Recommendations

Enterprises need to regain control of their information.  The costs of waiting for the perfect plan are far outweighed by the benefits of being proactive. The following are some recommendations from Symantec to address the issue:

Backup is not an archive, and it is not recommended to use backup for archiving and legal holds.  Enterprises should retain a few weeks of backup (30 - 60 days) and then delete or archive data in an automated way thereafter.

By using backup only for short-term and disaster recovery purposes, enterprises can backup and recover faster while deleting older backup sets within months instead of years.  That’s a huge amount of storage that can be confidently deleted or archived for long-term storage.

Implement deduplication everywhere within applications and within a backup environment.  Enterprises that deploy deduplication as close to the information sources as possible free network, server and storage resources. When deduplication is combined with shorter retention periods, enterprises enable tapeless disaster recovery via replication for better SLA.

Enterprises should also develop and enforce information retention policies (what can and cannot be deleted, and when) automatically.  Automated, policy-driven deletion creates less risk than ad-hoc, manual deletion. Use a full-featured archive system to make discovery as efficient as possible.  Companies can then search for information more quickly – and with more granularity than they would in a backup environment.  This will reduce the time and cost it takes to evaluate litigation risk, resolve internal investigations and respond to compliance events.

Enterprises should deploy data loss prevention technologies to measurably reduce their risk of data breaches, demonstrate regulatory compliance and safeguard their customers, brand and intellectual property.  IT administrators should look for a solution that discovers, monitors and protects confidential data while providing insight into the ownership and usage of information.

In all cases, the confidentiality, integrity, availability, and accountability of information should be preserved in a secured manner. Any sensitive information needs to be protected at every stage of its lifecycle in the organisation including handling, storage, and archival. Information retention plan need to address these issues well. A common pitfall for many organizations can be either keeping information for too long or not destroying it completely.

Koh Ee Laine is Senior Technical Consultant, Pre-Sales with Symantec,, Malaysia

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world.  Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com