Removable media such as tape and CD media disintermediates the data from the application that created it and thus the ability to quickly identify physical losses such as the one that occured with Deloitte and Touche recently.
A Deloitte employee lost an unencrypted CD that contained personal information regarding McAfee employees and their company stock option plans. What’s worse is that it was left on an airplane — not destroyed in a server failure that would otherwise go unreported.
This is a huge problem for companies. Deloitte is just the most recent in the spat of firms that have suffered PR nightmares by losing removable media. Time Warner, Iron Mountain, UPS, and Citibank have suffered similar losses involving removable storage media and personal information.
Portability of media is indeed useful, but introduce the human element and big problems arise. Actually, it’s not just removable media that exhibits this problem — it’s backup in general.
Backup applications create “backup sets” that usually contain media of some type — usually tape media since it’s relatively cheap. More recently, companies are using disk based backup since the price/performance ratio is pretty good these days. But whether it’s actually removable media contained in the backup set or SAN attached disk makes very little difference after the backup process itself has occured.
Backup applications themselves usually know very little pertinent information about the data being managed. They only know about physical storage descriptions like a file system and possibly a database such as Oracle or SQL Server. Backup applications know nothing about the value of the data itself like the name, SSN, and other meta data that may relate to that data.
The backup set, once created and populated with data, no longer has any meaningful connection to the process-based application that created the data. It’s managed independently and thus creates a huge problem on many levels in all industries.
The examples of this are fluid and the problem is obvious, but the most appropriate solution is far from easy and likely impossible. Why is it impossible? That’s a subject for a couple of beers and a late night. Wait — I did that recently….
The root of this problem is 30 years old. The file system, in it’s modern form, is not capable of dealing with the requirements of today’s datacenter and the compliance challenges exerted on every industry and market. It has long been used as a cheap and loose integration point between process based applications used by business people and infrastructure apps in the datacenter. Ineffectual database architecture by the likes of Oracle and Microsoft just exacerbate the condition. (Pssst Microsoft: adding relational database features to the NTFS file system won’t solve this problem either unless developers take advantage of it.)
Separating data from the business logic in the process of management is a bad thing. The problem will only get worse.
{ 0 comments… add one now }