Try asking enterprise executives what policies they have in place to ensure legislative compliance for their information. If you get a positive reply, be very sceptical; a negative reply probably represents more realism.
Compliance is becoming a bogeyman for some of the big enterprises after recent debacles where requested information was not easily forthcoming - leading to huge fines and jail sentences. However, compliance is only symptomatic of a more intractable problem.
Wouldn't it be great if there was an enterprise-wide information policy which filtered down into each line of business (LOB) division and was applied in a standardised way right down to where it matters - where the data is stored and managed, typically in one or more data centres. Dream on? Well, maybe.
For now, the guys running the enterprise have no real idea what goes on in the "engine room" while the IT guys have little say and are too busy fighting storage capacity and performance fires to be concerned about what is where, beyond "we better keep it all forever, just in case". The CIO, even if holding a boardroom place, lacks any real jurisdiction over the business functions.
A company "doing very nicely thank you" out of this problem is US 2000 start-up NovusCG, which is just launching in the UK. It spotted a niche among the very largest multi-national organisations, who typically squander their intellectual capital on a bigger scale than everyone else. It has been working with the top executives to bring some sanity back - for good money.
In simple terms the company uses engineering skills and tools to help the large enterprises get a grip on what they have and where, from which they can isolate and drive out unnecessary complexity. Large enterprises are big on M&A and always tend to have a huge mix of kit, so this process starts as a "see the wood for the trees" exercise.
"Storage is the eye of the IT storm," said NovusCG CEO Sean Garvey, who summed up the first stage in an interesting process by saying: "We attack undue complexity, capture it and drive it out." A detailed process results in a set of detailed recommendations covering the next few fiscal implementation years - a roadmap to follow, moving the enterprise to what Garvey calls a goal state.
However, this is not the core of the process. According to Garvey, the aim is to get to a holistic, "end-to-end" vision for delivering enterprise storage business solutions. The company uses tools-driven methodologies to identify weaknesses and promote standardisation in the way things are done - and this in turn leads to improved systems reality and resilience. But the big thing here is LOB insight, along with geographical and cost code breakdowns.
Skipping much of the complexity and steps within its methodology, we move down to application information alignment, what Garvey describes as "real ILM" [information lifecycle management]. He makes the point that it is the applications that hold the real value to the business. One LOB uses some applications and another uses others; however, there are invariably interdependencies and the degree to which these exist is not well documented. So the information each application uses tends always to go into the most expensive tier 1 storage.
NovusCG has a tool that identifies these interdependencies then provides information to show how the enterprise can move many of their applications' data to Tier 2 or, especially, to Tier 3 off-line storage. Once set in place, that is where it can stay, and costs are immediately reduced. While business divisions may start by claiming they must place it all on tier 1, this is never the case. A change can be encouraged by implementing a charge-back system, with each department saving on internal charges for using lower performance storage. Finally, as the process drills down to the applications' data, so a more sensible storage strategy will naturally emerge.
Of course, the complexity of doing these things is much greater than described. But large enterprises will pay for the service because - almost unbelievably considering how dependent they are on their IT infrastructures - they have no real clue what they have.
So what about compliance in all this? Garvey sees this is a different problem but is entirely supported by this approach. He believes it presents the biggest dollar risk and so the finance director and risk officer will be especially interested. The company is working with a US law firm in producing its "C360" software designed to help ensure the legal requirements identified for compliance are implemented reliably in practice.
"It addresses the chasm between the boardroom and the data centre," said Garvey. How it does this is through such items as legal, corporate and data management gap analyses, leading to 360 degree risk remediation strategies, as well as (rather more soberly) litigation support services.
However, Garvey is aware that there is a very big test to come in this process. For the first time, senior executives are really going to have to get together with IT management to make this happen - and not before time.
Copyright © 2007, IT-Analysis.com