Information lifecycle management (ILM) has found new life in compliance over the past two years. Some say it could be the Next Big Thing in enterprise computing. Still, ILM recalls the old story about blind men describing an elephant: how you define it depends on which part you're touching.
In particular, storage managers see ILM as an adjunct to tiered data storage—a set of rules that defines where on the spectrum of storage alternatives a piece of information should live and when it should move to a different storage type. ILM offers a viable strategy for the organization and eventual disposal of mountains of data. Storage equipment makers and a growing body of software developers see it as a golden opportunity.
Michael Peterson, president of IT consulting firm Strategic Research Corp. and program director of the Storage Networking Industry Association's Data Management Forum, sees ILM as a point of convergence among several different disciplines. In the past, Peterson says, business groups have owned the information; records managers have owned the processes; and IT has owned the data center infrastructure. "They've always been separated in the past, but now they're coming together," he says. And ILM is the toolset that enables the different disciplines to collaborate.
Driving interest in ILM are risk management concerns, pressure to cut operating costs, and compliance requirements. Peterson notes, "Compliance gives information another point of value. We used to think of information as the chief asset of the company, but now it's also the chief liability and a chief competitive tool. Compliance probably lands in the liability area—failure to comply is a liability.
"Look at what's happened to all the companies that have had exposed data or lost data recently. Look at the shareholder interest, the reputation loss, the negative publicity. That's a big liability; that's a new dimension to the value of information that we've never had before. The value of information is being extended into new areas."
Regulatory requirements complicate ILM by overlaying sets of rules on top of the age and access-frequency guidelines that would otherwise determine how information is stored and when it can be destroyed. "In a compliance environment, the fact that something hasn't been touched for a period of time, or the fact that something is old is not a reason in itself to do something with it," says John Mancini, president of the Association for Information and Image Management (AIIM).
"It gets more complicated, because you start to get into questions like: Who created the information? Who had access to it? How long does it need to be kept? What is the likelihood that we might be called upon to reproduce the information in a short period of time?" Further muddying the waters is the fact that the answers to those questions depend on the regulatory environment in which the company operates, Mancini notes.
Both Mancini and Peterson maintain that ILM is more a process or a management exercise than a specific software or hardware solution, and both see links and similarities between it and earlier processes. Mancini notes that it's not much different from enterprise content management, a discipline AIIM has been promoting for years. "I think in some ways [ILM] is a storage-centric way of looking at the problem versus a process-centric way of looking at it." Peterson notes strong links to hierarchical storage management, and like Mancini, credits the storage manufacturers with inventing some new twists and shifting focus to ILM.
Mancini and Peterson also agree that ILM will eventually fall under IT's aegis. But although storage equipment makers and some software developers are lining up behind the ILM banner, so far there's no out-of-the-box ILM system, he adds. The real technological breakthrough—Peterson expects it within the next year—will come with systems that can root through a huge volume of data already on disk or tape and classify it according to ILM rules.
While the experts discuss ILM's provenance and likely future, some leading-edge companies are moving ahead with implementation. One of them is a prominent Wall Street brokerage, which asked not to be identified. The firm's ILM efforts grew out of earlier programs aimed at controlling paper records. As a securities firm, the company is governed by SEC rules and must be able to demonstrate compliance with regulations like 17 CFR Part 240.17a-4 (guidance on the electronic storage of broker-dealer records). Moreover, some information—recent trading data in particular—is important in marketing efforts.
The company operates a three-tier storage system, which segregates data based on how it is used and regulatory storage requirements. The top tier is a fast, and fairly costly, battery of devices, provided by vendor EMC. The bottom tier is a magnetic-disk-based WORM system, also from EMC. Absent altogether from the system is tape storage. The technology executive responsible for ILM says that tape's price margin over disk has narrowed and any cost advantage is eaten up by the manual intervention that tape storage often requires. Overseeing the system is an application from vendor AXS-One. The software allows the storage manager to capture, archive, manage, and audit a wide variety of information, including e-mail, images, print reports, electronic documents, and ERP-generated data.
Compliance requirements basically boil down to limitations on when information can be destroyed, notes the executive. Although that may seem straightforward, compliance data often requires related, secondary information for support, and identifying that information can be one of the more challenging aspects of a tiered storage strategy.
Bob Mueller was a contributing editor for the IT Compliance Institute.
This article originally appeared at itcinstitute.com. Copyright 2008, 1105 Media Inc. Reprinted with permission.