In 2015 Storage Switzerland is again partnering with Storage Decision / TechTarget to deliver a 13 city road tour on data protection, entitled “Backup 2.0”. As I discussed in a previous column, in these sessions we are going to break a lot of rules, and one of the more controversial designs we will discuss is how to design a “forever retention strategy”.
Of course when we talk about retaining information forever the first question is, “Why would you want to do that, aren’t you exposing the organization to…”?. The answer is yes, but the organization is already exposed. By deleting information after a set period of time the organization may be erasing the very information that it could have used to exonerate itself.
Let me provide an example from my CTO past. We had a client that had installed an email archiving system. Prior to the installation of that system their policy was to delete all email after 90 days, and they were quite strict about it. During the design of the project we asked that organization’s CIO to consider retaining email in the archive for 3 years. I wasn’t yet enlightened about the idea of forever.
About six months after the installation was complete, the organization was sued for wrongful termination over inappropriate emails. The company claimed that they terminated the employee for lack of job performance, however the employee claimed they were fired because they complained about the emails. The emails this employee received were indeed inappropriate. The archive system showed that this employee had forwarded these emails to their personal email account the same day that they were terminated. These were the emails that the employee was using as proof.
The archive system also showed that the employee had received the emails four months before but there was no record of a complaint being filed with that employee’s manager or human resources. Finally, it showed that the employee had forwarded the theoretically offensive emails to some of their friends with “isn’t this funny” at the beginning of the forward. The fact that the employee maintained a copy of the emails for so long, plus the evidence that the emails were forwarded to friends was enough to get the case dropped.
The important lesson here is not only that the archive system saved the day, because it did. But that had the organization stayed with its 90 day retention policy it would have deleted the very emails they eventually ended up using to defend themselves.
The Monetization of Data
The above example provides a “keep the company out of trouble” motivation. There are also “make more money” examples thanks to analytics and big data. These initiatives all count on there being a pool of data available from which to extract information. The larger and more historical that pool the more accurate the results of an analysis can become.
Hopefully this column provides some motivation to start thinking about keeping data for a longer period of time than you do today. In our next column we will discuss how exactly to design a storage infrastructure that can cost effectively store data and make sure that data can be found, forever.
In our Backup 2.0 Road Show, we will break old rules to meet new data protection requirements. In our workshop we will share Storage Switzerland’s real world data protection designs that leverage snapshots, copy data, recovery in place, and the cloud to meet the strictest of RPOs/RTOs while safely and cost effectively creating long term data protection strategies. We end the day with a deep dive on how to truly leverage the cloud, not only to meet data protection needs, but how to leverage the cloud as part of your primary compute strategy. We are coming to a city near you, but space is limited so sign up today!