In my travels and discussions, I'm always on the lookout for new ways to create more complete views of challenges we all face. Sometimes, I stumble on a useful graphic or picture that explains the concept in an interesting way.
My good friend Brian Fitzgerald (VP Marketing at EMC's RSA division) shared just such a graphic with me the other day, and I wanted to share it with you.
No earth-shattering insights here, just an easier way to explain multiple topics in a single motion.
Our Job Is To Protect Information, Isn't It?
I think most of us realize that information is pretty valuable stuff, and -- like all valuable stuff -- it should be protected against bad things happening to it.
But I'd offer that -- very often -- we understand some of the risks, but not all of the risks. Or we don't take a holistic approach to understanding and mitigating those risks.
The goal of this graphic is simple: drive a more complete discussion around protecting information and its value
with people who might not fully understand everything that's involved.
Let me know what you think?
1. Information Is Unavailable (Or Slow!)
This is our classic service level discussion -- if information can't be accessed when needed (or is unnecessarily delayed), well, that's a bad thing.
Here we have a very extended discussion about drives failing (or being too slow), controllers and I/O paths failing (or being too slow), servers, applications, networks, user devices -- the entire extended value chain from the little ones and zeros sitting on a piece of media, all the way to a user's eyeballs.
Indeed, I continue to frequently encounter situations where certain information access is deemed HA or performance sensitive, and only portions of the end-to-end chain has been addressed.
2. Information Is Corrupted
Information corruption happens more than most people think. Sometimes it's technology that does it, other times people are involved -- either through error, sometimes, malicious intent.
The best answer has been -- and always will be -- to create point-in-time images: backups, snaps, continuous logging, etc. A tiered approach makes sense for storage, it also makes sense for protection against corruption. The technologies keep getting better and better (think CDP, for example), but the rationale for doing so won't go away.
3. Information Is Deleted
I'm not talking about the everyday "whoops" scenario here, I'm talking about where data is intentionally deleted as part of normal policy and activities, and it isn't discovered until much later that it really was needed.
That's a tough one. Going with a "save everything for ever" policy is impractical on multiple levels, although I admit I've seen too many people attempting to do just that.
The best answer I've seen to this is to hope that your progressive tiers of backup can preserve things long enough to recover some weeks or months later.
And, yes, tape definitely has a role in this discussion. Don't get too excited, IBM ... :-)
4. Information Is Lost
As in "I know that darn thing is here somewhere".
Valuable information gets lost or misplaced all the time.
As an example, there are classic urban legends about oil exploration companies that misplaced seismic data and had to go gather it again for many millions of dollars. Or lawsuits where "smoking gun" documents are misplaced, and serious fines result -- never mind the day-in, day-out aggravation we all experience trying to find stuff we vaguely remember.
Sure, index and catalog schemes are nice -- but I believe something more will often required -- an additional unstructured way to get at the same data -- think search or tags.
Having multiple, somewhat redundant mechanisms to locate and retrieve a specific piece of information seems to me as the same sort of prudence we'd take with other forms of redundancy.
5. Information Is Given Away
"Given away" might not be the right term -- because this includes unwanted disclosure as well. Some information looks innocent enough in one context, but becomes a serious issue in others.
Good technology (like DLP) isn't enough here -- I would argue that strong information governance is required to do the heavy lifting on policy and procedure -- and especially weigh what kinds of information might create problems in unforseen ways.
6. Information Is Stolen
Yep, there are bad guys inside and outside our organizations.
And certain kinds of information are attractive targets for thieves. We've all heard stories about customer lists or intellectual property being lifted as an employee leaves a company, but some people are being far more creative these days.
Once again, using DLP to detect and remediate these risks appears to be the most promising direction today.
Where Do We Go From Here?
Let me hark back to one of my favorite analogies -- we need to learn to start thinking about information like we do money. We wouldn't tolerate money being lost, stolen, etc. -- and we're starting to think the same way about information.
A couple of things are clear to me -- learning to think holistically about the challenge is probably going to be a useful mindset in the future. It won't be enough to guard against one or two of these risks; we're going to have to have game plans for all of them.
Second, I can't see this as strictly a corporate IT discussion. We're all owners of our own treasure trove of personal information and content. And we certainly don't want any of these bad things to our own personal stuff, do we?
Of course, if you're familiar with EMC's portfolio, you know we have an inordinate amount of capabilities in all of these areas: from HA, backup and replication to indexing, search and tagging technologies, all the way to data loss prevention and information security. But we're not telling the story that way -- and maybe we should.
And finally, I think many of us who are way too close to these topics are going to have to learn how to back away from the gritty details, and have very patient discussions with people elsewhere in the organization who don't have the same mindset as we do.
And the sooner, the better ...
Comments