News
6/3/2011
12:08 PM
George Crump
George Crump
Commentary
50%
50%

How To Design A 100 Year Data Retention Strategy

A cost effective hardware strategy is only the first step, a process and software strategy is vital to identifying for retention and moving it from primary storage.

100 years is a long time to retain anything let alone electronic data. While not everyone needs to retain data for that long, most organizations have retention needs at least in the seven to 10 year range. Most modern storage systems, however, are not designed to last more than five years, so how to create a storage strategy that can retain data for more than a century?

There are two components to a 100-year retention strategy. The first is to develop a hardware strategy that can cost effectively store that data for the next 100 years. The second is to develop a software and process strategy that will identify and move data to the retention storage area, ideally removing it from primary storage. I believe we need to be driving toward a data center where primary storage is small, fast, and only used for the most active set of data. Even at today's prices, many environments could be solid-state storage only for their primary tier.

I am specifically avoiding calling this storage area an archive tier. Using the term archive implies that this data will be moved to the archive, never to be accessed again. Thanks to initiatives like analytics, litigation management, and compliance, this data will be accessed and the system needs to be able to deliver that data in a timely manner relative to its age and no matter what all the data needs to be easily found.

This does not mean though that the disk tier needs to be disk only. I struggle with how organizations are going to afford to be able to keep 100 years of data on spinning disk. I don’t think all the power management and deduplication in the world is not going to make 100 years of disk only retention a reality. Additionally tape has overcome some of its challenges when it comes to use as a long term archive specifically in the form of the Long Term File System (LTFS) as we discuss in our article "What is LTFS?". The answer for the retention storage area is going to be a mixture of tape and disk.

The disk component needs to be a scaleable infrastructure where nodes of storage can be added to the disk area. More importantly, as we describe in our recent article "Building Affordable, Scalable Storage Infrastructures", these scaleable designs need to support mixed node types. This means nodes of varying disk capacity and processor types but still acting as one within the cluster. This is important because it allows for a rolling migration of storage nodes as equipment ages. Meaning that, over time, you can add new nodes with the latest processors and storage while at the same time gradually deactivating older nodes. This allows you to upgrade the cluster but not have to do a massive data migration, which, depending on the archive, may be almost impossible because of the capacity of the storage area.

The size of the disk component of this retention tier though should be kept at a reasonable level for what you need. Analytics (Big Data) will need to be larger because of the amount of data that needs to be scanned. Compliance and other forms of retention areas can have smaller disk areas but will still be large in comparison to primary storage. The fact that scale out systems can potentially scale to hundreds of nodes does not mean that you want to power, cool, and protect hundreds of nodes. At some point, and I know the disk guys won't like this, you really do need to push to tape. In the past, I have advocated for a disk only repository but LTFS in large part changes all that. I’ll explain why and how to use tape in this 100 year retention strategy in our next entry.

Follow Storage Switzerland on Twitter

George Crump is lead analyst of Storage Switzerland, an IT analyst firm focused on the storage and virtualization segments. Storage Switzerland's disclosure statement.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-6090
Published: 2015-04-27
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) DataMappingEditorCommands, (2) DatastoreEditorCommands, and (3) IEGEditorCommands servlets in IBM Curam Social Program Management (SPM) 5.2 SP6 before EP6, 6.0 SP2 before EP26, 6.0.3 before 6.0.3.0 iFix8, 6.0.4 before 6.0.4.5 iFix...

CVE-2014-6092
Published: 2015-04-27
IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4 before 6.0.4.6, and 6.0.5 before 6.0.5.6 requires failed-login handling for web-service accounts to have the same lockout policy as for standard user accounts, which makes it easier for remote attackers to cause...

CVE-2015-0113
Published: 2015-04-27
The Jazz help system in IBM Rational Collaborative Lifecycle Management 4.0 through 5.0.2, Rational Quality Manager 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Team Concert 4.0 through 4.0.7 and 5.0 through 5.0.2, Rational Requirements Composer 4.0 through 4.0.7, Rational DOORS Next Generation...

CVE-2015-0174
Published: 2015-04-27
The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.5 does not properly handle configuration data, which allows remote authenticated users to obtain sensitive information via unspecified vectors.

CVE-2015-0175
Published: 2015-04-27
IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before 8.5.5.5 does not properly implement authData elements, which allows remote authenticated users to gain privileges via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.