News
6/3/2011
12:08 PM
George Crump
George Crump
Commentary
50%
50%

How To Design A 100 Year Data Retention Strategy

A cost effective hardware strategy is only the first step, a process and software strategy is vital to identifying for retention and moving it from primary storage.

100 years is a long time to retain anything let alone electronic data. While not everyone needs to retain data for that long, most organizations have retention needs at least in the seven to 10 year range. Most modern storage systems, however, are not designed to last more than five years, so how to create a storage strategy that can retain data for more than a century?

There are two components to a 100-year retention strategy. The first is to develop a hardware strategy that can cost effectively store that data for the next 100 years. The second is to develop a software and process strategy that will identify and move data to the retention storage area, ideally removing it from primary storage. I believe we need to be driving toward a data center where primary storage is small, fast, and only used for the most active set of data. Even at today's prices, many environments could be solid-state storage only for their primary tier.

I am specifically avoiding calling this storage area an archive tier. Using the term archive implies that this data will be moved to the archive, never to be accessed again. Thanks to initiatives like analytics, litigation management, and compliance, this data will be accessed and the system needs to be able to deliver that data in a timely manner relative to its age and no matter what all the data needs to be easily found.

This does not mean though that the disk tier needs to be disk only. I struggle with how organizations are going to afford to be able to keep 100 years of data on spinning disk. I don’t think all the power management and deduplication in the world is not going to make 100 years of disk only retention a reality. Additionally tape has overcome some of its challenges when it comes to use as a long term archive specifically in the form of the Long Term File System (LTFS) as we discuss in our article "What is LTFS?". The answer for the retention storage area is going to be a mixture of tape and disk.

The disk component needs to be a scaleable infrastructure where nodes of storage can be added to the disk area. More importantly, as we describe in our recent article "Building Affordable, Scalable Storage Infrastructures", these scaleable designs need to support mixed node types. This means nodes of varying disk capacity and processor types but still acting as one within the cluster. This is important because it allows for a rolling migration of storage nodes as equipment ages. Meaning that, over time, you can add new nodes with the latest processors and storage while at the same time gradually deactivating older nodes. This allows you to upgrade the cluster but not have to do a massive data migration, which, depending on the archive, may be almost impossible because of the capacity of the storage area.

The size of the disk component of this retention tier though should be kept at a reasonable level for what you need. Analytics (Big Data) will need to be larger because of the amount of data that needs to be scanned. Compliance and other forms of retention areas can have smaller disk areas but will still be large in comparison to primary storage. The fact that scale out systems can potentially scale to hundreds of nodes does not mean that you want to power, cool, and protect hundreds of nodes. At some point, and I know the disk guys won't like this, you really do need to push to tape. In the past, I have advocated for a disk only repository but LTFS in large part changes all that. I’ll explain why and how to use tape in this 100 year retention strategy in our next entry.

Follow Storage Switzerland on Twitter

George Crump is lead analyst of Storage Switzerland, an IT analyst firm focused on the storage and virtualization segments. Storage Switzerland's disclosure statement.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
10 Recommendations for Outsourcing Security
10 Recommendations for Outsourcing Security
Enterprises today have a wide range of third-party options to help improve their defenses, including MSSPs, auditing and penetration testing, and DDoS protection. But are there situations in which a service provider might actually increase risk?
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-1291
Published: 2015-09-03
The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service (DOM tree corruption) via a web s...

CVE-2015-1292
Published: 2015-09-03
The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy by accessing a Service Worker.

CVE-2015-1293
Published: 2015-09-03
The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

CVE-2015-1294
Published: 2015-09-03
Use-after-free vulnerability in the SkMatrix::invertNonIdentity function in core/SkMatrix.cpp in Skia, as used in Google Chrome before 45.0.2454.85, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering the use of matrix elements that lead to an...

CVE-2015-1295
Published: 2015-09-03
Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/print_web_view_helper.cc in Google Chrome before 45.0.2454.85 allow user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact by triggering nested IPC m...

Dark Reading Radio
Archived Dark Reading Radio
Another Black Hat is in the books and Dark Reading was there. Join the editors as they share their top stories, biggest lessons, and best conversations from the premier security conference.