The latest report by Gartner indicates that ILM market has established credibility and has reached its launch pad and is beginning to take off. We are happy to note that our market share had indeed doubled since the last Gartner report. The growth we are seeing since 2004 when Solix EDMS was initially launched, is quite spectacular. All signs indicate that the market is primed for the hockey stick growth.

• Best estimates are that all ILM vendors together have captured less than 1% of the worldwide market and databases are growing in number and size. The opportunity for all data management vendors, therefore, is huge and growing.
• Software vendors are stopping development of application-specific data management solutions as their customers are rejecting in favor of a strategy of having a single data management tool set that works across all applications, operating systems and databases across the Enterprise.

The economy, however, is having a major effect on this otherwise optimistic situation. While prospects are very interested in the ILM product and in theory have the budget to buy, often they are having problems getting that money released as companies are deferring their spending.

However, the new economy demands new strategies. We have been experimenting on around a new pay-as-you-go, pricing model designed to help prospects get our tools without having to fund the full licensing cost up front. The results are indeed encouraging. The disadvantage of this is that we only realize part of the income from each sale up front, with the rest coming in over the term of the agreement. While this hurts our immediate revenues, this can be very beneficial to prospects who are looking to acquire the solution but unable to because of tight economic conditions.

None of us know how bad the present recession will last. But it is comforting to realize that even in the worst worldwide depression of modern history, the Great Depression of the 1930s, companies that are innovative not only survived but prospered. Solix will now be the first vendor in ILM space to offer subscription based pricing. We can now say to organizations who need Enterprise data management tools but are having problems getting the budget allocated to buy the product outright, “Talk to us. We have the flexible pricing plan to help you.”

I am sure you are thinking, ‘What is this guy talking about? eDiscovery is not milk or fruit…. What is this organic eDiscovery stuff?’

Wherever I go these days, people seem to be talking about eDiscovery. Certainly every email archiving company talks about it. But truly, none of them have a complete solution that can span across all enterprise data — text, images, spreadsheets, documents, audio files, animation, Website and computer programs, across desktops, servers and across network; and I have yet to see a single solution that can handle structured data. Yet this data is very important to enterprise-wide searches; for instance to answer discovery in civil torts. Any eDiscovery solution that cannot examine the data in the organization’s databases leaves you only half-covered, like going to the court without your trousers.

Now you see where I am going with organic eDiscovery. The challenges are daunting. Before you can deploy a search across all enterprise applications, you have to understand all enterprise data. Typically, according to Gartner, Forrester, etc., IT maintains six copies of each production application database to cover testing, training, and development along with, of course, actual production and backup. Obviously search speed can be boosted dramatically by ignoring these copies, particularly since important subsets of the data in most of them should be masked anyhow. So once you understand the duplicate copies, you can optimize the overall search.

Now that we agree that data in enterprise apps need to be searched and that we need to ignore all the duplicate data; the next question is how do you search these very complex databases, with their thousands of tables, multiple versions, patches, and lots of moving parts. First you need to collect each application’s metadata and this requires an enterprise metadata management tool. Most of these solutions, such as Solix Enterprise Data Management Suite(EDMS), include a central repository tool to manage all enterprise metadata and track changes with upgrades and patches. Deploying an enterprise data management solution not only helps in creating a leaner infrastructure, faster applications and in controlling cost of storage, but also becomes the foundation for deploying a true enterprise-wide search/eDiscovery solution.

We just announced our integration with Oracle Universal Online Archive (UOA) to provide document, email, and application data management. This integration lays the foundation to eventually deploy a eDiscovery solution that can span across all enterprise data. With billable rates for junior associates at many law firms now starting above $200 per hour, the cost to review can be enormous. Investing in building the foundation for eDiscovery for review faster and review less prepares the organization for this tight economy.

I hope to see you at our booth, # 2623, Moscone South, at Oracle Open World. Let us explain how Solix EDMS with Oracle UOA can provide the eDiscovery foundation for you.

After my last blog (CIO To Do List – The Challenge of Protecting Sensitive Data), we surveyed several CIOs on their management of test data. What we found is that many of those we talked do not seem to appreciate the immense risk that test data taken from live databases could fall into the wrong hands and reveal competitive secrets to competitors and others, severely damaging their organization’s position in the marketplace.

The initial response of most CIOs we contacted is that they are aware of the danger of test data exposing sensitive information, and their staff is doing an adequate job of protecting that data. However, when asked what data they consider sensitive, few mention competitive information. And none of them were able to explain how their staff monitor test processes to ensure security and privacy of sensitive data. And they had no answer to the question of how they ensure their IT staff doesn’t misuse their data access privileges.

The focus of almost everyone contacted is on the legal implications of losing Social Security or credit card numbers and similar personal identity information of their customers. Of course these issues have been almost constantly in the news for several years, and companies and government agencies have gotten black eyes when someone gets careless with a laptop holding parts of their customer database. As a result, most CIOs seem to think that all they have to do is mask a few key fields in their test databases and end up masking few sensitive fields. This might meet specific legal requirements, but it does nothing to protect vital competitive secrets.

However, when asked about competitive information such as bill of materials, price lists, or discounts, almost all agreed that they were not doing enough to address the security of this data. What bothers me most is that most of those we talked don’t seem to realize that the loss of this information can damage their businesses at least as much as the loss of a customer database. And this information is commonly included in test databases. Imagine your company going into a competitive bid against a competitor who knows exactly how much of a discount you will offer the customer. And that is just one scenario. A leak of employee information could let a competitor raid your company for its top producers; manufacturing methodologies could be very valuable to a foreign competitor who wants to raid your markets; drug discovery information can be worth hundreds of millions of dollars. The list goes on. You could be losing vital information, putting company at a serious disadvantage in the marketplace, and have no way to figure out what was lost, what its business value is, or where the leak is. In fact, few companies even have systems in place to monitor how test data is used, who handles it, and whether and under what conditions it is shared with vendors and outside contractors.

And in some cases the exposure may reach far beyond the test data itself, into the heart of the company. If the test data comes from a system that is integrated with the corporate ERP, CRM, or financial solution, it could conceivably contain the security keys supporting that connection. If so, it could become an open door into those systems that any competent competitor could use either to extract copies of production data or, worse, to introduce false data.

And the risk is not just that outsiders such as vendors may get this data. Who watches the internal IT people who have access to this data? For instance, test data extracted from corporate HR could easily give IT employees – and employees of contractors who often also have unrestricted access to test databases – accesses to information that should not be allowed out of HR. Yes the names are redacted, but that doesn’t even begin to answer the security issues involved. Just the rumors that could start – that have started from this one scenario – are the stuff of nightmares.

The bottom line: The data security problem involved with test data is immense; few organizations appreciate the magnitude of the problem; and masking a few fields in production data does not even begin to address the problem. This is a comprehensive data security issue.

As a result, we are announcing a Data Privacy pack for Oracle applications starting at $25K. This provides a comprehensive solution that can extend to multiple environments at a starting price point. We firmly believe that CIOs need to address the test data security issue immediately and that this product will put them far ahead at a low cost in both money and time.

One day, God appeared before a CIO and said, “Dear CIO, you have been a wonderful person. I am pleased with you, and I would like to grant you three wishes.”

Naturally, the CIO was very pleased. After some thought, and being a modest person at heart, he said, “Lord, my aspirations are not huge. I would be very happy and bless Your name forever if You could fill these three wishes:

1. I want a bigger home.
2. I am planning a family vacation and need vacation money. And,
3. I want my family to be happy.”

“These are very reasonable wishes,” God said. “I will be happy to grant them.”

God then magically created red and green garbage bags and handed them to the CIO, saying:

“Go forth and examine each of your household items. Put everything that you have not used for the last three years and don’t need in the Red Garbage Bag, and put everything that you have not used for the last three years but might need again in the Green Garbage Bag.”

And the CIO went forth and did as God commanded. He examined each and every item in his house and collected all those items his family had not used in three years into the Red and Green Garbage Bags. Once that was done, God appeared again and said, “Take the items in the Green Garbage Bag and place them in the garage for inexpensive storage. But the items in the Red Garbage Bag, sell them on eBay.”

And the CIO went forth and did as God commanded. Then God said, “Look ye at thy house.” And the CIO looked and found that his house seemed larger and cleaner with less number of things in his house.

And God said, “Take the money from the items sold and use that for your vacation.” And the CIO was happy.

Then God said, “And to fulfill your third wish, go and show your wife and your children what has been wrought.” And the CIO went to his wife and children and said, “Behold, for the Lord has worked a miracle. Our house has more room, and we have money for our vacation.” And his wife and children rejoiced. And the CIO praised God for granting his wishes. And it was the seventh day, and the CIO rested from his labors.

And on Monday the CIO returned to his data center and looked around. And behold, he realized that he wanted a larger data center, and he wanted money to give a bonus to his employees, and he wanted his employees to be happy. And he realized that as he had done at home, so should he do at work. So he called together his executive team and said unto them, “Go through our data center and our IT environment and identify every item we have not used in the last three years, both physical and logical items. And tag those items that we might need again with a green tag and those items we will not need with a red tag.”

And the executive team went forth, but they found that the data center had so many applications that no one knew what many of them were doing or which might be needed and which might not. And so they came back to him and said, “Verily we have struggled mightily with this task, but we are not able to complete it, for we cannot be sure which applications we need and which applications we do not.”

So the CIO retired into his sanctum and prayed to God, saying, “Lord, as at home, so at work; I wish to apply Thy Divine Wisdom to make my data center larger, raise money for things we need, and boost morale. But we cannot tell the sheep from the goats, the applications we need from the applications we do not. We need help!”

And the Lord harkened to the plea of His servant and said, “Check ye with www.solix.com and ask them for their help, for behold, Solix EDMS can help thee understand enterprise applications, and sunset older applications and systems while retaining the data through the miracle of XML data archiving.”

And the CIO called his team together and told them what God had said. And the team rejoiced and used Solix EDMS to:

• Reduce infrastructure, making space for new systems without additional space, power or cooling requirements;
• Save bottom line expenses, which provided money for a bonus for the entire team;
• Increase team morale by eliminating aging, increasingly problematic systems and streamlining work routines throughout the organization.

The moral of the story: We are often so forward-looking in IT that we seldom look back at what we have accumulated over the years. When we do, we are surprised at what we find in our data centers that is taking up valuable space, power, cooling, and staff attention. This often includes collections of old applications that have been superseded by newer solutions but never shut down or that have lost their purpose to changing business needs. Sunsetting older applications and systems is a well recognized good practice that is too seldom followed, in part because manually analyzing all those applications to find the candidates for sunsetting and then manually archiving the data just in case it is needed again is labor intensive and expensive. However, Solix EDMS can automate the process by running data analytics across all enterprise applications and databases to discover those that are not being accessed or updated. Once you understand all your data, you can identify candidates for application sunsetting and data archiving, creating the basis for a more agile infrastructure and for scaling the platform to support e-discovery, data quality improvement and business intelligence.

Earlier this month an anonymous hacker posted files containing personal data on 6 million residents of Chile on Fayerwayer.com, a popular Chilean technology blog. The three compressed files posted by the hacker, who calls himself “Anonymous Coward,” were apparently stolen from a Chilean government agency and included names, addresses, telephone numbers and taxpayer identification numbers, everything a cybercriminal needs to steal their identities.

At the same time, the Hannaford Bros. supermarket chain, located in the Northeast United States, announced that a data breach may have revealed 4 million customer credit and debit card numbers to criminals.

These are just the latest in a long list of data breaches that have exposed customers and taxpayers to identity theft . While businesses would rather keep such incidents private, in the United States and many other nations they are required to publicly disclose data security breaches.

These breaches are much more than an embarrassment. Last October the Ponemon Institute in Tucson, Ariz., found that data theft cost companies $5 million to $50 million per breach. The average total recovery costs were $140 per lost customer record. And this does not include possible lost business due to the damage to the organization’s reputation, which are very hard to quantify. Nor does it include the impact on stock performance. Researchers at Emory University’s Zymand School of Brand Science found that the average stock value fell 0.63% to 2.1% when a company announced a breach.

Addressing the issue
Despite these high costs, many organizations are not taking adequate precautions to address this issue. A survey conducted by Forrester Consulting for the RSA entitled “The State of Data Security in North America” reveals that many businesses are still in a ‘reactive mode’ when deploying data security measures and often struggle with the challenge of creating and implementing planned strategies for data loss prevention. Many businesses still fail to understand the extent, possible impact, and danger of this mammoth problem. IT organizations focused on “putting out fires” and on other threats are not allocating budgets to solve it. For instance, according to blogger-in-chief John Soat, it is still not in the CIO - Top Ten list to do. And often the attitude is that data security is strong in the organization, so it can’t happen here. What they miss is that the organizations that are reporting data theft also had strong firewalls, modern encryption, and updated digital intrusion detection.

So if those organizations had strong security, where is the breach happening? First, the bulk of the confidential information stolen — customer data, employee data, financial information, intellectual property or competitive information – is stored in ERP applications (e.g., Oracle, SAP, Peoplesoft, JD Edwards). These production applications have very strong built-in security, and they are seldom the source of the problem. Too often the problem lies in lax test data management processes that support application development, QA, and test. Test Data Management copies typically are full copies of a production database with no masking of sensitive personal data. They are accessed legitimately by internal developers, consultants, and outsourced developers. All the hacker has to do is get a job in development, carry a key chain USB memory device to work, and walk out the door with a copy of the development database. He doesn’t care if the database is the latest version, even if some data has changed, there is often enough good information to make him rich. And because he has legitimate access, the company may not even know that a breach has taken place until customers start seeing their bank and credit card accounts being drained.

So what can companies do to protect themselves from this major open door in their organizations? Fortunately, Secure Test and Development allow masks sensitive customer data in development databases without destroying their usefulness. Further controls can be realized by monitoring the cloning log via active data auditing, with real-time alerts being sent when suspicious activity is detected.

Securing test and development copies is a vital first step in building data security for the enterprise. Installing a Secure Cloning solution, along with strong personnel policies, can greatly decrease the organization’s exposure and, if a data breach does occur, can demonstrate that the company did make good faith best efforts to secure the data of its customers should it end up in a lawsuit like TJX.