One day, God appeared before a CIO and said, “Dear CIO, you have been a wonderful person. I am pleased with you, and I would like to grant you three wishes.”

Naturally, the CIO was very pleased. After some thought, and being a modest person at heart, he said, “Lord, my aspirations are not huge. I would be very happy and bless Your name forever if You could fill these three wishes:

1. I want a bigger home.
2. I am planning a family vacation and need vacation money. And,
3. I want my family to be happy.”

“These are very reasonable wishes,” God said. “I will be happy to grant them.”

God then magically created red and green garbage bags and handed them to the CIO, saying:

“Go forth and examine each of your household items. Put everything that you have not used for the last three years and don’t need in the Red Garbage Bag, and put everything that you have not used for the last three years but might need again in the Green Garbage Bag.”

And the CIO went forth and did as God commanded. He examined each and every item in his house and collected all those items his family had not used in three years into the Red and Green Garbage Bags. Once that was done, God appeared again and said, “Take the items in the Green Garbage Bag and place them in the garage for inexpensive storage. But the items in the Red Garbage Bag, sell them on eBay.”

And the CIO went forth and did as God commanded. Then God said, “Look ye at thy house.” And the CIO looked and found that his house seemed larger and cleaner with less number of things in his house.

And God said, “Take the money from the items sold and use that for your vacation.” And the CIO was happy.

Then God said, “And to fulfill your third wish, go and show your wife and your children what has been wrought.” And the CIO went to his wife and children and said, “Behold, for the Lord has worked a miracle. Our house has more room, and we have money for our vacation.” And his wife and children rejoiced. And the CIO praised God for granting his wishes. And it was the seventh day, and the CIO rested from his labors.

And on Monday the CIO returned to his data center and looked around. And behold, he realized that he wanted a larger data center, and he wanted money to give a bonus to his employees, and he wanted his employees to be happy. And he realized that as he had done at home, so should he do at work. So he called together his executive team and said unto them, “Go through our data center and our IT environment and identify every item we have not used in the last three years, both physical and logical items. And tag those items that we might need again with a green tag and those items we will not need with a red tag.”

And the executive team went forth, but they found that the data center had so many applications that no one knew what many of them were doing or which might be needed and which might not. And so they came back to him and said, “Verily we have struggled mightily with this task, but we are not able to complete it, for we cannot be sure which applications we need and which applications we do not.”

So the CIO retired into his sanctum and prayed to God, saying, “Lord, as at home, so at work; I wish to apply Thy Divine Wisdom to make my data center larger, raise money for things we need, and boost morale. But we cannot tell the sheep from the goats, the applications we need from the applications we do not. We need help!”

And the Lord harkened to the plea of His servant and said, “Check ye with www.solix.com and ask them for their help, for behold, Solix EDMS can help thee understand enterprise applications, and sunset older applications and systems while retaining the data through the miracle of XML data archiving.”

And the CIO called his team together and told them what God had said. And the team rejoiced and used Solix EDMS to:

• Reduce infrastructure, making space for new systems without additional space, power or cooling requirements;
• Save bottom line expenses, which provided money for a bonus for the entire team;
• Increase team morale by eliminating aging, increasingly problematic systems and streamlining work routines throughout the organization.

The moral of the story: We are often so forward-looking in IT that we seldom look back at what we have accumulated over the years. When we do, we are surprised at what we find in our data centers that is taking up valuable space, power, cooling, and staff attention. This often includes collections of old applications that have been superseded by newer solutions but never shut down or that have lost their purpose to changing business needs. Sunsetting older applications and systems is a well recognized good practice that is too seldom followed, in part because manually analyzing all those applications to find the candidates for sunsetting and then manually archiving the data just in case it is needed again is labor intensive and expensive. However, Solix EDMS can automate the process by running data analytics across all enterprise applications and databases to discover those that are not being accessed or updated. Once you understand all your data, you can identify candidates for application sunsetting and data archiving, creating the basis for a more agile infrastructure and for scaling the platform to support e-discovery, data quality improvement and business intelligence.

Earlier this month an anonymous hacker posted files containing personal data on 6 million residents of Chile on Fayerwayer.com, a popular Chilean technology blog. The three compressed files posted by the hacker, who calls himself “Anonymous Coward,” were apparently stolen from a Chilean government agency and included names, addresses, telephone numbers and taxpayer identification numbers, everything a cybercriminal needs to steal their identities.

At the same time, the Hannaford Bros. supermarket chain, located in the Northeast United States, announced that a data breach may have revealed 4 million customer credit and debit card numbers to criminals.

These are just the latest in a long list of data breaches that have exposed customers and taxpayers to identity theft . While businesses would rather keep such incidents private, in the United States and many other nations they are required to publicly disclose data security breaches.

These breaches are much more than an embarrassment. Last October the Ponemon Institute in Tucson, Ariz., found that data theft cost companies $5 million to $50 million per breach. The average total recovery costs were $140 per lost customer record. And this does not include possible lost business due to the damage to the organization’s reputation, which are very hard to quantify. Nor does it include the impact on stock performance. Researchers at Emory University’s Zymand School of Brand Science found that the average stock value fell 0.63% to 2.1% when a company announced a breach.

Addressing the issue
Despite these high costs, many organizations are not taking adequate precautions to address this issue. A survey conducted by Forrester Consulting for the RSA entitled “The State of Data Security in North America” reveals that many businesses are still in a ‘reactive mode’ when deploying data security measures and often struggle with the challenge of creating and implementing planned strategies for data loss prevention. Many businesses still fail to understand the extent, possible impact, and danger of this mammoth problem. IT organizations focused on “putting out fires” and on other threats are not allocating budgets to solve it. For instance, according to blogger-in-chief John Soat, it is still not in the CIO – Top Ten list to do. And often the attitude is that data security is strong in the organization, so it can’t happen here. What they miss is that the organizations that are reporting data theft also had strong firewalls, modern encryption, and updated digital intrusion detection.

So if those organizations had strong security, where is the breach happening? First, the bulk of the confidential information stolen — customer data, employee data, financial information, intellectual property or competitive information – is stored in ERP applications (e.g., Oracle, SAP, Peoplesoft, JD Edwards). These production applications have very strong built-in security, and they are seldom the source of the problem. Too often the problem lies in lax test data management processes that support application development, QA, and test. Test Data Management copies typically are full copies of a production database with no masking of sensitive personal data. They are accessed legitimately by internal developers, consultants, and outsourced developers. All the hacker has to do is get a job in development, carry a key chain USB memory device to work, and walk out the door with a copy of the development database. He doesn’t care if the database is the latest version, even if some data has changed, there is often enough good information to make him rich. And because he has legitimate access, the company may not even know that a breach has taken place until customers start seeing their bank and credit card accounts being drained.

So what can companies do to protect themselves from this major open door in their organizations? Fortunately, Secure Test and Development allow masks sensitive customer data in development databases without destroying their usefulness. Further controls can be realized by monitoring the cloning log via active data auditing, with real-time alerts being sent when suspicious activity is detected.

Securing test and development copies is a vital first step in building data security for the enterprise. Installing a Secure Cloning solution, along with strong personnel policies, can greatly decrease the organization’s exposure and, if a data breach does occur, can demonstrate that the company did make good faith best efforts to secure the data of its customers should it end up in a lawsuit like TJX.

Last week, I flew from New York to North Carolina on Jetblue. My seat mate was a financial analyst who makes this trip weekly and was focused on his seat TV. He was curiously watching a television show on CNBC and something about South Africa. During a break he said he was a South African and was watching an interview about electricity rationing there, which started a discussion of conservation and economics.

Electricity rationing is becoming a trend worldwide. Brazil and Cuba now ration electricity, and New York and New Jersey are threatening to restrict power allotments for data centers. Anybody who does not think this is a world crisis should look back to 1973 and 1979, when the phrase “energy crisis” entered the English language. The parallels to today are striking: Oil prices are soaring, touching $118 a barrel recently. The dollar is weak; the political situation in Venezuela, a major oil supplier to the United States, is destabilizing; the United States is entangled in a seemingly endless war in the Middle East, the stock market is fading, and inflation is high (the price of food has doubled in the last year). But unlike the 1970s, when the economy was robust, today economic growth is slowing and the economy is threatened by the sub prime and credit card debt crises. The United States, with 5% of the world’s population, consumes 23% of the total energy produced in the world, far more per capita than any other country. That 5% of the world’s population has as much environmental impact than the 51% that live in the other five largest countries. And the cost of that energy, whether it is gasoline at the pump or electricity at the meter, is going up rapidly.

All of that suggests that enterprises need to focus on energy management both to find major savings in their operational budgets and to cut their carbon footprints, and that we are on the verge of seeing the appearance of Corporate Energy Officers in businesses. Organizations need to know their energy use, its cost over time, and how that energy is used and what it produces for the enterprise. And it needs to manage those costs and conserve energy wherever they can. IT can make a major contribution to this by embracing virtualization, ILM based tiered storage, Data Subsetting for Test/Dev instances, which reduces storage, consolidates the server population, cuts both power and cooling needs in the data center, and adds up to a significant drop on energy use. How significant? BT has cut 3,100 physical Wintel servers to 134 and eight data centers to three across the United Kingdom. This had a significant positive impact on the corporation’s bottom line and its carbon footprint, and improved its service to users, all while BT itself continued steady strong growth. It is time that we stop thinking of conservation as tree huggers versus business. The fact is that energy and carbon reduction are good business, and those who realize it now can position themselves to be the leaders in the next financial era.

Database archiving on a tiered storage architecture is moving onto center stage in this era of global warming, accelerating data storage demand, increasing energy costs, overcrowded physical data centers. From the archiving point-of-view, business data comes in three forms: structured data from formal databases, unstructured data from informal sources, and semi-structured (email) that contains unstructured content in a structured metadata wrapper. While this semi-structured data is claiming the greatest attention at present, structured data growth is accelerating as well, and from a data archiving standpoint it has its own important and often neglected issues.

Gartner estimates that 80% of the structured data in most enterprise data centers is inactive. Gartner also estimates that a staggering 50% of enterprise data centers worldwide will run out of power and cooling capacity this year (2008) due in part to the out-of-control growth of storage systems and subsystems. And experts estimate that growing energy costs will emerge as the second largest line item on 70% of enterprise IT operating budgets worldwide by next year (2009). Given that many IT organizations are entering their 2009 budget process now, and that pressures to “do more with less” are only increasing, data archiving is no longer an “ideal” or “visionary statement.” It is an immediate issue that must be addressed this year – in many cases immediately. And in the greater picture, scientists are issuing shrill warnings that if we do not cut our carbon load drastically; global warming will rise to disaster levels.

Inactive data occupies valuable Tier 1 and 2 disk spaces, an effect that is greatly multiplied by the database copies that proliferate in a large IT environment. It adds extra compute loads, decreasing performance, increases power use and heat loads, decreases the lifespan of primary processing systems, and forces premature migration to expensive, larger disk storage systems. It can have a marked effect on the lifespan of the physical data center, since most data centers are replaced or rebuilt because they have run out of space or power and cooling long before they are physically obsolete.

Conversely, archiving, which means moving the data to a lower tier in a multi-tier system (for instance to inexpensive SATA disks), and possibly to a secondary site accessed through the network, can decrease pressure on the data center dramatically, increase the life of primary processors and delay purchase of new high-performance storage. A comprehensive purging of the inactive data from all the secondary copies can have a dramatic positive effect on the data center and decrease litigation risk by removing information that might be used against the organization in court. Data that is completely inactive but needed for compliance can be removed to tape or un-powered disks kept off site.

This can delay or in some cases negate the need for major server and storage system upgrades, saving not only the hardware purchase price but also networking, power and cooling, server provisioning and administration, and disposal of old systems. It also has a dual positive impact on the environment by cutting both demand for energy that often is generated by burning coal, natural gas or petroleum, and delaying disposal of older systems, which often end up leaking various pollutants into ground water.

Most IT departments have no idea of the energy requirements of the various boxes in their data centers. This indicates that they have a major opportunity to reduce their energy use, and save on their operating budgets, by optimizing that energy use. The first step is to analyze and optimize the energy demands of each system. In many cases, data archiving will play a major role in such efforts. Thus, identifying archiving the huge volumes of inactive data in most environments is a green strategy in both senses of that word and can have a major positive impact on both the IT budget and the data center’s carbon footprint, a clear win for all concerned.