Data Integration Blog

There’s an insightful article by Mike Karp on ILM (information lifecycle managememnt) and the six steps of implementing a successful and efficient policy on data storage, verification, classification and management. Mike identifies the following steps to follow to ensure your ILM efficiency:
Stage 1. Preliminary
1) Determine whether your company’s data is answerable to regulatory demands.
2) Determine whether your company uses its storage in an optimal manner.

Stage 2. Identifying file type, users accessing the data and key words used.
1) Make a list of regulatory requirements that may apply. Get this from your legal department or compliance office.
2) Define stakeholder needs. You must understand what users need and what they consider to be nonnegotiable.
3) Third, verify the data life cycles. Verify the value change for each life cycle with at least two other sources, a second source within the department that owns the data (if that is politically impossible, raise the issue through management), and someone familiar with the potential legal issues.
4) Define success criteria and get them widely accepted.

Stage 3. Classification (aligning your stakeholders’ business requirements to the IT infrastructure).
0) Identifying the business value of each type of data object, i.e. understanding three things: what kind of data you are dealing with, who will be using it and what its keywords are.
1) Create classification rules.
2) Build retention policies.

When you engage with the vendors, make sure to understand their products’ capabilities in each of the following areas:
* Ability to tag files as compliant for each required regulation.
* Data classification.
* Data deduplication.
* Disaster recovery and business continuity.
* Discovery of compliance-answerable files across Windows, Linux, Unix and any other operating systems you may have.
* Fully automated file migration based on locally set migration policies.
* Integration with backup, recovery and archiving solutions already on-site.
* Searching (both tag-based and other metadata-based).
* Security (access control, identity management and encryption).
* Security (antivirus).
* Set policies to move files to appropriate storage devices (content-addressed storage, WORM tape).
* Finding and tagging outdated, unused and unwanted files for demotion to a lower storage tier.
* Tracking access to and lineage of objects through their life cycle.

Finally, when you know your vendor, you can look for solutions to automate the needed processes and phase-in.

See full article for more details.

You are at the stage where you’ve already realized that your company lives and thrives on data (research, development data, customer private data, contact list, spreadsheets and tables etc.). You work so hard and do everything you can to keep your data clean and consolidated, and once you finally have the system that delivers quality at hand, you realize that your data isn’t exactly safe. Bummer! Today, when information is as valuable as it is and companies cannot afford having it stolen, lost or disclosed, information security becomes the critical element and basically the driving force in most business processes.

All potential threats can be divided into external or internal ones. External threats include unauthorized programs (such as worms, Trojan viruses, spy-programs, etc.), and there is really no universal solution that would protect your company from all types of threats, that’s why there are so many specialized tools taking care of each particular problem. These can be efficient, I’ll have to admit. However, it’s the internal threats that usually make companies most vulnerable. And two of the most probable scenarios of information security violation are 1) the deliberate theft of confidential data by authorized users (or so called insiders) and 2) unintentional leak that can be caused by a number of factors (lack of awareness about company’s security policies, for instance).

When creating an information security system, developers try to extend its functional to the maximum so as it would ensure extensive protection. Even operation systems today contain security functions designed to increase the enterprise’s safety level. But this “universality” is unacceptable when speaking of valuable data. A universal security system becomes useless in corporate networks where internal threats (whether intentional or not) prevail.

A recent Forrester survey of 305 security and email professionals revealed some scary but realistic statistics:
1 in 3 companies investigated a breach of confidential data last year.
1 in 4 companies experienced an “embarrassing” leak of confidential information.
1 in 5 emails contains a legal, financial or regulatory risk.

Ways out? Again, a global approach. This article on EbizQ.net suggests Data Loss Prevention (DLP) technologies as a way of securing your most valuable asset and creating transparency by enabling companies to monitor and track the whole data flow. Transparency is good. Transparency is good everywhere actually. Come to think of it, transparency is the key to creating a healthy and productive environment. Even in data integration systems, transparency is a neccessity, allowing you to see where your sensitive data is going, how it’s being transformed and saved and howsecure it is during these transactions. Transparency is another global asset that needs to be integrated into the corporate system o values. You could say, of course, that transparency is just another vague notion (like total security and clean data), perfection hard to achieve, especially for the old market players with set processes. Hard, yes, but not impossible. It’s something to go for. In the end, when your transparency efforts deliver security, it’s your company that will benefit.

So, looks like get transparency equals get security.

p.s. keep in mind, like with anything that has to do with data cleansing, integration and migration, technology usually comes in more handy and much cheaper than employees’ training!