If you think backing up files and software to a storage device or to the cloud will automatically preserve and protect them (and your organization), think again. Data storage and management experts discuss what steps you need to take to properly manage and store data -- and why just backing up data is not enough.

By Jennifer Lonoff Schiff

When it comes to storing data, there is no 'one-size-fits-all solution. Before you decide where or how you will store your structured and unstructured data, companies first need to understand the amount and type of data they have along with the motivation behind storing the information. Having this background will help determine what route to take, whether building on-premise solutions or moving to the cloud. or some combination of the two.

So how do you formulate that sound data storage management strategy? CIO.com asked dozens of storage and data management experts, which resulted in these top 14 suggestions regarding what steps you need to take to choose the right data storage solution(s) for your organization -- and how you can better ensure your data is properly protected and retrievable.

1. Know your data. All data is not created equal -- and understanding the business value of data is critical for defining the storage strategy. So when formulating your data storage management policy, ask the following questions: 

  • How soon do I need the data back if lost?

  • How fast do I need to access the data?

  • How long do I need to retain data?

  • How secure does it need to be?

  • What regulatory requirements need to be adhered to?

2. Don't neglect unstructured data. Think about how you might want to combine multi-structured data from your transactional systems with semi-structured or unstructured data from your email servers, network file systems, etc.. Make sure that the data management platform you choose will let you combine all these types without months or years of data modeling effort.

3. Understand your compliance needs. If you are a publicly traded company or operating within a highly regulated industry such as financial services or healthcare, the bar has been set high for compliance and security.

If you choose to outsource your data storage and management, ensure that your managed services provider has the credentials needed to provide a highly secure, compliant environment. Failure to operate in total compliance may lead to severe penalties later.

4. Establish a data retention policy. Setting the right data retention policies is a necessity for both internal data governance and legal compliance. Some of your data must be retained for many years, while other data may only be needed for days.

When setting up processes, identify the organization's most important data and prioritize storage management resources appropriately. For example, email may be a company's top priority, but storing and archiving email data for one particular group, say the executives, may be more critical than other groups. Make sure these priorities are set so data management resources can be focused on the most important tasks.

5. Look for a solution that fits your data, not the other way around. Many think the only choice to make is whether they need DAS, a SAN or a NAS. These are important choices, but they are insufficient. While a Fibre Channel SAN may be great for doing a lot of low latency read/write operations on a fairly structured database, it's not typically designed to do well on spikey unstructured video workloads. So instead of selecting a one-size-fits-all strategy, smarter buyers are now considering the workload characteristics and picking the right storage strategy for the job.

Similarly, look for a solution that provides the flexibility to choose where data is stored: on premise and/or in the cloud. The solution should allow you to leverage existing investments in data platforms such as network shares and SharePoint.

And if like many businesses these days you have a mobile workforce, the data management and storage solution you choose should be optimized for mobile and virtual platforms, in addition to desktops and laptops -- and provide a consistent experience across any platform, including mobile editing capabilities and intuitive experience across mobile devices, virtual desktops or desktops.

6. Don't let upfront costs dictate your decision. The real cost of storage comes from operating the solution over several years. So make sure you really understand your operating costs [or total cost of ownership]: personnel, third-party support, monitoring, even the chance you'll lose data, which certainly carries a cost. These all quickly dwarf the upfront costs to purchase and deploy.

Many users buy storage (systems or services) because of large initial discounts or they neglect to think through the costs of their chosen storage years down the road.

Factoring in scalability, technology refresh, and operating costs like power, administration, floor space and support renewal over time can make a big difference in the storage acquired. Considering the long-run implications of these storage characteristics and purchasing the storage that provides the best total cost of ownership over time reduces the chance that long-run costs will far exceed the short-term discounts.

7. Use a tiered storage approach. Save money by only using your fastest storage, like SSD, for data that you actively use, and utilize less expensive platforms, like the cloud, to store your archival or backup data. Make sure your systems can utilize different storage tiers so as the performance needs of an application change, you don't need to re-architect [it].

8. Know your clouds. All storage clouds are not created equal. Some clouds are optimized to handle archiving, others have the performance and stability to act as the back end for a primary data storage system, and still others aren't worth the risk for any purpose. The lowest price cloud may end up being much more expensive in the long run if data is lost or inaccessible.

9. Carefully vet storage providers. There are many viable storage solutions in the marketplace that will meet your requirements. Choose a storage provider who has excellent technical support and also an attentive account team. When problems arise within the storage network, they typically have a big impact to your organization. Your ability to resolve these problems timely will be critical to your success.

It's also important to make a list of everything you want your data protection solution to do -- and ask vendors how much of the list they can cover. Organizations looking for storage providers should pay close attention to capacity, performance, availability and fault tolerance. It is also important to seek out providers who offer innovative features such as thin provisioning, tiering and deduplication.

Finally, you need to remember that you cannot transfer all risk related to [your] data simply by storing it at a third-party facility. The organization is ultimately responsible for its data. This responsibility includes performing due diligence not only during procurement, but through the lifecycle of the vendor relationship. It also means if the worst scenario were to happen, you need to have the appropriate contract in place to cover the cost of the breach.

10. Don't store redundant data. Many companies do not have a plan on storage. Instead, they tend to capture and store redundant data. This used to be a less of a problem when disk was expensive; companies were much more careful to plan what to store. But with capacity being more reasonably priced, the tendency is to store everything. The problem is identifying what is valid and what is dated as well as database performance. So before storing data, analyze it and pick your most reliable source, deleting copies.

11. Make sure your data is secure. When managing data within any IT environment, security has to be the first priority. Security comes two-fold: the data has to be secure both virtually and physically. The data also needs to be encrypted so it cannot be read or used by unscrupulous third parties if it ever falls out of possession or is hacked (which does happen). In addition, backing up encrypted data to tape and housing it in a secure outside location, so that in the event of an emergency or natural disaster, the data and enterprise system can be recreated.

12. Leverage technologies that use deduplication, snapshotting and cloning. This can save you a fair amount of space, while giving you version control of your data. Some of the more recent file systems like ZFS do all of this and are open source. But commercial products like NetApp have been doing it for years. SAN snapshots can now be converted into backups that IT can store offsite, which enables IT to back up the environment several times an hour instead of just once a day.

13. Make sure you can find the data you need once it's been stored. Being able to easily search your electronically stored data and provide accurate results instantly is critical to getting the most out of your data on a daily basis and in urgent situations, such as when your data is needed for litigation. After all, if you can't find the right data when you need it, what's the point of archiving your data at all?

14. Have a disaster recovery plan -- and constantly test. It's all about recovery. All the backups in the world cannot save you if you can't recover your data. So whichever method or methods of backup you use, be sure to test them -- and not just once a year or once a month. 

Do random recoveries each week. Do disaster recovery testing and audit your data pools periodically, so you can be sure you can recover your data.

Always remember the 3-2-1 rule. Maintain at least three copies of anything you care about in at least two different formats, with at least one of them being offsite.

Source: CIO.com