Infinite data retention means infinite waste & inefficient ediscovery
Symantec Corp today released the findings of its 2010 Information Management Health Check Survey. This finds that a majority of enterprises are not following their own advice when it comes to information management. 87% of respondents believe in the value of a formal information retention plan, but only 46% actually have one. Survey results also found that too many enterprises save information indefinitely instead of implementing policies that allow them to confidently delete unimportant data or records, and therefore suffer from rampant storage growth, unsustainable backup windows, increased litigation risk and expensive and inefficient discovery processes.
“Infinite data retention results in infinite waste. Enterprises see the value of a solid information management plan, but too many still follow the outdated practice of keeping everything forever,” said Brian Dye, vice president of product management, Information Management Group, Symantec. “The sheer volume of data is growing exponentially, so trying to keep everything consumes large amounts of storage space and demands too much of IT's resources. As a result, businesses spend far more time and money on the negative consequences of poor information management and discovery practices than they would by working to change them.”
• Gap between enterprise information management goals and practice. Most enterprises (87&) believe a proper information retention strategy should allow them to delete unnecessary information. However, less than half (46%) actually have a formal information retention plan in place.
• Enterprises are retaining far too much information. 75% of backup storage consists of infinite retention or legal hold backup sets. Respondents also stated that 25% of the data they back up is not needed for business or should not be kept in a backup.
• Enterprises are misusing backup, recovery and archiving practices. 70% of enterprises use their backup software to implement legal holds and 25% preserve the entire backup set indefinitely. Respondents said 45% of backup storage comes from legal holds alone. In addition, enterprises cited that, on average, 40% of information placed on legal hold is not specifically relevant for that litigation. Using archiving and backup together provides immediate access to the most pertinent information while allowing enterprises to retain less.
• Nearly half of the enterprises surveyed are improperly using their backup and recovery software for archiving. Additionally, while 51% prohibit employees from creating their own archives on their local machines and shared drives, 65% admit that employees routinely do so anyway.
• Differences in how IT and legal respondents cited top issues for lack of an information retention plan. 41% of IT administrators don’t see a need for a plan, 30% said no one is chartered with that responsibility, and 29% cited cost. Legal cited the top issues as cost (58%), lack of expertise to build a plan (48%), and no one chartered with the responsibility (40%).
Symantec make the following recommendations…
• Enterprises need to regain control of their information. The costs of waiting for the perfect plan are far outweighed by the benefits of being proactive.
• Backup is not an archive, and it is not recommended to use backup for archiving and legal holds. Enterprises should retain a few weeks of backup (30 – 60 days) and then delete or archive data in an automated way thereafter.
• By using backup only for short-term and disaster recovery purposes, enterprises can backup and recover faster while deleting older backup sets within months instead of years. That’s a huge amount of storage that can be confidently deleted or archived for long-term storage.
• Implement deduplication everywhere within applications and within a backup environment. Enterprises that deploy deduplication as close to the information sources as possible free network, server and storage resources. When deduplication is combined with shorter retention periods, enterprises enable tapeless disaster recovery via replication for better SLA.
• Enterprises should also develop and enforce information retention policies (what can and cannot be deleted, and when) automatically. Automated, policy-driven deletion creates less risk than ad-hoc, manual deletion. The 46% of respondents that have a retention policy should consider taking immediate steps to begin executing those policies. Paper policies that are not executed can be a litigation risk.
• Use a full-featured archive system to make discovery as efficient as possible. Companies can then search for information more quickly – and with more granularity than they would in a backup environment. This will reduce the time and cost it takes to evaluate litigation risk, resolve internal investigations and respond to compliance events.
• Enterprises should deploy data loss prevention technologies to measurably reduce their risk of data breaches, demonstrate regulatory compliance and safeguard their customers, brand and intellectual property. IT administrators should look for a solution that discovers, monitors and protects confidential data while providing insight into the ownership and usage of information.
The survey was conducted in June 2010 and is based on responses from 1,680 senior IT and legal executives in 26 countries.