4 Secrets for Archiving Stale Data Efficiently

November 16, 2012

The mandate to every IT department these days seems to be: “do more with less.” The basic economic concept of scarcity is hitting home for many IT teams, not only in terms of headcount, but storage capacity as well. Teams are being asked to fit a constantly growing stockpile of data into an often-fixed storage infrastructure.

So what can we do given the constraints? The same thing we do when we see our own PC’s hard drive filling up – identify stale, unneeded data and archive or delete it to free up space and dodge the cost of adding new storage.

Stale Data: A Common Problem

A few weeks ago, I had the opportunity to attend VMWorld Barcelona, and talk to several storage admins. The great majority were concerned about finding an efficient way to identify and archive stale data. Unfortunately, most of the conversations ended with: “Yes, we have lots of stale data, but we don’t have a good way to deal with it.”

The problem is that most of the existing off-the-shelf solutions try to determine what is eligible for archiving based on a file’s “lastmodifieddate” attribute; but this method doesn’t yield accurate results and isn’t very efficient, either.

Why is this?

Automated processes like search indexers, backup tools, and anti-virus programs are known to update this attribute, but we’re only concerned with human user activity. The only way to know whether humans are modifying data is to track what they’re doing—i.e. gather an audit trail of access activity. What’s more, if you’re reliant on checking “lastmodifieddate” then, well, you have to actually check it. This means looking at every single file every time you do a crawl.

With unstructured data growing about 50% year over year and with about 70% of the data becoming stale within 90 days of its creation, the accurate identification of stale data not only represents a huge challenge, but also a massive opportunity to reduce costs.

4 Secrets for Archiving Stale Data Efficiently

In order for organizations to find an effective solution to help deal with stale data and comply with defensible disposition requirements, there are 4 secrets to efficiently identify and clean-up stale data:

1. The Right Metadata

In order to accurately and efficiently identify stale data, we need to have the right metadata – metadata that reflects the reality of our data, and that can answer questions accurately. It is not only important to know which data hasn’t been used in the last 3 months, but also to know who touched it last, who has access to it, and if it contains sensitive data. Correlating multiple metadata streams provides the appropriate context so storage admins can make smart, metadata-driven decisions about stale data.

2. An Audit Trail of Human User Activity

We need to understand the behavior of our users, how they access data, what data they access frequently, and what data is never touched. Rather than continually checking the “lastmodifieddate” attribute of every single data container or file, an audit trail gives you a list of known changes by human users. This audit trail is crucial for quick and accurate scans for stale data, but also proves vital for forensics, behavioral analysis, and help desk use cases (“Hey! Who deleted my file?”).

3. Granular Data Selection

All data is not created equally. HR data might have different archiving criteria than Finance data or Legal data. Each distinct data set might require a different set of rules, so it’s important to have as many axes to pivot on as possible. For example, you might need to select data based on its last access data as well as the sensitivity of the content (e.g., PII, PCI, HIPAA) or the profile of the users who use the data most often (C-level vs. help desk).

The capability to be granular when slicing and dicing data to determine, with confidence, which data will be affected (and how) with a specific operation will make storage pros lives much easier.

4. Automation

Lastly, there needs to be a way to automate data selection, archival, and deletion. Stale data identification cannot consume more IT resources; otherwise the storage savings diminish. As we mentioned at the start, IT is always trying to do more with less, and intelligent automation is the key. The ability to automatically identify and archive or delete stale data, based on metadata will make this a sustainable and efficient task that can save time and money.

Interested in how you can save time and money by using automation to turbocharge your stale data identification? Request a demo of the Varonis Data Transport Engine.

Related articles

Leave a Comment » | Application Hosting, Managed Service Hosting, Marketing | Tagged: , , , , , , , , , | Permalink
Posted by david ricketts

Richard Stiennon on Packet Capture

July 30, 2012

by David Gibson

About a decade ago I was fortunate enough to take a course at SANS on using Snort and tcpdump, taught by Stephen Northcutt, Judy Novak, and Marty Roesch. It was hands-down one of the best courses of any kind that I have ever taken and I’d recommend it for anyone remotely interested in network security. (Note to Stephen: It really works. I did actually jump up and down in my hotel room while reciting the tcp flags, and just like you said, I have never forgotten them).

I was reminded of my experience at SANS when I read the Forbes article by Richard Stiennon about the criticality of packet capture (Is Packet Capture Critical? Heck Yes.) Richard discusses how in the aftermath of the RSA breach, with an audit trail of network activity (and the attackers’ encryption keys), “They were able to de-crypt the network traffic they had recorded, leading to sure knowledge of the severity of the breach.”

Unfortunately, not all organizations have adopted fundamental auditing controls for critical infrastructure—network, file systems, email, etc. As an example, in our recent survey on the state of data protection, less than 20% of organizations claimed to monitor all access to critical collaboration infrastructure (File shares and SharePoint). Auditing activity (network and otherwise) represents an enormous opportunity for organizations to not only improve their response to a breach, but to better prevent them (or stop them in action) through automated analysis.

Being without an audit trail is like flying blind. Once I had learned to read and interpret network traffic, I never wanted to be without good auditing again. Not only is auditing an imperative for security, it is a pre-requisite for better management. For example, packet capture is critical for debugging or figuring out what the heck is eating up your bandwidth. On the data side, an audit trial helps figure out what data is active or stale, who (if anyone) is using it, and who it may belong to.

In IT and security, we will always have days where we ask, “What happened?” An audit trail and people that know how to read them are our only hope in being able to know what happened, and our only hope in learning how to prevent it from happening again.

For more information about Varonis please visit http://www.c24.co.uk

Related articles

Leave a Comment » | Application Hosting, Managed Service Hosting, Marketing | Tagged: , , , , , , | Permalink
Posted by david ricketts

10 Things IT Should Be Doing (But Isn’t): Free On-Demand Webinar

April 4, 2012

On our last webinar: 10 Things IT Should Be Doing (But Isn’t), we reviewed some of the challenges associated with unstructured data management and protection. IT requires the ability to answer critical questions about data in order to efficiently and effectively protect it. Some of these questions are:

  • Who has access to data?
  • Who has been accessing data?
  • Where is my sensitive data over exposed?
  • How do I fix exposures?

During the webinar we gave an overview of 10 things IT should be doing to answer these and other fundamental questions, and put the answers to productive use. Maintaining a complete audit trail of access activity, an accurate map of permissions, and identifying data owners are a few of the things IT should be doing. We reviewed why each one of the 10 things is important and what to look for in an automated solution.

If you missed our webinar, 
https://varonis.webex.com/varonis/lsr.php?AT=pb&SP=EC&rID=26300867&rKey=eac45ec0eefae25e
 to play the recording.

Leave a Comment » | Application Hosting, Managed Service Hosting, Marketing, Retail IT Solutions | Tagged: , , , , , , , | Permalink
Posted by david ricketts

Follow

Get every new post delivered to your Inbox.

Join 753 other followers