A combination of a dramatic change in business requirements coupled with regulatory upheaval, embodied by GDPR (General Data Protection Regulation), is taking IT organisations to a tipping point where they must take a much a much more proactive approach to understanding and managing their data.
For years IT, encouraged by falling storage costs, has taken a relatively low touch approach to the management of data, with most organisations taking the view that keeping data is less expensive than managing it proactively, based on business value or for legal or regulatory purposes. This was mirrored by a relatively low key approach to data privacy regulations in most jurisdictions around the world.
Over time IT has created numerous copies of data for protection and governance purposes. This has been matched by a trend of increasing volume of copies used to gain insights from data.
Analyst research on Copy Data Management shows that 45-60 per cent of total storage capacity consists of ‘copy data’, whilst 82 per cent of those organisations surveyed have at least 10 copies of each database.
Test, development, business continuity, operational recovery and analytics have all spawned multiple copies of data, each with its own discrete set of supporting infrastructure. The shift to digital business has increased the requirement for the business to inspire high levels of customer trust combined with a regular supply of fresh business insights. For IT that means continuous service delivery — which relies on copies of data for failover and recovery purposes, and data lakes — which combine numerous sources of data for analytics.
One of the most intractable problems is the number of discrete Backup/Recovery, Retention & Compliance products in the Enterprise. The same analyst research showed that on average, each enterprise had 5-10 different products installed with up to 50 potential data copies. This is presents a significant burden to IT, with many discrete points of monitoring, management and reporting.
Traditionally, IT has typically taken the position that it is too costly and risky to consolidate data operations — that is backup/recovery, archive and snapshot management. That argument is much harder to make today when you take the data management requirements of GDPR and the demands of digital together. Today, the cost and risk in not acting may well be higher than the risk of acting for many organisations. Contributing to this equation is the maturity and sophistication of migration capabilities of the backup vendors themselves in migrating from one platform to another.
GDPR changes the rules of data and storage management. The requirement for each business to know and manage personal data means that businesses must know their data overall in order to determine what data is personal and subject to the GDPR regulations. GDPR’s strict breach notification rule means that organisations also have to determine the nature of the breach, its scale, who has been affected, and how it occurred within 72 hours for notification purposes. A rising tide of cyber-attacks means the risk of a breach is significant and increasing, and tighter data management is an essential part of any plan to remediate those risks.
The phenomenon of large volumes of relatively loosely managed data in the data centre also presents a barrier to scaling digital projects and initiatives The Gartner research “2018 CIO Agenda: Mastering the New Job of the CIO” shows that once digital initiatives have been delivered, but before they can be ‘harvested’, they need to scale. The report goes on to identify resources as one of the largest barriers to scale at 23% of respondents surveyed, with reallocation of resources as part of IT portfolio management being largely focused on infrastructure and data centre; 30% of organisations are expecting to reduce investment there.
The increasing importance of data and data-related skills and needs to be taken into account in planning. A recent survey of IT staff shows that data management and analysis are statistically equal in importance to “offering a high quality service/product” and “having a long-term plan” — the top scoring priorities. The survey also shows that whilst data is changing how IT departments function, two-thirds of respondents felt insufficiently prepared for key data challenges.
Instead of treating GDPR as an investment with little in the way of a return other than compliance, it is more fruitful to build a plan that will address the demands of GDPR whilst simultaneously equipping the company with better set of data capabilities. As one CIO said at Gartner Symposium 2017: “I do not see GDPR as a problem, I see it is a catalyst for change”.
The writer is the senior director of marketing for EMEA at Commvault.
