The specter of multimillion-dollar fines for regulatory noncompliance is a definite motivator when it comes to data retention. And there are equally drastic consequences, including negative impact on customer service, costs, productivity, and speed to market if data is inaccessible. But while we're all aware of the urgency of setting policies, implementing technology, and instituting processes to manage data effectively, new complications are increasing the challenges and threatening your business.

The problem itself has actually changed shape. The familiar graph showing exponential growth in volume no longer represents the full scope. One issue is the expanding range of types of data that businesses must preserve and access. There are electronic documents such as contracts, invoices, and presentations, as well as CAD/CAM designs and certain types of digitized information such as check images, blueprints, historical documents, medical images, video, instant messages, and photographs. Increasing volumes of e-mail, e-mail attachments, source code, and Web content add to the complexity of the challenge.

Top of mind are e-mail retention efforts because of mandatory compliance requirements, and business best practices so that companies can mitigate risk. Additionally, it makes sense to be able to exploit data assets for increased productivity and to keep a record of communications with customers, partners, suppliers, and employees; and there is future value in providing access to "corporate memory."

More than 10,000 federal and state laws and regulations mandate the maintenance of electronic information - and that's in the United States alone.

In the financial industry, Sarbanes-Oxley and new SEC rules are driving changes; and in health care, HIPAA, PHI, and Part 11 are changing the storage and management of data; EPA and ISO are mandatory for manufacturing firms; as are FDA requirements for CGMP, and 21 CFR Part 11 Life Sciences for pharmaceutical and medical device companies (see Figure 1).

In addition, for every industry, speed to market and effective knowledge management are business-critical issues. And across industries, the increasing consolidation of IT environments, specifically database consolidation, is creating larger data stores where aging algorithms are required to maintain the performance of business applications.

Avoiding legal and regulatory consequences is the negative side of the story. The positive side is that storing and managing information in strategic ways is critical for an agile, efficient enterprise. Many businesses have initiatives in progress to address both the requirements and the opportunities.

One response is storage expansion. According to a study by the Meta Group, the average business is growing storage capacity by about 45% annually, as opposed to 30% at the beginning of 2003.

A word of caution here: expanding storage capacity alone is not an effective solution. Business policies must be shaped to solve the problem, and information lifecycle management (ILM) is essential. We're all hearing the term frequently these days and in many contexts. Our definition here is that ILM is the process of managing data throughout its life cycle, according to the value of that data to the business.

It's very important to understand that ILM is not simply a matter of placing data on the most appropriate, cost-effective storage media during its life cycle. In fact, in order to be truly successful with the design and implementation of your ILM solution, it is important to remember that only about 25% of the challenge is about the selection of products. Key to getting it right is implementing the right business processes and supporting them with the right tools.

Data must be stored based on the objectives of the business. How the data is used, its value, and how its usage and value can change over time are all critical to effective ILM. The implementation of these processes may encompass content identification, backup and recovery, replication, archiving, data migration, and data distribution as well as robust indexing and search functions and processes for permanent removal of data (see Figure 2).

An effective ILM solution is composed of an interconnected set of business processes, storage components, and data and storage management applications. The fundamental steps to achieve this are defining the business processes and designing and implementing the architecture to support them. A successful ILM solution is a phased approach that can scale and adapt with changing business needs. Only after the initial design of the business processes is completed should your efforts turn to the careful selection of the right hardware and software to support those processes.

Essential Steps for Developing an ILM Strategy
ILM is not something you buy off the shelf. A number of steps are critical to developing a successful ILM strategy. For example, an initial assessment and planning stage is necessary to determine the needs of the business, the scope of the project, custom solution design, and requirements for such essentials as administrator training and ongoing security.

The following section briefly describes some of the steps vital to developing your strategy and examines their significance within the overall ILM solution.

• Application, data, business, and regulatory inventory: During this extremely important first step your team needs to evaluate your applications, your data, and its value, and build an inventory of the candidates for ILM.
• Solution design (capacity and performance planning, hardware selection, network integration): Once target applications and the data stores are identified, the existing business processes must be reviewed and adjusted to ensure the value of the data is reflected. The value of the data is influenced through regulatory requirements, business needs, and cost factors. After the business processes are properly designed to meet all needs, basic metrics such as total capacity required, throughput, availability, and response time are used to design the supporting architecture. The team must also consider factors such as the skill base of the existing system administration staff, the potential for existing hardware to be repurposed, and business continuity requirements as they design a solution customized to fit your business needs.
• Security audit: The team must ensure that security matters are addressed in the design of the initial solution. This includes defining processes for ongoing security reviews and patch updates.
• Document retention policies: Once the solution architecture is in place, additional business rules must be defined to drive the movement of data between the various tiers of storage and signal the appropriate time for data deletion.
• Chain of custody: Data must often be retained and remain accessible even after the application or computer platform that generated it is retired. In these cases, your team will need to transform the data as it moves to different storage layers and validate that each transformation maintains the integrity of the data from an end-user perspective as well as from a legal and regulatory perspective.
• Auditing: To ensure that your company is in compliance with all relevant information and retention regulations, your team will need to examine the auditing requirements of each application, which may include logging system administrators' activities, logging the activities of regulatory users, and tracking all operations on data.
• Billing and charge-back: Knowing the cost of data storage, and charging it back to the proper business units, is a key component (and opportunity) of ILM. Your team will need to evaluate the requirements and design a solution around the utilities provided by your solution.
• Backup and disaster recovery: Ideally, ILM is a fault-tolerant solution that automatically creates and maintains a redundant copy of each document. If, however, further degrees of redundancy are required, you will need to evaluate the business continuity requirements for each segment of your data and develop appropriate backup and replication strategies.
• Customization: Designers and developers should be able to customize any element of your enterprise applications - from user interfaces to connectors and additional data processing - to ensure that the entire system works smoothly in an ILM environment.

A successful ILM solution extends the business value that storage provides to the company; supports business compliance with government regulations that mandate the retention, access, authenticity, and privacy of business information; improves business continuity; and increases business agility.

In summary, an effective ILM solution must provide:

• A solid set of business processes designed around the value of the data and the business needs for that data.
• Links between business-critical applications and processes and the adaptive storage infrastructure (to ensure that the right data is available anywhere at anytime according to its business relevance)
• An adaptive storage infrastructure that supports different classes of storage based on how the data is used during its life cycle
• Enterprise storage applications that are designed to simplify the management of complex storage infrastructures