Market Roundup October 5, 2007 HDS Enhances Its Midrange Storage Solutions SAP Pairs Its GRC Products with Major Identity Management Vendors |
|
HDS Enhances Its Midrange Storage Solutions
Hitachi Data Systems has announced several enhancements
across its midrange storage offerings designed to help clients address rising
energy costs, data center and floor space consumption, and the need for
heightened security across IT deployments. These enhancements will be available
as part of HDS’s Adaptable Modular Storage (AMS) and
Workgroup Modular Storage (WMS) systems. The new enhancements include a new
Power Savings Storage Service, support for 750GB SATA II Drives, and new Audit
Logging and Role-Based Access security services. The Power Savings Storage Service
enables customers to power-down volumes not being accessed by an application
and to reverse the process when the application need
returns. The service will be available on all AMS and WMS systems with SATA and
Fibre Channel drives. Hitachi AMS and WMS systems now support 750GB SATA II
drives, which are targeted at customers who require lower-cost, higher-density
storage in their AMS or WMS systems, whether deployed as stand-alone storage or
as part of the Hitachi Universal Storage Platform V Series external virtualized
tiered storage. The new Audit Log can track all user access operations, monitor
security, investigate the cause of errors, and avoid potential errors. Audit
Log files can be exported from multiple systems to a centralized server to
simplify audit and control management tasks and are compatible with BSD Syslog Protocol (RFC3164). The Hitachi Role-Based Access
Service provides user authentication and access control for secure management
of AMS or WMS systems that can be controlled by user profiles with three levels
of access (account administrator, storage administrator, and auditor) that
restricts the storage management functions available.
We view these improvements as part of the ongoing rising
tide of value that storage providers are delivering to their customers. In
particular, these latest enhancements from HDS follow three common themes in
the current marketplace: energy efficiency, scalable capacity, and security.
With respect to energy consumption, the spin-down capability of the Power
Savings Storage Service may seem trivial to some, but its potential impact
should not be underestimated. It is common for most any laptop computer today
to spin down disk drives after a period of inactivity to conserve precious
battery power. Yet in the data center, historically drives were ready to go at
all times, which is great for performance but takes a considerable amount of
energy, especially if the volumes are hosting infrequently accessed data or are
simply “hot spares” or other unallocated capacity. Being able to respond at the
application demand level as opposed to something arbitrary such a given number
of minutes seems on the surface to be a logical
approach to conserving energy, while maintaining acceptable service levels for
many types of application workloads.
However, this may prove a bit easier said than done, as laptop
workload tends to be oriented to a single user and not dependent upon the
vagaries of multi-user network access. Hence, there is considerable forethought
required to determine which applications (primary databases are probably not
good ones to consider) would be able to gracefully bow out and step back in
without corrupting their data context when the disk has spun down.
Nevertheless, for the right workloads, this approach may have appeal. When
combined with support for new larger 750 GBSATA drives, the potential for an
organization to consolidate secondary and tertiary data storage into a more
energy-efficient solution is notable. Organizations would be able to support
their storage growth, while reducing their energy consumption. We expect this
message will resonate with most any organization.
At the same time, many organizations find themselves needing to improve their overall data security either to comply with regulatory edicts or simply to adhere to designated best practices. The security-focused enhancements from HDS will likely be well received by organizations looking to improve their security portfolio. The new Audit Log File tracking of user access, timestamps of operations performed, parameters set, and the end result helps to provide an operational record that is useful in adhering to best operational practices, analyzing and investigating the cause of errors, and providing security monitoring. When combined with the Role-Based Access Service, end-user organizations will likely find it a bit easier to help keep their data storage infrastructures under control. Being able to export and hence consolidate the Audit Log files from multiple systems as well as integrate with existing log shipping infrastructures through the BSD Syslog Protocol is another helpful aspect of the solution that may help reduce the overall management burden as well. Although these services alone do not constitute a complete compliance and security monitoring solution, they nevertheless offer important components of such a solution and should allow organizations to begin or continue the process of securing and gaining a better understanding of the operations of their storage solution. Nevertheless, we are encouraged by the continued focus of HDS on addressing contemporary issues on the minds of storage customers and making continued investment in their storage technology and platforms.
SAP Pairs Its GRC Products with Major Identity Management Vendors
SAP AG has announced the immediate availability of new GRC
Web services that enable the seamless integration of identity management
software solutions with SAP GRC Access Control. Based on open standards and
built on the SAP NetWeaver platform, these new Web
services open up the full capabilities of SAP GRC Access Control and allow
identity management software vendors to tightly integrate their respective
solutions, providing customers with a single set of tools to manage user
identities, enforce corporate security policies and
ensure compliance with regulatory mandates.
SAP, together with leading identity management software
providers including IBM and Sun Microsystems, is responding to the challenges faced
by CFOs and CIOs in proving to auditors that they are effectively controlling
their financial and IT-related risks by combining automated, end-to-end
compliance controls with the full range of identity management functionality. Integration
efforts by IBM and Sun are already well underway to link IBM Tivoli Identity
Manager and Sun Java System Identity Manager with SAP GRC Access Control,
bringing together critical compliance capabilities—including segregation of
duties enforcement, risk analysis and remediation, compliant user provisioning,
role management, audit and reporting—with key identity management
functionality, such as user provisioning, authorization and authentication,
password management, and directory services. SAP is also using its new Web
services to integrate its SAP NetWeaver Identity
Management component, created following SAP’s
acquisition of identity management software provider MaXware
earlier this year, with SAP GRC Access Control to provide an end-to-end
solution for compliant provisioning across heterogeneous IT environments. The
provision of open interfaces to link SAP products with those of third-party
software providers continues SAP’s open partner
strategy and preserves its customers’ freedom to build and deploy solutions
that best fit their needs, using both SAP and non-SAP components. The new Web
services from SAP are available immediately as part of SAP GRC Access Control.
This announcement appears to signal an agreement for “peaceful coexistence” among several large and powerful software vendors. We applaud the notion of tight integration of identity management with applications as a logical and progressive step in transparency of identity validation prior to application execution. It is also interesting to note that Governance, Risk and Compliance can be thought of as a hub connecting the various outlying applications. As such the GRC application itself becomes highly sensitive for its information content and as a potential target of electronic discovery in litigation.
Customers already employing GRC products from SAP and who have or are considering IDM products from IBM and Sun should benefit from this announcement. The “détente” effect of these alliances is also significant and we believe it is indicative of the competition and segmentation that end-user organizations can expect from large vendors in the future.
HP Announces the Integrated Archive Platform
HP has announced the HP Integrated Archive Platform as part
of a larger set of new solutions and services focused on three strategic areas, namely, Business
Information Optimization (BIO), Business Technology Optimization, and Adaptive
Infrastructure. Within BIO, the company announced the HP Integrated Archive
Platform that allows billions of emails, documents, and images to be easily
stored, searched, and retrieved from a single, extensible ediscovery platform.
The platform is an integrated enterprise class solution for electronic data
discovery, governance, and compliance that incorporates HP’s leading grid
storage and server technologies such as native content indexing, search, and
policy management software. HP is also offering the Information Discovery and
Policy Definition Service for customers faced with the complexity of
translating legal, compliance, technology, business, and operational
requirements into policies for access, retention, storage, and reuse of
information. The service provides an inventory of an organization’s
information, applications, and systems. It also samples data to unlock usage
patterns and information flows. The company also announced the HP Data
Protector enhancements for Microsoft Exchange focused on improving flexibility
in backing up email by offering customers multiple options to meet recovery
point and time objectives.
There were many parts to this announcement from HP, but what
caught our eye was the notion of the archive platform and the recognition that
this is much more than just storing raw bits. In particular, we find that the
focus not only on search and retrieval, but also on indexing, policy management,
and most importantly, an expectation to support ediscovery illustrates
explicitly that an effective archival solution is much more than search and retrieve, it is an echo/reflection of business operations.
Further, it must be able to comply with specific external mandates, i.e., legal
discovery and other possible legal edicts. With the rapid growth in the sheer
amount of information being stored electronically at the same time that
regulatory standards regarding the storing and disclosure of said information
continue to increase in both complexity and number, being able to comply with
the long arm of the law becomes paramount for commercial success. In addition,
with the explosion of email as a primary business communication tool, the
ability to show that those communications, which fall under regulatory purview,
are being archived in a compliant fashion becomes an indispensable insurance
policy. The Data Protector enhancements for Exchange should also help
organizations uphold their regulatory requirements while also making life a tad
easier for backup personnel.
While these technologies alone will not create a complete security or ediscovery solution, the fact they are being positioned as an integral part of the underlying platform is encouraging. As we have stated before, archiving is not simply the successive application of backups, rather it is a strategic operation that is designed to minimize operational expense, and more importantly, protect information assets and ensure their timely retrieval. It is the explicit recognition in the Archive Platform of this reality that we find reassuring, and hopefully HP, along with the rest of the storage industry will continue to reinforce the importance of the archival function, not as an afterthought, but as a strategic consideration of any information storage solution.
RenewData Addresses Cost of Backup Tape Management
RenewData, a provider of electronic evidence and data
migration services for corporations and law firms, has announced the
availability of its Backup Tape Liability Management Service, which enables
corporations to identify, de-duplicate, and possibly reduce data on large
numbers of stored backup tapes. RenewData’s Backup Tape Liability Management
Service uses a secure process to quickly evaluate the content of backup tapes
and reduce the ongoing storage costs associated with unnecessarily retaining
tapes not required for a corporation’s legal, regulatory, or retention
management purposes. Backup tapes containing data applicable to the
corporations’ retention criteria can be returned to the client or consolidated
on high-capacity media, while tapes not meeting the criteria can be destroyed
using a defensible process. This identification, de-duplication, reduction, and
consolidation process helps corporations address the potential liability
residing in large inventories of backup tapes and reduces the ongoing storage
costs associated with retaining tapes deemed unnecessary. In addition, the
information gained from the resulting reports accompanying this new service may
be used to address Rules 26(a)(1) and 26(f) of the
Federal Rules of Civil Procedure, which require parties to provide a
description of electronically stored information to the other party involved
and that both parties "meet-and-confer" to discuss issues related to
the discovery of electronically stored information.
RenewData’s professional and allied services, which include
legal expertise, secure facility, and forensically sound chain-of-custody
procedures, ensure all data is handled appropriately to avoid later questioning
if litigation occurs. RenewData ediscovery experts can also testify in Court
regarding the processes and technology used during the Backup Tape Liability
Management Service, as well as assist with 26(f) "meet and confer"
discussions. Additionally, because many backup tapes in storage often contain
antiquated data found in obsolete formats, RenewData services address proper
handling and restoration of outdated media formats and backup software.
RenewData’s Backup Tape Liability Management Service includes a Physical Media
Audit Report, Tape Sample Analysis, File Level and Data Content Reduction, and
Data Consolidation.
Sometimes seemingly unglamorous announcements can have the
most significant impact on end-user organizations. We believe the care and
feeding of backup tapes is one of those tasks that needs
to move from under the radar screen to top of mind. Growing demands of records
retention, concerns about customer data privacy, burgeoning regulations, and
the ever present danger of litigation are all clearly visible drivers that should
be incentive for large end-user organizations to devote attention to their
backup tape management.
RenewData appears to have hit the market with a needed set of capabilities at the right time. As courts become increasingly impatient with organizations unable to access their own data and produce it in court, and excuses of too many tapes or antique formats have already been proven to be inadequate excuses, with organizations ordered to produce data even at significant cost and trouble. Civil litigation takes a long time to wind through the system and organizations need to be attentive today to the legal environment they are likely to face in 2012. It would appear that the RenewData Backup Tape Liability Management Services and similar services ought be considered by organizations with large tape libraries and those who intend to rely on tape for the next ten years. Organizations who are heavily involved in litigation will surely find this type of solution to be a stitch in time when it comes to future litigation costs.