Infinite data retention leads to costly mistakes

The June 2010 Information Management Health Check Survey, which was conducted by independent research company Applied Research on behalf of Symantec found a majority of enterprises are not following their own advice when it comes to information management. 96% (87% globally) of Australian and New Zealand (ANZ) respondents believe in the value of a formal information retention plan, but only 50% (46%) actually have one.  More than 1680 companies with at least 500 employees responded globally and ANZ represented 150 enterprises.

“The gap between enterprise information management goals and practices is driving common mistakes such as over retention and improper backup, recovery and archiving practices. The survey highlights that businesses are spending far more time and money on the negative consequences of poor information management and discovery practices than they would by working to change them,” said Craig Scroggie, Vice President and Managing Director, Symantec Australia and New Zealand.

“The survey results found that too many enterprises save information indefinitely instead of implementing policies that allow them to confidently delete unimportant data or records, and therefore suffer from rampant storage growth, unsustainable backup windows, increased litigation risk and expensive and inefficient discovery processes.

"One of their worse fears was deleting so they keep to an outdated  policy of if in doubt keep the information. There is actually new legislation in the Privacy Act, for example with HR records, that does not allow organisations to keep some records so it illegal to have this data.

“Infinite retention results in infinite waste. Enterprises need to regain control of their information by creating a formal information retention plan that enables them to backup, archive and delete with confidence. Backup is not archiving. A long-term archiving strategy is needed and this goes hand in hand with an automated retention policy," added Scroggie.

Key points of the survey follow:

• Enterprises are retaining far too much information. 68% (75% globally) of backup storage consists of infinite retention or legal hold backup sets. Respondents also stated that 25% globally and in ANZ of the data they back up is not needed and probably should not be retained.
• Enterprises are misusing backup, recovery and archiving practices. 85% (70% globally) of enterprises use their backup software to achieve legal holds and 17% (25% globally) preserve the entire backup set indefinitely. Respondents said 38% (45% globally) of backup storage comes from legal holds alone. In addition, enterprises cited that, on average, 40% of information placed on legal hold is not specifically relevant for that litigation. Using archiving and backup together provides immediate access to the most pertinent information while allowing enterprises to backup less.
• Nearly half of the enterprises surveyed are improperly using their backup and recovery software for archiving. Additionally, while 74% (51% globally) prohibit employees from creating their own archives on their local machines and shared drives, 77% (65% globally) admit that employees routinely do so anyway.
• Differences in how IT and legal respondents cited top issues for lack of an information retention plan. 20% (41% globally) of IT administrators don’t see a need for a plan, 21% (30% globally) said no one is chartered with that responsibility, and 29% cited cost. Legal cited the top issues as cost (20% in ANZ and 58% globally), lack of expertise to build a plan (60% in ANZ and 48% globally), and no one chartered with the responsibility (20% in ANZ and 40% globally).

The consequences of these information management missteps are severe and far-reaching:

• Storage costs are skyrocketing as over retention has created an environment where it is now 1500 times more expensive to review data than it is to store it, highlighting why proper deletion policies and efficient search capabilities are critical for enterprise organisations.
• Backup windows are soaring while recovery times have become prohibitive.
• Finally, with the massive amounts of information stored on difficult-to-access backup tapes, e-discovery has become a lengthy, inefficient and costly exercise.

Recommendations:

• Enterprises need to regain control of their information. The costs of waiting for the perfect plan are far outweighed by the benefits of getting started.
• Backup is not an archive, so stop using backup for archiving and legal holds. Enterprises should retain a few weeks of backup (30-60 days) and then delete or archive data in an automated way thereafter.
• By using backup only for short-term and disaster recovery purposes, enterprises can backup and recover faster while deleting older backup sets within months instead of years. That’s a huge amount of storage that can be confidently deleted or archived for long-term storage.
• Implement deduplication everywhere within applications and within a backup environment. Enterprises that deploy deduplication as close to the information sources as possible free network, server and storage resources. When deduplication is combined with shorter retention periods, enterprises enable tapeless disaster recovery via replication for better SLA.
• Enterprises should also develop and enforce information retention policies (what can and cannot be deleted, and when) automatically. Courts are more supportive of automated, policy-driven deletion than of ad hoc, manual deletion. The 50% of ANZ respondents that have a retention policy need to take immediate steps to begin executing those policies. Paper policies that are not executed are a litigation risk.
• Use a full-featured archive system to make discovery as efficient as possible. Companies can then search for information more quickly - and with more granularity than they would in a backup environment. This will reduce the time and cost it takes to evaluate litigation risk, resolve internal investigations and respond to compliance events.