Security and storage converge to benefit business

29 Sep 2005

Seasoned acronym-spotters would have been well sated by the fare served up at IDC’s storage and security conference in Dublin’s Alexander Hotel last week. SPOFs, ILM and BCM were all ingredients in the mix but the conference’s main course was an interesting fusion of business and IT. These worlds are increasingly crossing over, taking a pinch of security and a helping of storage; on the menu were a series of speakers on hand to explain what this change is likely to mean.

Claus Egge, programme director with IDC storage research and the event’s keynote speaker, pointed out the original dictionary definition of security is comfort and peace of mind. A good information storage policy helps to ensure that, but there are trade-offs — not all data is equally important and as such needn’t all be stored on expensive storage platforms, he said.

According to Egge, this speaks to the trend of information lifecycle management (ILM), which is essentially about ensuring the right information is on the right platform at the right time — a worthy if aspirational goal for many businesses.

Another important aspect is that any storage systems in place should have adequate backup to allow a business to continue to function if some disaster should befall it unexpectedly.

The case study presentation of Milo Doyle, head of information security with the EBS Building Society, tackled this issue of business continuity management (BCM). Doyle hardly mentioned technology as he preferred to focus more on the procedures EBS put in place to ensure its business can keep running. In defining its own plan, EBS took a ground-up approach, seeing what the operatives needed in order to keep the company functioning. “Procedures are very important and sometimes forgotten; they have to be documented so they can be taken up by non-regular staff,” he said.

IDC consulting director Duncan Brown suggested why the areas of business continuity and security have historically been separate. “Business continuity is about high availability, performance monitoring, storage and backup; security has been about identity and access management and threat management,” he said. “The markets have come from different places; the people who own these processes are different — the shirt and tie versus beard and sandals.” Giving the hypothetical example of a security breach in a company, he said: “This is not a technology issue, it becomes a people-and-process issue, owned by the business.”

Simon Perry, vice-president of security solutions with Computer Associates, added to this thread. “When I hear the term IT it occurs to me we tend to focus on the wrong letter in the acronym: the most important thing is what the ‘i’ stands for and this is what brings storage and security together,” he said.

Another case study from Paul Collins, head of IT with Hypo Real Estate Bank, was nominally about the security challenges facing financial institutions but he said the same issues are valid for non-financial institutions. Legislation and compliance have been growing in importance for organisations, although they have had the effect of boosting budget allocations to IT. “Board members are more likely to release spend if an issue affects them directly,” he said. He also remarked on how the security function in a business had historically been part of the IT department but is changing and is now more likely to report to senior management.

Collins cautioned anyone not in the financial sector from being too smug at not getting caught up in compliance. “You’ve got to start preparing for this sort of legislation,” he said.

If the day’s overt theme was convergence between storage and security, another equally important but less obvious thread was how trends in IT are increasingly being driven by business concerns rather than technology developments: some meaty subjects to give those in attendance plenty to chew on.

Pictured from left: Claus Egge, programme director with IDC storage research and the event keynote speaker; Paul Collins, head of IT with Hypo Real Estate Bank; and Martin Hingley, vice-president, European Systems Group, IDC

By Gordon Smith