From make do and mend to steady state: do you know where your enterprise data is located?

When the Covid-19 pandemic forced office workers to suddenly become home-based overnight, tech teams worked long and hard to give them the best infrastructure possible. Day One might have been a nightmare of make do and mend strategies for many, but as time went on untold numbers of people came up with solutions to enable remote working.

Now, as organisations think about the future of work, some will want a return to the office, some will switch to full-time remote, and others will be somewhere in the middle with hybrid policies. As they work through this, organisations can also use the time to build out, or consolidate their cloud strategy, depending on what their existing IT estate looks like now.

Employees have worked from disparate locations and devices – now the main priority must be improving the posture of the data, consolidating copies, removing ‘dark’ data, improving governance, and of course, making sure that all the enterprise’s data is safe, secure and recoverable.

Short term pain, long term gain

The short term fixes that were put in place early in the pandemic may have resulted in some shadow IT being set up – and perhaps deliberately because it was the only way forward. But now, an organisation might have a myriad of shadow IT systems and mini data siloes across its people’s laptops. This presents a level of risk no business should be willing to live with.

Data is a critical element of business success, but in practice, few organisations manage their data as a strategic asset. Many IT teams struggle simply to meet basic SLAs for protection and availability, let alone leverage their data for competitive advantage.

Surveys have revealed an alarming range of issues associated with managing enterprise data that impact both business and IT, including budget overruns, poor customer service, security and compliance exposures, and even sinking morale within overworked operations teams. The underlying cause of these issues is something we call mass data fragmentation, and it has several profound aspects:

Fragmented and Siloed Data Infrastructure

Data has exploded in volume and become scattered across multiple public clouds, data centers, remote offices, and the edge, with little global oversight. In each of these locations, data has become isolated in specialised infrastructure—often from multiple vendors—to manage basic functions such as backup, networking, storage, archiving, disaster recovery, dev/test, and analytics.

To make matters worse, there can be silos within silos. For example, a single backup solution can require several dedicated infrastructure components, such as master and media servers, target storage, deduplication appliances and gateways, in addition to the backup software itself—each of which may hold a copy of a given data source. It is not unusual to find four or more separate such configurations simply to manage backup for different data sources such as virtual machines, physical servers, databases, or containers.

It’s worth pointing out that this fragmentation effect is not confined to traditional data centres. Public clouds are an increasingly popular choice to host data and apps, but IT has to deploy supplementary data management functions (typically from different vendors) to handle backups, disaster recovery, security and compliance, and so on, since the cloud providers don’t automatically provide these services. And this even applies to ‘service silos’ in a purely SaaS environment, as we shall see later.

Operational Inefficiencies

The complexity created by these infrastructure silos has a considerable knock-on impact on system and operational efficiency. There is typically no sharing of data between components or functions, leading to inefficiencies as multiple ‘redundant’ copies of the same data are propagated between silos, taking up unnecessary storage space.

Similarly, operational efficiency is compromised by the need to manage multiple proprietary systems with different user interfaces, each of which may require specialist administrators to maintain rather than generalists. Given today’s world of ‘no downtime,’ tighter SLAs, increasing business demands, and slimmer budgets, it is no wonder that IT teams are reporting high levels of stress and even burnout as they grapple with the increasing complexity.

Shine a Light on Dark Data

A more sinister aspect of mass data fragmentation is that most IT teams don’t have detailed knowledge about the majority of their data’s contents, location, owner, access history, or whether it contains sensitive information. In other words, their data is dark. Petabytes of data are being routinely stored without being classified, indexed, or tracked.

Clearly, this adds considerable risk to the business. How do you prove compliance in handling Personally Identifiable Information (PII), in order to meet regulations such as GDPR? How do you detect anomalous user behavior or programmatic ransomware attacks? And from an operational point of view, how can you optimise expensive storage by deleting or archiving unneeded data when you don’t know which items to keep?

Cloud Agility or Fragility?

Most IT teams are accelerating cloud adoption to cater to an increasing number of use cases and seeing benefits in time to market and agility. However, cloud adoption can contribute to mass data fragmentation by generating data in more locations and in different silos and formats. A common misconception is that cloud providers take care of everything for you, including backing up your data. This is far from the truth, as all major cloud providers employ a shared responsibility model.

A shared responsibility model implies that they’ll take care of physical cloud infrastructure, as in their data centres and servers. But when it comes to your data, it’s almost solely your responsibility to secure, manage, and back up your data. If data was accidentally deleted or if a bad actor employs the latest ransomware scheme to get a hold of your cloud account, you may be out of luck if you didn’t properly back up your cloud data.

Better Together: Convergence of IT, security and governance

Now we know what the issues are, how do we solve them? Well, part of good data management requires a collaborative approach with multiple business stakeholders and teams. The problems you’re facing will be felt elsewhere too. For example, amongst the mass of challenges organisations face in 2021, two challenges stand out. They are frequently cited as ‘top of mind’ by leaders, how to protect and overcome ransomware attacks and how to abide by an ever-increasing array of complex data laws and regulations. And suppose you have a mass data fragmentation issue in your organisation. In that case, as I’ve mentioned above, the likelihood is that you’re making it incredibly easy for an attacker and likely about to fall short with your IT governance too.

Although governance and security programs are discussed in various industries today, not many organisations or security professionals fully understand all involved and the relationship between these concepts instead of focusing on their roles and responsibilities. However, a major commonality of these two functions is that they both care about risk management. With data as a top strategic asset for businesses, they are both invested in the health of enterprise data.

It is abundantly clear that today IT teams face unprecedented demands to support business operations efficiently and act as a source of innovation and competitive advantage. We believe that mass data fragmentation is the most significant roadblock to achieving these goals. More effective management of data is key to enabling IT to deliver against those expectations.

Getting into a steady state where these crucial areas are taken care of as a matter of course frees an organisation up to focus on making more of its data, finding new ways to use it to grow and develop, and take clear and certain steps forward; and all with the assurance of knowing where and how the enterprise data is stored. Make do and mend is a thing of the past, but you must work with stakeholders to keep it that way.

Ezat Dayeh is a Senior Systems Engineering Manager, Western Europe at Cohesity