Tuesday, December 23, 2014

What We Talk About When We Talk About Storage

Thanks to a deluge of storage marketing in the last year or two, we have adopted the opinion that flash storage will push spinning disks out of the data center. We even picked up on the term “spinning rust” and “mechanical disks” that many vendors use when pejoratively referring to that IT stalwart, the hard disk drive. And with an all-flash world in our minds, we frame storage decisions in quantities of performance and capacity.

But we’re doing it wrong. And it’s not our fault.

Have we all been conditioned to ask the wrong questions when it comes to storage? Or more to the point, have we been conditioned to skip right to the bits that are required for placing an order: how much, and how fast? We don’t even consider what we’re storing.

The rate at which data is created is staggeringly unfathomable. No, really. Sure, you can read a statistic (from IBM, so it carries a significant amount of credibility) like, “…every day, 2.5 billion gigabytes of data is made around the world.” Yes, that’s 2.4 exabytes, and no, it’s almost impossible to understand how much data that is. You’d need to manufacture 2.4 million 1TB drives every day to just meet the current demand. At some point, and this point may already be in our rear-view mirror, data growth will outpace our ability to manufacture media.

We take this information with us when we jump to the following conclusion: we need more storage. We need bigger drives. We need bigger arrays. We need more compression and deduplication and virtualization and thin provisioning. We need a home for all this data.

But before we come up with capacity requirements, consider this: our data is valuable. It may be intellectual property, financial, personally identifiable, or any of the myriad other classifications we’ve devised over the years. We may have a dozen Office documents that hold the figurative keys to the corporate kingdom. We may have a few databases that contain information on every customer you’ve worked with. We might have some text files that have all of your IT department’s passwords. Just kidding, no one does that. :)

Now comes the hard part: we need to accept that non-trivial amounts of our data may be, well, worthless. Employees store all kinds of media that have no value to the business. In fact, some of that data may expose the business to unwanted attention from ambitious legal and law enforcement types.

Maybe instead of focusing on a tiering model that’s based primarily (if not exclusively) on performance, we should tier our storage based on data value. Maybe “where do I store all of this data?” is begging the question: do we need to store all of this data? After all, the data holds value. Storage is just the cost of holding that data.

Of course, a value-based tiering model requires quantifying our data’s value. Or, it might require that we have a storage solution that can identify types of data and categorize them automatically. Either way, we will need to take a wide-eyed, new look at our corporate data. And more importantly, we need to change what we talk about when we talk about storage.

NB: This post is part of the NexGen sponsored Tech Talk series and originally appeared on GestaltIT.com. For more information on this topic, please see the rest of the series HERE. To learn more about NexGen’s Architecture, please visit http://nexgenstorage.com/products/.

Monday, December 1, 2014

Perceived Security & The Home Depot

An NCR POS terminal at The Home Depot.
Lots of posts and tweets and chats about perception lately. Frank Denneman asked if people still perceived a single chassis as a risk and sparked a Twitter discussion that I was ill-prepared for at 5:00am my time. I wrote about seeming vs. being in my post about Hamlet and Coffee Cup Sleeves. And just last night, while I was making a last-minute dash to The Home Depot to get some more Christmas lights, I was left with the perception that Home Depot just doesn't get security. Just look at this photo --->

Yes, that's a self check-out POS terminal running Windows XP. And yes, The Home Depot frequently runs into trouble with the security of its POS terminals.

Of course I took a picture. What kind of blogger would I be if I let this one slide? Here we have one of the biggest companies in the country, fresh off one of the most well-documented and journalized credit card thefts to date, running a version of Windows that is older than Twitter and is no longer supported by the vendor. It screams irony, right?

P E R C E P T I O N

This is where perceived security comes into play. I was quick to criticize HD for learning nothing from the last ~twelve months of headlines regarding credit card thefts due to infected POS terminals. Have you learned nothing? How can HD continue to use a known-vulnerable operating system to process payments? But @stvkpln reminded me that, for large corporations with tens of thousands of terminals across the country, upgrading and / or migrating to a new system is a non-trivial task. It's not just a patch you push out over the weekend. And he's right; not matter how urgent the need may be, there's nothing worse than rushing a solution into production before it's properly thought out. I call that duress-driven design, and I've had a post in Drafts for a month now on that topic.

We agreed, however, that HD and its business partners (NCR in this particular case) need to address the issue before they suffer another attack.

But this post is about perception, and in this case, it's the perception I'm left with from this experience that is arguably more important than the reality. Metaphysically, we'll never know reality; we live in a world of shadows cast on a cave wall. The reality may be that HD is actively working towards resolving their security issues. They may be blazing a new trail in information security and innovating standards for credit card protection. But all it took was a single terminal with the iconic bliss desktop image, and my perception was set: The Home Depot still doesn't get security.