The concept for an active archive is intriguing as it relates to archival tape legacy data or any data created some time ago amidst a different set of legal, business, and compliance requirements. The lines of how data should be treated and classified through its use and age are not the same now as when employees created the data.
We’ve been brought up in IT data storage with (hopefully) sound records management policies that seek to classify and categorize data at certain times in its lifecycle. What ruins the best-laid plans is when the rules change for dealing with data once it’s been created.
In business, the drivers for changing the rules have primarily been business value, regulatory requirements, and legal intervention or preservation. If only we knew those things when we created the data, its use would not change, and the length of time we wanted it would not change.
The rest of it has data that falls outside of these categorical uses is for all intents and purposes junk at best or liability at worst.
Technological Changes and The Impact on Archival Tape
Let’s also look at the technological changes. The devices we use to store data have changed. There is still disk and tape, but other variations on these themes have come into play—optical, flash, cloud (probably disk and tape, but that’s another topic). The value of tape in the storage world has largely remained unchanged; it is portable, secure, and cheap. As a result, it has been an obvious choice for backup and archive. More elegant archival tape solutions have evolved for backup over the past 20 years, but the argument for archive seems to be as strong as ever, possibly stronger.
However, there are pushes and pulls to the life of created data, used for compliance, legal, and now increasingly, more importantly, deleted. The two biggest drivers that have created a demand for flexible or active archives are the security of critical mission-based data from hacking and the development of privacy regulations that could place demands on which data can be retained after archived.
As a archival tape services company, we have certainly seen a significant increase in work from organizations that have been ransomed and need to find some resolution they have sought from tape backups. What interests us more is the developing privacy regulation framework. It cannot solve all the issues with ransomware, but it can certainly clean up some of the mess created.
GDPR and Data Archival Systems
It started with GDPR in Europe and steadily developed other variations on the same theme. First in California (CCPA), now it looks like every state will have a version of their Privacy Act, with Florida the latest adding HB 969 to the Regulatory Reform Subcommittee agenda.
The general premise of these acts is to place an increased strength on the rights of individuals to have their personal information stored by companies. They place a framework for removing such information, and many organizations recognize how serious this is and now employ experts to deal with the inquiries. But let’s think about the technology demands for a minute; if you store some personal information stored on a PC on the hard drive, it’s easy to identify it and remove it.
The deeper the data goes, NAS/SAN/tape/cloud, the more difficult it becomes and the more costly and time-consuming to resolve. We don’t yet really know how sharp the regulators’ teeth will be regarding unstructured data (with no easily identified paths defined) and not easily identifiable in terms of sanctions. But companies are increasingly thinking about pro-active remedies for their (or not their) historical legacy data and trying to act accordingly.
You could say that what is required is not an archival system but an “active archival system,” where you can easily find data even if unstructured and easily removed after archival, if and when required. Inevitably the active archives of the future will be software-driven and infinitely more capable than the dumb archives of the past.
See this blog on Active Archive