Feeds

Managing the dung heaps of data

Time to rationalise?

  • alert
  • submit to reddit

3 Big data security analytics techniques

Lab The question “What about the 'I' in 'IT'?” serves as an equally good reminder of the point of the ‘T’. But while information allegedly exists to support the business, from the information technology perspective it sometimes seems almost a by-product of all the communications we want to do, all the applications we want to run.

Looking at all the disparate pools of information we end up with, it begs the question of whether we’ve got it backwards. We talk in terms of relational databases, spreadsheets, analytical systems, enterprise content management, email, file stores and so on, without necessarily linking them back to the business. As a result islands of data exist across the organisation, each running on their own hardware and, for larger companies, each managed by a different set of people.

It may feel like all such capabilities have been around forever. The fact is, of course, that these are merely the repositories that organisations settled upon at various points in IT’s history. Data management can be complex, so by necessity each store has fostered a set of skills and best practices, reinforcing the idea that each repository type is “the way things should be”. Over time as well, the people managing each can become understandably protective of their domains.

Meanwhile, business needs and change events roll on. From the IT department’s perspective, technology is a project-by-project thing, with new requirements and end-of-life events driving deployment initiatives. At the same time, other functions are not alien to deploying IT systems of their own – sales organisations deploying Blackberry Enterprise Servers, for example, or indeed tech-savvy managers knocking up an Access database at the weekend, which ends up still in use three years later.

No wonder then that we see database sprawl, fragmentation of data sources, proliferation of repositories and so on, each of which can impede the business from exploiting data more effectively. From the end-user perspective, this is manifested in the difficulty of actually being able to find the right information. We’ve been researching this area for several years now, and every time we do, “finding stuff” comes top of the list of data-related issues.

Both business users and IT people live with such consequences with a certain grumbling acceptance – we all do – that is, until the situation becomes untenable. Such factors include when things stop working completely, or - equally likely - when external factors come into play, such as a new set of regulations to be addressed (PCI, anyone?) or some strategic rationalisation initiative to sort things out.

One thing’s clear: while it is possible to improve the way things are, it is a pointless to start off expecting to deal with everything at once. Rationalisation of data sources, applications or both sounds great in principle, but near-impossible in practice due to the sheer scale of the job.

An important step, therefore, is to decide what it is worth spending the time on rationalising, consolidating or migrating. This is largely a case of mapping the business value of specific repositories, or the applications that use them, against the amount of effort actually required to maintain them. A legacy database, for example, may be mission critical, minding its own business and presenting little operational overhead. Here, the fundamental IT law of “if it ain’t broke, don’t fix it” applies. But equally, low-value data sources (perhaps containing information relating to products that no longer exist) might be ripe for decommissioning, however recently they were rolled out.

Data rationalisation exercises are never to be undertaken lightly, despite what vendors might say about how good their migration tools or middleware products might be. It is worth keeping the following points in mind during any such effort:

  • It is as much about dependencies as data – between users, applications and repositories, physical and logical. Ignore these at your peril!
  • Context is king – data entries by themselves may make little sense, and the value may lie across multiple data sources that need to be considered together.
  • Don’t attempt to boil the ocean. While this is common sense, prioritisation exercises can unravel over time to avoid scope creep.
  • Plan to fail – or at least be sure that you know what to do if something goes wrong. Allow sufficient time for testing, and build in fall-back paths wherever possible. There are no absolutes, particularly not in rationalisation and consolidation. While data sources may have accumulated in a haphazard fashion, approaches to resolving them should be anything but. Perhaps one day we’ll arrive at a point where some kind of master-repository exists that can take care of itself. Until then however, it will largely be a question of managing the fallout. ®

SANS - Survey on application security programs

More from The Register

next story
Android engineer: We DIDN'T copy Apple OR follow Samsung's orders
Veep testifies for Samsung during Apple patent trial
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Microsoft lobs pre-release Windows Phone 8.1 at devs who dare
App makers can load it before anyone else, but if they do they're stuck with it
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Windows XP still has 27 per cent market share on its deathbed
Windows 7 making some gains on XP Death Day
Internet-of-stuff startup dumps NoSQL for ... SQL?
NoSQL taste great at first but lacks proper nutrients, says startup cloud whiz
Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
Pre-Update versions of new Windows version will no longer support patches
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.