Professional Documents
Culture Documents
PROBLEM DEFINITION:Shared information has an associated value to its organization. Where information is shared in collaborative, de-parameterized environments, the information content should be correctly labeled with information protection requirements according to an Information Classification Scheme and Impact Sensitivity Categorization, as defined in the Jericho Forum papers with the respective titles.
Information can often have a temporal aspect. For example, financial results can go from top secret to public domain overnight. Information Classification and Impact Sensitivity Categorization should be periodically reviewed and updated to reflect the current sensitivity of the information. Access controls should be modified in light of any changes to information classification. The Information Classification, Impact Sensitivity Categorization, Access Control Requirement definition/modification processes, together with policy for the creation, storage, transfer, update and deletion of information require an entire Information Lifecycle Management (ILM) process which should be a continual cycle of analysis.
ILM IMPLEMENTATION:The process of developing an ILM strategy includes four activitiesclassifying, implementing, managing, and organizing: Classifying data and applications on the basis of business rules and policies to enable differentiated treatment of information Implementing policies by using information management tools, starting from the creation of data and ending with its disposal Managing the environment by using integrated tools to reduce operational complexity Organizing storage resources in tiers to align the resources with data classes, and storing information in the right type of infrastructure based on the informations current value Implementing ILM across an enterprise is an ongoing process. Steps 1 and 2 are aimed at implementing ILM in a limited way across a few enterprise-critical applications. In Step 1, the goal is to implement a storage networking environment. Storage architectures offer varying levels of protection and performance and this act as a foundation for future policy-based information management in Steps 2 and 3. The value of tiered storage platforms can be exploited by allocating appropriate storage resources to the applications based on the value of the information processed. Step 2 takes ILM to the next level, with detailed application or data classification and linkage of the storage infrastructure to business policies. These classifications and the resultant policies can be automatically executed using tools for one or more applications, resulting in better management and optimal allocation of storage resources. Step 3 of the implementation is to automate more of the applications or data classification and policy management activities in order to scale to a wider set of enterprise applications.
RECOMMENDED SOLUTION:The illustration below details the ILM Process model for use in COA, defining the actions that can be taken on information at any one time, the options available while taking those actions and the path an individual should follow to ensure the information remains secure throughout its lifetime from creation to deletion.
Creation:-A lot of information is created as part of the everyday business process within
organizations. Upon creation, the creator must consider the content of the information they are creating and make a decision as to whether or not it requires access control. If not, then its lifecycle can continue without applying the ILM Process. If it is, the Information Classification, Impact Sensitivity Categorization and Access Control Policy Definition stages of the process must be performed.
Data Transfer:- The information transfer protocol between collaborating parties should take
account of the information protection requirements as defined by the Information Classification and Impact Categorization stages. Encryption is not mandated but if the information is highly
classified or has high impact sensitivity then confidentiality assurance must be considered. Endpoint compliance and the encryption of information in transit are example considerations.
Update:- If the information is updated, the updater must consider the content of the
information they are adding/updating and make a decision, using the Information Classification Scheme and Impact Sensitivity Categorization processes, as to whether or not the changes present additional and/or modified information protection requirements. Changes in Access Control Policy and data transfer security are examples of such protection requirements that may change due to modified information content.
Deletion:- Deletion of the information should reflect its classification and impact sensitivity
labels. If the information is labelled as having to be securely destroyed then just placing it in the system Trash is not acceptable.
controls required to maintain information assurance in a de-parameterized environment in relation to the Confidentiality, Integrity and Availability requirements of the information.
ILM BENEFITS:Implementing an ILM strategy has the following key benefits that directly address the challenges of information management: Improved utilization by using tiered storage platforms and increased visibility of all enterprise information. Simplified management by integrating process steps and interfaces with individual tools and by increasing automation. A wider range of options for backup, and recovery to balance the need for business continuity. Maintaining compliance by knowing what data needs to be protected for what length of time. Lower Total Cost of Ownership (TCO) by aligning the infrastructure and management costs with information value. As a result, resources are not wasted, and complexity is not introduced by managing low-value data at the expense of high-value data.
CONCLUSION:-
Faced with rapidly expanding mountains of data and new government regulation, IT managers are using ILM to bring order to a storage domain that has Previously been ignored because of its low strategic value. If data and information are essential to a firms strategic positioning, storage must be seen in a new light.