The Storage Rack: Dealing With Their Daemons in the Place Where Shadows Lie

DEPARTMENTS

HOME

TOP STORIES

DATA CENTER NEWS

EDITORIAL CALENDAR 08

EDITORIAL CALENDAR 09

ON THE WEB

PRINT EDITION

BZ MEDIA

AS OF 12/4/2008 3:10AM EST

The Storage Rack: Dealing With Their Daemons in the Place Where Shadows Lie
By Mike Karp

August 15, 2008 — Frodo Baggins, the hero of J.R.R. Tolkien’s “The Lord of the Rings,” had to penetrate “the land of Mordor, where the shadows lie.” This was a place of darkness, fire, smoke, local leaders who did not play nicely together and archetypal evil. Frodo went out into the land of shadows, dealt with his demons and triumphed.

While many IT managers fight the good fight, describing what goes on in the corporate data center as a “battle of good and evil” is admittedly a bit of a reach. Still, storage managers do have their own daemons to deal with (they usually run in the background), and on occasion they must venture into the land where the shadows lie.

The concept of “shadow IT” is familiar to every enterprise IT manager, and while only a hardened few would equate it to inherent evil, it’s a good bet that all involved recognize that this comes with its own particular pack of problems.

Shadow IT tends to occur at the edge in almost every case, often appearing in the form of engineering black box projects, or business unit IT efforts that are wholly outside of IT control. Originally, undertakings like these were viewed negatively; they were seen as rogue efforts that flew beneath the radar (how many colleagues have been surprised to discover shadow assets they never knew existed?), diverted funds from core IT budgets, and resulted in purchasing, data protection and other management inefficiencies.

Of late however, we have seen several attempts to “rehabilitate” shadow IT, based on the rationale that this sort of thing is a reasonable response to a lack of needed IT services. “Corporate IT won’t or can’t do the job,” the logic goes, “So we’ll just do it ourselves.” If you do this, give yourself a point for acknowledging the touchy-feely aspects of management, but subtract 500 points for the jeopardy in which you may have placed your company and yourself.

The problem with shadow IT is that, with precious few exceptions, such efforts turn out to be collections of undocumented processes, assets and data, with the result that just about every aspect is essentially untraceable. Note that the issue is not that such projects are frequently managed (when they are managed at all) by non-IT professionals, but rather that a) a shadow effort’s purpose is often to get a single job done, and b) that because they are self-funded by a department separate from and not reporting in to IT, such projects have the luxury of going forward with little regard for the more general corporate needs. More to the point, the sort of corporate oversight that enterprise IT groups have begun baking into their processes—covering legal, regulatory compliance and corporate governance issues—is non-existent. As far as storage managers are concerned, this is what makes “shadow data” the most problematical aspect of shadow IT.

Consider the following: First, widely dispersed and unmanaged storage assets don’t lend themselves to centralized storage management. Second, because non-IT personnel are performing IT functions using undocumented processes, you have no idea what, if any, guidelines have been observed. Third, regulatory/compliance/governance issues don’t disappear simply because you didn’t know such data was being stored. And fourth, just how likely is it that corporate management will see your ignorance regarding such data as anything other than a career-limiting mistake?

First, assume that such projects, “rogue” or not, are fulfilling some necessary function and aren’t going away any time soon.

Second, keep in mind that the first point is a double-edged sword—even though a shadow effort may address a business-critical issue, it must always be seen as a tactical exercise focused solely on the job at hand. As such, participants are likely to turn a blind eye to the more generalized issues that you have to confront.

Third, remember that it’s not the hardware assets that are important, it’s the data.

Fourth, if you can’t manage these outside projects, make it easier for the sponsoring groups to do so themselves. Perhaps just a slide set on how to manage and protect corporate data will do. Make sure the data is viewed as corporate intellectual property.

Fifth, check in with your company’s chief compliance or governance officer to understand just where the corporate (and your) responsibilities lie. This person may turn into a vital ally when dealing with non-IT groups.

Finally, storage managers have to remember that, when data is involved, such shadow efforts may turn out to be dragons that have very long tails indeed. And you have no magic ring to avoid them.

Mike Karp, senior analyst with Enterprise Management Associates, can be contacted at mkarp@enterprisemanagement.com.

Related Search Term(s): ITIL, professional development

Share this link: http://sysmannews.com/link/32701

EMAIL THIS ARTICLE

SEND FEEDBACK

MORE COLUMNS