[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Company Data Storage Policy & Process

Posted on 2014-03-03
2
Medium Priority
?
594 Views
Last Modified: 2014-03-07
We are a K-12 school district and have a small data center where we store all user data. Currently we have 40,000 student and 5,000 staff saving data centrally and we are looking control this a bit more than we currently are.

Does anyone have an example of a data storage (or something similar) policy detailing how what should be stored here, who should access it, how long we will store it, what happens after a particular timeframe and so on?

We are just getting started on our data storage policy and any examples would be most appreciated.

Thank you,
0
Comment
Question by:salkeiz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 65

Accepted Solution

by:
btan earned 1520 total points
ID: 39903026
First is to ask what is the objective for this storage policy e.g. to manage and control the data within the organisation or institution such that there is assurance in domain of data consistency, security and resiliency. This also aims to facilitate the business running and ensure compliance with the state governance and policy stipulated for institutation or organisation. This is a broad scope but it is mainly to charter the areas to derive and establish the clauses to direct the implementation with appropriate baseline requirement.

Second is then to understand the above by dictating the data lifecycle and making sure the policy under the scope cover sufficiently the phase in the whole lifecycle. You can check out this article as starter @ http://www.computerweekly.com/feature/Creating-a-data-storage-policy

A good starting point for a data storage policy is how the data should be stored, ie on-line, near-line, or off-line, as effective archiving can dramatically reduce the size of daily back-ups. In general terms, data that needs to be edited or updated should be stored on-line, that is on devices that are part of the normal storage infrastructure, either directly attached storage, Storage Area Network (SAN), or Network Attached Storage (NAS).

As a guide to developing a data storage policy Butler Group has established five steps. These are:

-Establish a data storage budget
-Assess data availability requirements
-Measure security levels
-Assess legal and governmental requirements
-Implement data policy corporate-wide


Thirdly, it is not simple "storage" policy only as the whole data lifecycle in the data center need to be ascertain and commensurate based on the data classification and access control required. Below is a sample from "The University of Kansas" stating for their Data center and they listed out couple of related supporting policy to drive the whole governance for the data managed from a guardian and consumer perspective. It may be good to check it out as without even those supporting policy it is hard to come up with "data storage" policy..key policy to focus on include

-Data Classification and Handling Policy
-Data Classification and Handling Procedures Guide
-Information Access Control Policy

http://www.policy.ku.edu/IT/data-center-server-room
 
I also like to point out their "Safeguard Information in Storage" which handling varies based on classification and sensitivity

https://policy.drupal.ku.edu/IT/data-classification-handling-procedures#7
0
 
LVL 65

Expert Comment

by:btan
ID: 39903051
This is another on PDF- Guidelines on Security and Privacy in Public Cloud Computing which I see maybe useful considerations reviewing the policy needed.

I know it is "out" of the context but the content in the guidelines are applicable and generally acceptable since it is general protection of data for any hosting environment even for DC. You can catch below

"4.10 Summary of Recommendations" - summarizes those issues and related recommendations for organizations to follow when planning, reviewing, negotiating, or initiating a public cloud service outsourcing arrangement.

Include Governance, Compliance, Trust, Architecture, Identity and Access Management, Software Isolation, Data Protection, Availability, Incident Response. And specifically I summarise it as stated in their guidelines to look at

¿ Ownership rights over data
¿ Locus of organizational data within the cloud environment
¿ Security and privacy performance visibility
¿ Service availability and contingency options
¿ Data backup and recovery
¿ Incident response coordination and information sharing
¿ Disaster recovery.

it is good to engage other peer school to see if the Ministry or parent agencies can shed more assistance as coming up with policy is not an overnight and silo efforts. It need to align to the overall organisation and parent mission and goals.
0

Featured Post

Enroll in October's Free Course of the Month

Do you work with and analyze data? Enroll in October's Course of the Month for 7+ hours of SQL training, allowing you to quickly and efficiently store or retrieve data. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question