Most organizations eventually retire (shut down) aging business applications for several reasons including cost reduction, application consolidation, risk reduction, and because of new regulatory and eDiscovery requirements. However, one question that is not usually addressed early on is; what should be done with the associated application data?
Retiring a major business application without addressing its associated data can leave you with huge amounts of orphaned data that can become an expensive problem later on. The main question for companies who are retiring applications is what to do with the decommissioned application data. Some have made the argument that if the application has reached the point of being retired, then the associated data is probably no longer needed either. This assumption ignores the obvious regulatory and eDiscovery requirements that most businesses face, not to mention the possible business value the data may hold.
As companies begin the application retirement process, several questions should be addressed ahead of time:
- What data actually needs to be preserved and why?
- For what period of time should the data be retained?
- What is the expected access frequency?
- How should the data be stored to make it easier to search later?
- Who will need access to it?
- And where should it be stored?
Identifying Data for Preservation
Business applications that have been in use for long periods of time usually also have large data stores associated with them. Much of this data can be beyond corporate retention policies and in fact should be considered for deletion… if there are no legal or regulatory reasons to keep it. However, there can be data that is still within regulatory retention policies or is potentially relevant to an eDiscovery order so must be identified and retained. This data can usually be found by filtering on creation date, author, or keyword.
Once the application data that needs to be retained is identified, it should be handled/retained in the same way as other regulatory or legal data is handled. In the case of potentially relevant data in litigation, that includes moving it to a secure repository in a way that does not alter its format or metadata in any way.
Expected Data Access Frequency
The answer to this question will help determine the answer to question #6; where should the retired application data be stored? If the expectation for the data is frequent search and access, then the data should be kept in a repository that can be searched quickly. However, If the retired application data has an expected low frequency of access, then a low cost “cool” or archival repository should be considered. In reality, most retired application data will be in the low-touch category and will simply be retained for a period of time before disposition.
The ability to search for and find specific data years later without the original application calls for proactive consideration and planning. Simply dropping huge amounts of data into a “dumb” storage repository is a costly mistake and will drive up the cost and time required to find specific data later. A repository that provides powerful custom indexing and search capability will save you time and money later when responding to eDiscovery or a regulatory information request.
Security and Access
Depending on the types of data archived, security and access control, both external and internal, will also need to be available. Data, no matter how old, can still include sensitive information like PII and corporate IP. In certain cases, encryption may be needed. Security should be a major consideration when choosing a storage repository.
The Storage Repository
The topics discussed above layout a roadmap for the type of repository that should be used for retired application data. The repository should be capable of custom indexing to help control costs while also providing next generation search capability to ensure content can be found when needed such as in eDiscovery. The repository should include retention/disposition functionality to manage the data based on corporate, regulatory, and legal requirements. The repository should include modern proven security and access controls including encryption. And finally, because application retirement can include huge amounts of data, the best repository should be low cost, such as a managed cloud repository. It doesn’t make financial sense to store low-touch data in enterprise storage at $0.25 to $0.50 per GB per month when cloud managed storage can cost as little as $0.02 per GB per month/
The Archive2Azure Managed Cloud Archive
Archive360’s Archive2Azure is a managed compliance and grey data storage solution based on the Microsoft Azure platform. It is the industry’s first solution allowing for complete elimination of legacy email archives and other low touch or grey data including inactive employee work files and PSTs, file system content, system generated data, and data sets generated form eDiscovery. Archive2Azure delivers long-term, secure retention and management of low touch unstructured data, including journal email for regulatory compliance.
Retire your aging and costly business applications the right way… archive the data.