CTO Roundtable

S TOR AGE

KLEIMAN In my case, I still have a copy. I didn’t mean to imply that the archive is in one location and that there’s only one copy of that data in the archive. It’s a distributed archive, which has better replication properties because you want that higher long-term reliability. From the user’s point, it’s a cloud that you can pull documents out of.

RIEDEL The general trend for the past several years is for more distribution, not less. People use a lot of high-capacity portable devices of all sorts, such as BlackBerrys, portable USB devices, and laptops. For a system administrator, the ability to capture data is much more threatening today. Five or 10 years ago all you had to worry about were tightly controlled desktops. Today things are a great deal more complicated.

I was at a meeting where someone predicted that within two or three years, corporations were going to allow you to buy your own equipment. You’d buy your own laptop, bring it to work, and they’d add a little bit of software to it. But even in the age in which corporate IT departments control your laptop and desktop, certainly the train has left the station on BlackBerrys, USBs, and iPods. So for a significant segment of what the administrator is responsible for, pulling data back into a central store is not going to work. CREEGER That flies in the face of Steve’s original argument. KLEIMAN I don’t think so. I do think that a lot of distributed data will be on the laptops. There will be some control of that data, perhaps with DRM (digital rights management) mechanisms. Remember, in an enterprise the family jewels are really two things: the bits on the disks and the brain cells in the people. Both are incredibly important, and for the stuff that the enterprise owns— that it pays its employees to produce—it’s going to want to make sure those bits exist in a secure place and not just on somebody’s laptop. There may be a copy encrypted on somebody’s laptop and the enterprise may have the key, but in order for the company to assert intellectual

property rights on those bits, you are going to have to centrally manage and secure them in some way, shape, or form.

BREWER I agree that’s what corporations want, but the practice may be quite different.

KLEIMAN That’s the part I disagree with because part of the employee contract is that when employees generate bits that are important to the company, the company has to have copies of them.

GANGER Let’s be careful. There are two interrelated things going on here: does the company have a copy of the information, and can a company control who else gets a copy? What Erik just brought up is an example of the latter. What Steve has been talking about is more of the former. KLEIMAN Margo has been saying that a company may not have a copy. I fundamentally disagree with that. That’s what it pays its employees to generate. The question is, can the company control the copy? My working assumption is that this is beyond the scope of any storage system. DRM systems are going to have to come into play, and then it’s key management on top of that. SELTZER I’m not sure I buy this. Yes, companies care that employees do their jobs, but very few companies tell their employees how to do their jobs. If my job is to produce some information and data, I may be traveling for a week and it may take some time for that to happen. In the meantime, I may be producing valuable corporate data on my laptop that is not yet on any corporate server. Whether it gets there or not is a process issue, and process issues don’t always get resolved in the way we intend. CREEGER You’re both right. Margo wants to create value for her company in whatever way she is comfortable— on a laptop while she’s traveling, at home—whichever way works that produces the highest value for her employment contract. If the company values Margo’s work, it will be willing to live, within reason, with Margo’s work style.

38 November/December 2008 ACM QUEUE

rants: feedback@acmqueue.com