On the other hand, from Steve’s perspective, sooner
or later, Margo will have to take what is a free-form edge
document and check it into a central protected repository and live with controls. She can then go on to the
next production phase, which might be a rev 2 derivative
of that original work, or perhaps something completely
different.
RIEDEL You certainly have to be careful. You’re moving
against the trend here, which is toward decentralization.
Corporations are encouraging people to work on the
beach and at home.
KLEIMAN Nothing I’ve said is in conflict with that. Essentially, the distilled intellectual property has to come back
to the corporation at some point.
SELTZER Sometimes it’s the process that’s absolutely critical. Did I steal the code or write it myself? That information is encapsulated only on my laptop. Regardless of
whether I check it into Steve’s repository, when Mary’s
company sues me because I stole her software, what you
really care about is the creation process that did or did
not happen on my laptop.
BREWER I don’t think that’s the day-to-day problem
of a storage administrator. What we’re talking about is
whether the first goal is to know which of the copies you
don’t want to lose, which is a different problem than copies leaking out to others.
KLEIMAN I do think that the legal system still counts.
Technology can’t make that obsolete. You still have a
legal obligation to a company. You still have an obligation not to break the law. No matter what technology
we come up with, someone will probably find a way of
circumventing it, and that will require the legal system to
fill in the gaps. That’s absolutely true with all the stuff on
laptops that we don’t know how to control right now.
SELTZER I also think it’s more than just copies that we
need to be concerned with; it’s also derivative works, to use
the copyright term. It’s “Oh, look: File A was an input to
File B, which was an input to File C, and now I have File
D, and that might actually be tainted because I can see
the full path of how it got there.”
CREEGER Maybe what we’re seeing here is that we need
to intuit more semantics about the bits we are storing. A
file is not just a bunch of bits; it has a history and fits in
a context, and to solve these kinds of problems, companies are going to have to put processes and procedures
in place to define the context of the storage objects they
want to retain.
more queue: www.acmqueue.com
BAKER You can clamp down to some extent, but it’s the
hidden-channel problem, even through processes that are
not malicious. Say I’m on the beach and the only thing
I’ve got is a non-company PDA and I have some ideas or
I talk to somebody and I record something. It can be very
hard to bring all these different sources into a comprehensive storage management policy. Storage has gotten so
cheap; it’s in everything around us. It’s very easy to store
bits in lots of places that may be hard to incorporate as
part of an integrated system.
KLEIMAN There’s not just one answer to these problems.
Look at what happens in the virus-scanning world. It’s
very much a belt-and-suspenders approach. They do it on
laptops, on storage systems, in networks, and on gateways. It’s a hard problem, no doubt about it.
There are a variety of technologies for outsourcing
markets, such as China and India, where people who are
working on a particular piece of source code for a particular company are restricted from copying that source code
in any way, shape, or form. The software disables that.
Similar things are possible for the information proliferation issues we have been talking about. All these types
of solutions have pros and cons and depend on what
cost you are willing to pay. This is not just a technological issue or a storage issue; it’s a policy issue that also
includes management and legal issues.
BREWER In some ways it’s a triumph of the storage
industry that we have moved from the main concern
being how to store stuff to trying to manage the semantics of what we’re storing.
CREEGER Again, what should a storage manager be doing
in the next 18 to 24 months?
KLEIMAN Today people are saving a lot of time, money,
and energy doing server virtualization and storage virtualization. Those two combined are very powerful, and I
think that’s the next two, three, or four years right there.
GANGER And the products are available now. Multiple
people over the course of time have talked about snapshots. If you’re running a decent-size IT operation, you
should make sure that your servers have the capability of
doing snapshots.
BREWER On the security side, encryption. Sometimes
there are limited areas where you can do the right kind
of key management and hierarchies, but encryption is an
established way in the storage realm to begin to protect
the data in a comprehensive way.
SELTZER Backup, archival, and disaster recovery are all
vital functions, but they’re different functions and you
ACM QUEUE November/December 2008 39
