Dynamic Infrastructure Cross IBM Sales
Play - Information Infrastructure
by Brad Johns, Eileen Maroney and Alan Marin
Welcome to the introduction to Selling the Information Infrastructure Education
Conference Call. My name is Brad Johns and I and the Program Director for Enterprise
Storage and Marketing for System Storage. It is my pleasure to have the opportunity to
spend some time with you today to talk about the Information Infrastructure and how to
capitalize on the opportunity in your territory.
This is going to be a short but informative session with the objective of coining you
with the information infrastructure and enabling you to capitalize on this important
topic in your territory. This is the first module on selling Information Infrastructure.
There are four others that are going to go into greater detail, one on each of the
information infrastructure components.
Let’s see what we will be discussing in this session.
Let’s turn to the next page.
We have a lot of information to share and we are going to discuss the following. First
we will take a look at how the information infrastructure relates relative to the Dynamic
Infrastructure which was announced on February 9. Then we will talk about the
information management challenges our customers are facing in today’s very difficult
business environment. We are going to highlight the IBM competitive differentiators.
We have a good story to tell and have a clear differentiation strategy versus the
competition. We are also going to cover 4 customer success stories about highlight the
application of the information infrastructure to our clients business problems. Then we
are going to turn to selling the information infrastructure including a straightforward
sales strategy that includes key questions to ask our customers and decision trees to help
the customer discussion.
We are also going to discuss sales resources. Since the Information Infrastructure was
announced in September of last year we have a wealth of information. We have really
focused our initial efforts this year on making it more easily available. We are going to
discuss additional education that we will have available for your use to go into greater
detail on each of the four pillars of the information infrastructure. Finally were going to
discuss the next steps that we recommend for helping take advantage of the information
opportunity in your territory.
Let’s turn to the next page to talk about how the information infrastructure relates to the
dynamic infrastructure.
We have a lot of information to share and we are going to discuss the following. First
we will take a look at how the information infrastructure relates relative to the Dynamic
Infrastructure which was announced on February 9. Then we will talk about the
information management challenges our customers are facing in today’s very difficult
business environment. We are going to highlight the IBM competitive differentiators.
We have a good story to tell and have a clear differentiation strategy versus the
competition. We are also going to cover 4 customer success stories about highlight the
application of the information infrastructure to our clients business problems. Then we
are going to turn to selling the information infrastructure including a straightforward
sales strategy that includes key questions to ask our customers and decision trees to help
the customer discussion.
We are also going to discuss sales resources. Since the Information Infrastructure was
announced in September of last year we have a wealth of information. We have really
focused our initial efforts this year on making it more easily available. We are going to
discuss additional education that we will have available for your use to go into greater
detail on each of the four pillars of the information infrastructure. Finally were going to
discuss the next steps that we recommend for helping take advantage of the information
opportunity in your territory.
Let’s turn to the next page to talk about how the information infrastructure relates to the
dynamic infrastructure.
Despite the challenging business environment that we are currently in, our customers
continue to see a rapid growth in the amount of data that is being created and stored.
IDC estimates that our customers are seeing a 54% compound annual growth rate in
their storage needs and this is going to continue through 2012. They need to absorb this
tremendous growth within their tight information-technology budgets.
To make this even more of an issue the type of data that our customers are being asked
to manage is changing. In fact up to 80% of data is unstructured content and that is emails, videos and image files. While this kind of information existed before it was
largely confined to departmental silos but now it must be managed and stored with the
same care as traditional structured information. Some industries are hyper examples of
this kind of growth. For example it’s estimated that modern testing procedures that
utilize 3-D digital modeling are driving medical images growth such that it will take a
30% of the world storage in 2010.
Let’s see what this means to our customers on the next page.
The rapid growth of information presents our customers with significant business
challenges. They are being required to store and manage more data to comply with
compliance and legal requirements and yet their budgets are not growing. In addition
there is a significant business value, a potentially greater revenue associated with this
information but it can only be extracted if it’s managed and controlled.
Our customers challenges fall in four main areas, information compliance, information
availability, information retention and information security. Some examples of these
challenges include compliance cost which in United States can be very high with legal
discovery costing between $150,000 and $250,000 per instance and large corporations
can have multiple events taking place at the same time.
Regarding information availability, 59% of all managers surveyed in a recent poll say
that they could not find the data that they were looking for to make a decision and made
the decision anyway. Our customers are retaining worthless information. Customers
are finding that up to 37% of the data that they are starring is expired or inactive and yet
they continue to bear the cost of storing and managing this data even though it’s not
needed.
Of course the security concerns are paramount with over 84% of security breaches
committed by internal resources. Organizations typically meet the information
challenge with a balanced approach across all of these different tiers.
Let’s turn to the next page to see how the information infrastructure can help our clients.
Our customer’s information infrastructure today are near breaking point. They can’t
handle the day-to-day demands that are now being dictated to them by the people in
charge and that is the end-user consumer. Each consumer today has an electronic
footprint of about 1 TB of data, music, medical records, social media, cell phones and
more. That’s the individual’s digital footprints. IBM is estimating that this is going to
grow to 16 TB per person by 2020.
Today’s static data is managed in silos where it just sits. Innovative companies know
that they must employ new kinds of technologies to offer dynamic services; information
that follows individuals wherever they go in a cloud environment. With the explosion
of mobile web, connected sensors everywhere from cars to pipelines, online medical
records and the growth of Web 2.0 data and social networking, and our customers
infrastructures need to retool now to be ready.
There are four main areas of concern for companies and IBM is responding to those. In
response to these problems we are outlining three critical elements for the information
infrastructure that focuses on the management consolidation and security pain points for
our clients in four areas, compliance, availability, retention and security. The
compliance burden will only continue to grow as customers provide more web-based
services to a diverse set of users including employees, customers and business partners.
The reputational risk that come with the poorest publicity of noncompliance has created
the most powerful incentive for stronger information and security compliance and larger
customers are now starting to experience pain associated with the high cost of
compliance. They know they have to deal with e-discovery and are dealing with that
but per Gartner most Fortune 100 companies have 86 cases pending at one time and are
averaging over 1 ½ million dollars per case. They are spending this over and over
again.
Regarding availability today’s infrastructure was not designed to efficiently manage the
estimated 2 billion people that will be on the web by 2011. Especially considering the
users are already uploading more than 10 hours of video to UTube every minute. Cost
effective scale up technologies are needed to enable Internet scale and speed for the
management of vast amounts of online information coupled with continuous access.
Organizations must be prepared for this new phase of cloud computing giving
consumers access to data systems remotely from any device anywhere.
Regarding retention, today’s information infrastructure suffers from inefficiencies in
both duplicate sources of the same information and excessive energy and cooling costs.
In fact analysts have said that up to 50% of data centers will run out of power and space
this year. Our customers are looking and need retention systems to eliminate duplicate
data coupled with green cost efficient archival solutions for longer-term storage.
Regarding security, our customers are looking to ensure that the information at the data
center is secure and being accessed only by those authorized. This is a top concern for
data centers large and small regardless of the economic environment. A recent data
center hacker cost one company more than $60 million in damages due to the stealing of
data and non-authorized use of credit card information.
Let’s turn to the next page.
IBM’s information infrastructure isn’t just about helping our clients enhance their core
capabilities, it’s also about bringing game changing technologies to market to help our
clients needs and exceed expectations despite the explosion of information. IBM has
clearly differentiated value versus the competition. Let’s briefly review some of the
competitive differentiators of the IBM information infrastructure.
Let’s start at the center. IBM is an industry leader in providing comprehensive proven
consulting and services. These cover all aspects of the information infrastructure. IBM
provides consulting and services to help our clients address the highest priority needs.
Turning to our storage products, IBM just rolled out an enterprise class set of
deduplication appliances based on the ProtecTier software technology acquired with the
Diligent acquisition. This offer to reduce the amount of storage required to store or
customers information by a factor of up to 25 times.
We take our enterprise disk storage system, the DS8000, it’s the first to market with full
disk encryption. We also just recently announced new solid-state drives for very high
performance applications and is support for 1 TB SATA disk drives that now allow a
single DS8000 to support up to 1 petabyte of capacity.
The information infrastructure also includes important software. Our Tivoli storage
manager data protection software was recently enhanced to include integrated data
deduplication. In addition it has greater scalability due to the exploitation of DB2
databases for meta data storage. As a result it can store twice as many objects as the
previous release.
We also introduced a new entry model for an industry-leading XIV storage systems.
These new storage systems utilize the architecture acquired with the XIV acquisition
and they can reduce power and cooling costs up to 80% versus traditional storage
architectures.
When it comes to storage virtualization IBM is the clear industry leader with the SAN
Volume Controller. We shipped over 14,000 units and it has demonstrated the ability to
save our customers up to 50% of their administrative and management costs while
increasing their disk storage utilization by up to 30%. We have also brought to the
marketplace a set of comprehensive integrated solutions to help our clients meet the
unique needs of the medical industry for managing very large amounts of information.
Now let’s see how some IBM customers have taken advantage of the IBM infrastructure
to improve their IT systems services, reduce costs and improve a lower business risk.
First is the city of Honolulu. They were saddled with some very old IT systems. In fact
their multiple vehicle system for 35 years old and the financial systems that were being
used for over 20 years old. It was very difficult to maintain these systems. Their
availability and services just weren’t up to par. In addition they had no disaster
recovery capabilities.
An IBM business partner Serious Computing work with the industry ISVs to implement
a new ERP application and implement a completely new architecture that included IBM
Power servers Z Series mainframes as well is the SAN Volume Controller, DS8000 and
IBM tape storage. As a result the city and county are able to achieve much more
reliable levels of service and simultaneously meet their internal audit requirements. The
city and County of Honolulu were recently named the country’s biggest mover by Inc.
Magazine in part because of these information technology changes.
Another customers success was Iowa Health. They had recently implemented a new tax
system for their patient record system management. It was a result in a dramatic growth
in their storage needs. This growth was across several geographically dispersed data
centers and they needed some way to scale capacity to meet their information
availability needs while providing higher performance for local patient records retrieval.
In just over three weeks HIS implemented the IBM Grid Archiving Solution or GMAS
across the Cedar Falls in Cedar Rapids data centers to gain an automated high-capacity
multi-site storage archive. The solution enables Iowa Health multiple facilities to
virtually connect across these sites and to optimize their enterprise storage capability.
The GMAS solution offered automated full system redundancy and disaster recovery
capabilities across these sites.
Another successful customer with the University of Auckland. This customer had been
adding servers and storage over years as individual requirements arrived. It had finally
expanded to a breaking point with over 350 servers each with its own dedicated disk
storage. The customer was running out of power, space and cooling and they had
trapped storage in functional Silos behind the servers. Their IT services decided to
consolidate and virtualize all layers of the university’s infrastructure including storage
and servers emanating the one to one relationship between applications and physical
servers and then enabling centralized administration of the storage area networks.
The IBM systems storage solution provided the University of Auckland a reduction in
the data center footprint through the consolidation of servers and an improvement of the
storage utilization while simultaneously reducing power and cooling costs.
Finally I last customer is Is4 IT Srvices. They are an information service provider and
they were faced with rapidly growing amounts of information that needed to be stored
to meet their clients information retention needs. They turned to IBM to help and we
were able to help them more effectively manage the dramatic growth of data they had
been experiencing with their information retention and environment.
Let’s take a look at the next page to talk about selling the IBM information
infrastructure.
The information infrastructure is truly a cross industry play. All our customers buy
storage. There requirements very certainly from industry to industry and from
application to application but when servers are installed storage is installed also.
Typically the sponsor for information infrastructure engagement would be in the
information technology arena. It could be the CIO or one of the reporting departments.
However some of the information infrastructure needs such as infrastructure retention
have brought organizational impact and the decision-makers could be line of business
executives and corporate compliance officers.
Let’s take a look at some of the indicators of a customer’s needs for improving their
information infrastructure. If a customer is concerned about one or more of these, they
are a prospect for a more detailed discussion. For example is the customer concerned
about cost effectively managing the explosion of information? Are they concerned
about delivering continuous and reliable access to the information that they have?
Perhaps they’re concerned about protecting data and enabling secured sharing of
information. Other customers may be concerned about retaining information to support
regulatory and compliance and legal discovery requirements and yet others are
concerned about reducing reputation risks and audit deficiencies.
I have listed here some key questions that you could ask your customers to help you
explore if an information infrastructure opportunity exists. I won’t review them all here
but you can see that they are designed to help you identify customer’s needs for
improving their information infrastructure. Once we have identified these needs you
can see that we have a broad portfolio of offerings to help meet the customer’s
requirements.
Let’s turn to the next page.
IBM has the broadest portfolio of information infrastructure offerings in the industry.
This is not an exhaustive list got here on this page but I have listed some of the
highlighted components. Let me discuss just a few of the services, software and storage
offerings available to help your clients need their information needs.
For example we have IBM STG information infrastructure storage optimization studies
or workshops that can help clients identify their major information infrastructure issues.
We also have GTS consulting offerings that include migration services based on the
Softek technology as well as rapid management complexity factor assessment based on
the Novus acquisition. We also have storage enterprise research planning utilization
studies and we also have support for enterprise archive services. It’s truly a rich set of
offerings across both STG and GTS to help identify the customer’s specific information
infrastructure needs. These are unique industry-leading capabilities that we can bring to
the table. They are well-suited for customers that might not have the time or the money
to evaluate their environment and develop an overall strategy.
For customers with more specific needs we have a set of storage related software
offerings from Tivoli including Tivoli Storage Manager for their data protection
requirements, Tivoli Productivity Center for the storage management and the new
Tivoli Key Lifecycle Manager, an essential component of the data at risk security
strategy. Of course as I mentioned earlier we have a comprehensive set of storage
offerings ranging from disk storage to deduplication appliances, to tape, storage to SAN
fabrics, to network filers.
To help you with these offerings we’ve developed a broad set of sales resources. I have
a couple of quick entry points here identified. The information infrastructure wiki
which I’ve pointed you to because it provides a quick and easy capability to access all
the information across all the different offerings including customer references. We
also have an information infrastructure overview sales kit and an IBM business partner
equivalent on Partner World. As I mentioned we have sales offerings that are now
being offered throughout Tucson and Mainz and recently (inaudible) briefing centers a
swell as the lab services offerings for assessments and workshops.
We have also developed sales kits for each of the information infrastructure offerings
that include selling reference guides, customer ready presentations and more.
Let’s take a look at some of these resources.
First let’s take a look at the typical selling process. What we have identified here is
how we might approach a sales opportunity. We have divided the initial selling process
into two steps. First is the Initial Opportunity Identification. The goal here is to
identify one or more of the CARS areas for continued qualification. There are a number
of potential methods available to help you assess how best to approach your customer’s
information infrastructure requirements.
At the top of the list includes an easy to use assessment tool that we will be rolling out
at the beginning of the second quarter. We also have the information infrastructure
workshop that I mentioned that are available in selected briefing centers. These now
include Tucson, Mainz and (inaudible). We can also engage our clients in information
infrastructure storage optimization or workshops or studies using STG Lab Services and
of course as I mentioned earlier we have several GTS offerings.
Once we have identified a specific pain points, in phase 2 we have additional offerings.
We are providing additional assessment tools for each of the four focused areas that we
referred to as CARS, compliance, availability, retention and security. In addition some
of these areas have additional services and consulting. There is an extensive set of
deliverables and education available to help you in your sales efforts. In fact let’s turn
the page and I will highlight some of them.
This chart touches on some of the key deliverables that are available today. There are
hot links and they are listed here. If you put your display and screen show mode they
will take you directly to each of them. We’ve organized links to buy rouse starting with
information infrastructure and then each of the four focus areas. For each row we have
links that include references, education modules, selling focus guides, conversation
roadmaps, data sheets and white papers.
The question is now that you’ve seen the resources, how best should we proceed?
Let’s turn to the next page.
We suggest the following. First take a look at the information infrastructure wiki. It
provides links to a wealth of information and education. Secondly the information
infrastructure overview sales kits has a wealth of material and also pointers to each of
the CARS themes. If your clients have particular interest in one of the focus areas or
one or more of the focus areas in the information infrastructure you might consider
going to the sales kit for that particular component and completely additional education
associated with it.
We are also rolling out a new set of assessment tools that I mentioned previously that
can help you sit with your client and quickly identify their major areas of concern.
These tools will be populated into the wiki as well as each of the sales kits over the
coming weeks. They are designed to be easy to use and will be available to both
IBMers and business partners. Of course we recommend the use of GTS and STG
services to help you identify specific customer needs and progress the sale.
I would like to thank you for your time today. It’s been a pleasure to have this
opportunity to talk about the information infrastructure and how best to capitalize on the
opportunity in 2009.
Best of luck to you in your sales efforts.
This will conclude today’s call.
Thank you.
Welcome to today’s Information Compliance Education Module. My name is Brad
Johns and I am Program Director for Enterprise Storage Marketing. Compliance
continues to represent a challenge for many organizations. In fact analysts say there are
over 20,000 compliance regulations worldwide and this number is growing. Regardless
of the specific regulatory pressures today and which ever industry clients belong to
there are two fundamental ingredients in all compliance initiatives. The first ingredient
is concern with behavior of the organization. It establishes the control and mechanisms
required for the organization to behave in a manner that is legal, ethical in accordance
with the laws. These are internal company policies and processes.
The second ingredient looks after the information itself and that is what I will focus on
in this recording.
Let’s see what we mean by information compliance.
Information compliance is a broad term and it entails technologies, processes and
services to capture, collect, manage and retain all relevant business information with
security and integrity. The first step in any compliance project is a secure environment.
Information and network security is considered a prerequisite to any compliance
initiative.
Following that step is the information compliance process. It is establishing the ability
to defend the company in case of a legal or regulatory challenge. To achieve this clients
need to collect, manage and retain and secure all relevant information that needs to be
available to support their events. In addition clients need to protect all vital information
that is a prerequisite for their business to operate.
The first step is to establish content collection and records management mechanisms
together with the necessary tools to retrieve and present that information when
challenged. Data collection and classification is fundamental to robust compliance that
need discovery support. Once the critical information collection process has been
established the next challenge is to start influencing compliance controls proactively
through an automated policy-based information management retention process. The
client needs a retention system that will enforce the policies and make sure that they are
secure, protected from external threats so that information integrity is not compromised.
The solution to this include non-erasable and non-rewritable and write-once and read
only technology. Data encryption is also key for information integrity and authenticity.
Clients need to be of the search and retrieve the critical business information when
required by legal. A robust
e-discovery tool is very important.
In summary information compliance is comprised of records management and content
collection mechanisms with policy driven records management retention, secure and
protected information both in motion and at rest that leverages capabilities of data
encryption and protective storage retention systems. It ensures information integrity
and authenticity until end of the retention period and be able to track and audit the
information and be able to discover and furnish information upon request.
Let’s go to the next page.
The enterprise content explosion and variety of information types is overwhelming
companies today. This leads to information chaos where there are multiple copies of
unsecured or untraceable information not properly index without the control and
management and stored on silos. Some information is burn digital and some
information is printed paper all of which leads to increased mitigation risk and cost.
There are also manual policies and processes which may or may not be followed, aren’t
enforced or audited. This contributes to an overall lack of control, increased business
risk and causes high operational processing costs.
Let’s take a look at the business environment.
I am sure it comes as no surprise that we live in the most litigious business environment
in history. Although the US has less than 5% of the world’s population, it nonetheless
has 80% of the worlds lawyers. Each day, on average, 82,000 lawsuits are filed in the
US, most involving businesses, and that includes businesses of every size. That’s 30
million new lawsuits each year, costing tens of billions of dollars in litigation costs for
plaintiffs, defendants and courts alike.
What often does come as a surprise is that 75% of these litigation costs are for legal
discovery process, satisfying the demands placed by plaintiffs and defendants on each
other to produce evidence in the form of information these entities retain either out of
corporate governance policy or, increasingly in response to government regulations that
dictate what must be kept, in what form and for how long.
Among the better known of these regulations are Sarbanes-Oxley pertaining to financial
reporting, HIPPA with direct impact on the healthcare industry, and the Patriot Act,
which effects nearly everyone. But those are but a few examples of the 14,000
information-retention regulations in force in the US and the 22,000 in force worldwide.
More regulations are sure to follow. Needless to say, the sheer volume of information
retained is skyrocketing and the ability of opposing parties in a lawsuit to demand
access to this growing ocean of information is reinforced by recent amendments to the
Federal Rules of Civil Procedure.
So how should companies address this risk and obtain compliance?
As I mentioned before there are multiple key aspects that are critical to achieve and
sustain business information compliance. The first crucial one is enterprise Content
Management. This slide shows the IBM strategy for enterprise content, appliance and
discovery. Our view is that today many organizations when it comes to retain or
managing information for retention or for compliance create a kind of digital landfill
situation or in other words information chaos.
This means that they have lots and lots of different types of digital and electronic
content. As you see in the picture it could be e-mail but it’s not just e-mail. It could be
office documents like Microsoft Word or PowerPoint documents that are files ystems.
It could be things that are stored on people’s desktops and it could be some of the
collaborative systems like share point. There’s all kinds of additional communication
and collaboration mechanisms like instant messages which are shown here even
extending to wiki’s, blogs, recorded voice mails or transcription and rich media sources
such as video. All of this is generally stored somewhere and it might be on someone’s
hard drive but it’s a digital landfill because it’s all else there but it can’t be easily found.
It’s not classified and is not managed.
If you click you should see an arrow leading to a box that says content collection. The
first step in getting this information under control is to be able to collect it. By this we
mean to define policies and rules and provides and needs for the appropriate content to
be moved, copied or stuffed into an electronic content management repository. This
capability is provided by the IBM Family Content Collection and Archive Offerings.
Then if you click again what you want to be able to do is to manage that content
according to predefined policies that take the information to the right place. It might go
to the trash bin at the bottom if it’s something that doesn’t have to be retained for
compliance or could go into a repository and be records managed. It could also be
stored in a repository for e-discovery or for that matter it could go into a repository to be
analyzed and later mined. So content collection really facilitates all of these scenarios.
If you click again I described how advanced classification is really an adjunct to the
content collection in that what you would like to be able to do is to classify at a fairly
granular level to content as it flows through the system. I will give you an example of
two e-mails that might both contain the word sue and check. In one case it might be an
e-mail that says Sue I want to check in with you and see how your garden is doing.
This is a social email. The second email with different verbiage says we are being sued
because the check hasn’t come through. The advanced classification is needed in this
case to differentiate between those two e-mails and then ideally treat them differently.
To treat them differently by discarding one or to treat them differently by having
different retention policies and different management schedules around them.
If you click two more times you will see the other pieces of the lifecycle which is to
apply formal records management to the appropriate content. It doesn’t have to be to all
content but formal documents are things that have to be managed from a compliance
point of view and could be put under formal records control. Records management then
securely manages retention and disposition of the information in a controlled audited
manner.
Last but not least is a set of electronic discovery tools to help easily and quickly find
content in response if a legal discovery request is needed also. As you can see from the
picture all those boxes are part of what IBM calls the electronic content management.
All of the pieces, content collection, classification, records management and electronics
discovery, those are all core capabilities of the IBM enterprise content management
application. And you need to note that IBM ECM for short sits on top of an information
infrastructure stack to achieve full support of IBM’s vision around compliance.
The IBM information infrastructure stack provides a secure and protected storage
repository and then forces the policy set forth by the content and records management
systems. The repositories keep and preserve the information with integrity and security
throughout its lifecycle. During the information lifecycle we may need to leverage
different kinds of repositories due to the different price points and of the <longitivity>of
the information. Regardless the information needs to be retained and secured until the
end of its life cycle.
The IBM compliance warehouse for legal control is the first integrated, secure, audited,
solution that combines software, hardware and services in a unified environment to
enable organizations to achieve and sustain and improve compliance with legal and
compliance mandates while reducing costs, complexity and risk.
This is not a point solution for email only. It is an all encompassing legal control
solution that also manages instant messages, word processing, documents, spreadsheet,
databases, images, web pages, even the record of operational processes the information
has been through. In other words, all electronically stored information, which is
important, because all electronically stored information or ESI for short is discoverable.
Information is certifiable, audited, secured and fully managed. This includes lifecycle
management which ensures that information past its retention date is destroyed. As
we’ve seen, having too much unnecessary information on hand can be dangerous and
can also be costly. When litigation comes into the picture, the system initiates litigation
holds, identifying and sequestering relevant information in a secure litigation vault. The
process is automatic, infinitely repeatable and non-disruptive. It is far more economical
than alternative methods, and because of its speed, accuracy and reliability, it can help
businesses win cases.
Let’s take a look at some of the benefits for information compliant. By leveraging
solutions to achieve compliant clients can avoid the high cost, business disruption, lost
judgments and damages to their reputation. If the clients allow electronically stored
information is kept organized and search ready, it drives down costs and keeps the rest
of the organization running smoothly. Even paper documents can be stand into
electronically searchable form. This is often preferred and sometimes required by
courts.
Because they are compliant customers will stay out of legal hot water and avoid
sanctions and fines and because it’s automated and fast they can get extra time for early
case assessment, time to analyze search results and evaluate their best courses of action.
So how to approach your customer in identify an information compliant opportunity.
Let’s take a look at the decision tree on the next page.
Here you can see an overview of lifecycle of information compliance opportunity. At
the top left there are some key questions that need to be asked to identify if the
customer’s compliance problems are areas or requirements. You can see we have
identified several questions here that focus on the customers industry, how dare
managing their electronic records. Do they have a program for compliance? Do their
current applications provide audit trails for e-mail documents? What sort of procedure
for producing business records in case of an audit or discovery request does the
customer have? How did they ensure the integrity and security of the business records
so they can validate that they are in compliance? Does this is disposed of expired
documents and information as soon as policies allow?
If one or more of these questions are yes and the customer may be in information
compliance opportunity. You can see we have identified several following questions to
help pinpoint specific areas to start your information compliance sales efforts. At the
top we can talk about is the lack of corporate wide compliance strategy an issue for this
customer, in which case we may want to start with an enterprise compliance workshop
and introduce IBM compliance warehouse for legal control of an endpoint solution.
Is content and record management an issue? Does the customer provide required audit
trails? We can propose an IBM content and record management solution or introduce
the IBM compliance warehouse for legal control. I won’t take you through the other
questions but you can see by following this flow it will help pinpoint the specific
opportunity areas for you to pursue with your client.
We have established focal points for solution sales for information infrastructure in a
number of the geographies and I have identified them here. You can see at the top we
have electronic content management contacts. We have storage solution sales leaders.
We have archives solutions sales leaders which often can lead into areas of compliance.
We have services contacts for archive and storage optimization. We have our Briefing
Center contacts and we have the global technology services.
I would also like to point you to a number of important information sources to get more
in-depth knowledge on IBM’s information compliant solutions. First there is ibm.com
and you’ll see we have identified some specific links here with white papers that might
be useful as well as you can see the STG wiki which provides access to information
compliance related information.
With that, that will conclude today’s call. I would like to thank you for your
participation and look forward to working with you in 2009.
Hello and thanks for listening. Today’s presentation is hopefully going to give you
direction and assistance regarding how to sell information availability.
Let’s move to page 2.
I would also like to point you to a number of important information sources to get more
in-depth knowledge on IBM’s information compliant solutions. First there is ibm.com
and you’ll see we have identified some specific links here with white papers that might
be useful as well as you can see the STG wiki which provides access to information
compliance related information.
With that, that will conclude today’s call. I would like to thank you for your
participation and look forward to working with you in 2009.
Hello and thanks for listening. Today’s presentation is hopefully going to give you
direction and assistance regarding how to sell information availability.
Let’s move to page 2.
This presentation assumes you already listened to the how to sell information
infrastructure presentation. I will not be covering information infrastructure in general
or dynamic infrastructure but will focus on the four key aspects of information
availability to target customers, their pain points and questions and tools you can use to
qualify and close opportunities.
I will also cover the focused solutions you should be proposing for each of the key
availability aspects. This will not be an in-depth product presentation so at the end I
have included links to resources that you may need to educate yourselves further on
information availability in the specific solutions we are recommending.
Please turn to page 3.
At the end of this presentation you should be able to:
• Understand the four key aspects of information availability
• Identify the opportunities for each of these aspects
• Propose the appropriate offerings for each opportunity
• Finally you should be able to find the resources available to help get you started
Let’s turn to page 4.
There are four key aspects to the information availability strategy. The first is business
continuity. With businesses becoming more complex and interconnected the risk and
cost of disruption extends well beyond IT to every aspect of business processes.
Customers need solutions that can minimize or eliminate downtime.
Next is a storage virtualization. Our customers are being asked to drive higher and
higher service levels managing a complex and growing storage environment while
holding the line on resource and infrastructure costs. Virtualization is the key
technology and can help to satisfy these requirements.
Also growing complexity can be damaging to an enterprise resulting in more system
downtime, higher cost and inferior customer service. IBM offers end to end technology
and services to help customers simplify the management of their infrastructure to help
enhance information availability.
Finally is data protection. Organizations are wrestling with the impact of uncontrolled
needs for data backup and restoration caused by accelerating data accrual rates. IBM
offers solutions that can protect customers from the risk of data loss and help reduce
complexity, manage costs and address compliance with data retention and availability
requirements.
Now turn to page 5 and we will take a look at business continuity.
The good news about information availability is that every large enterprise and
midmarket company is a prospect. Every business needs to mitigate the risk and make
sure their data is available and secure. Each of the following pages includes a list of
pain points and some qualifying questions that can help you open up a dialogue with
your customer. You also have the option of taking your customer through the business
continuity self-assessment tool on ibm.com to help them identify possible areas for
improvement. I have included a link at the bottom of the page.
Let’s move on to page 6.
Here are the pain points in qualifying questions for storage virtualization. Customers
need the ability to fully utilize storage and to be able to handle growth without requiring
additional hardware or administrative resources. There is a storage optimization selfassessment tool available on ibm.com that may help you when you are reviewing this
topic with your customer.
Let’s turn to page 7.
Infrastructure and storage management can help to improve the management and
simplify even the most complex storage environments. Along with these questions
there is a storage optimization self-assessment that is a good tool for analyzing your
customers needs in this area. You will see the link at the bottom of the page.
Let’s turn to page 8.
Now for data protection the focus is mainly on backup and restore ensuring that the
process minimizes the risk of data loss and possibly reduces redundant hardware and
management resources. There is an information security self assessment tool that can
be useful in your customer conversations in that link is at the bottom of the page.
Let’s turn to page 9.
The Availability Decision Tree assumes you work with your customer and have
identified availability as an area of concern. Using the qualifying questions or the selfassessment tools from the previous pages you should further identify this further aspect
of availability where the customer has an unaddressed pain point. If the customer has
issues in all four areas or is unsure where the weaknesses are in the storage
infrastructure you may want to start by proposing an information infrastructure storage
optimization workshop or study that will help to analyze the existing infrastructure and
will provide recommendations and supporting business plan.
We will look a bit deep at this offering on the next page.
If the customer’s main area of pain is business continuity and that is keeping data
continuously available during planned or unplanned outages in the customer is unsure
exactly where is problem lies, once again the storage optimization workshop or study
may be helpful to move the sale all along. If the client has a critical storage or backup
environment issue and needs a very rapid assessment to highlight specific areas in
which they need to improve their storage or backup environment with specific metrics
or the client needs to create a long-term storage or backup strategy but isn’t sure how to
begin, you might recommend a rapid management complexity factor study from GTS.
We will look closer at this option on the following pages.
Another option is it gives the TS7650 GAD ProtecTier that combines and virtual tape
library solution with in-line data de-duplication that enables significant savings in disk
requirements and cost. Finally the TS7700 virtualization engine that supports business
continuity for System z customers through grid connectivity and automated replication.
Depending on your customer’s skill level you may also proposed GTS implementation
services for desk and or for tape. Another option for less skilled customers is the GTS
transformation strategies service using <MTF>which helps customers develop an
effective IT storage growth and optimization plan and provides tactical short-term
activities that can lead to strategic long-range improvement.
Now for customers issues related to storage virtualization and storage management the
storage optimization workshop or study is also an appropriate offering to further define
where the issues exist. If the customer has a critical storage utilization visibility issue
you might recommend the remote SCRP utilization study. If you have a competitive
opportunity for DS8000, the data mobility solution’s partial no charge migration
offering will help you reduce the customers costs and eliminate downtime for migrating
the customer’s data.
For customers managing complex and growing storage environments while needing to
hold a line on resource and infrastructure costs, storage virtualization is the key
offering. SAN Volume Controller and DS3000, DS4000 and DS8000 disk products can
improve storage utilization by up to 30%. Storage administration and data movement
can be one of the largest causes of planned operation downtime and SVC practically
eliminates storage related downtime.
Along with SVC and disk you may recommend GTS implementation services and
storage and optimization services for storage virtualization and storage consolidation.
These assist customers in achieving better utilization of storage and sharing of data
across servers and clients while helping to lower the risks and costs.
For customer issues related to data protection once again you can propose the storage
optimization workshop or study or the rapid MCS play which focuses on backup. The
key offerings for data protection of the Tivoli storage management family of products in
the IBM tape product line. TSM protects customers from the risk of data loss and helps
reduce complexity, manage cost and address compliance with data retention and
availability. It also improves the business continuity by shortening backup and recovery
times and maximizing application availability with advanced data recovery management
technology.
IBM tape has unique attributes for helping customers protect and store their rep of the
growing amounts of information. It provides low cost storage and delivers data security
through encryption.
Please turn to page 10.
Let’s take a look at the information infrastructure storage optimization assessment
offerings from STG Lab Services. These offerings are provided at a lower cost than
most of the GTS full service offerings in a much shorter duration. They provide
customers with the following. First they provide an overview of the current state of the
customer’s IT storage infrastructure. They identify alternatives for approaches for
storage management. They recommend a strategy for improvement and they generate a
high-level business case.
The key areas of focus for these assessments can be storage virtualization and tiered
storage infrastructure, backup, restore and disaster recovery, archive retention,
compliance, information management, storage process, organization technology and
governance and finally data rationalization. Lab services are available in AG and
EMIA.
Let’s turn to page 10.
These are the three lead with sales plays from GTS. We spoke a little bit about them on
the earlier pages. The rapid management complexity factor study can be used if you
have a client opportunity where the client has a critical storage or backup environment
issue and need to very rapid assessments to highlight the specific areas in which they
need to improve their storage or backup environments with specific metrics or when the
client needs to create a long-term storage or backup strategy but isn’t sure how to begin.
The remote SERP utilization study can be used where the client has a critical storage
utilization visibility issue and is spending hours extracting storage and data usage
information from multiple tools and data sources to assess their storage environment,
management or service-level demands.
Finally the data mobility solutions partial no charge migration services or migrate 8 play
can be used if you have a competitive DS8000 oportunity. It will help you lower the
customer’s data center cost of moving to a new DS8000. I have included overviews and
links for contacts within GTS for these plays.
Please turn to page 12.
Here are the very high level competitive differentiators, the key availability solutions.
There is much more detailed information available in the individual product sales kits
and I’ve included links to each of these on the resources page.
Please turn to page 13.
This page includes a hot links to the key resources you will need for selling information
availability. For IBMers the information availability wiki is a great first stop for the
majority of relevant information. The wiki will be available to business partners in the
near future but for now I’ve included a link to the information availability section of the
dynamic infrastructure sales kit. This is a good first stop for you.
The information availability sales kit on both SSI and Partner World contains links to
the individual focused product sales kit. Additionally I have listed individual links for
presentations, educations, selling focused guides and white papers.
Let’s turn to page 14.
In April we will be providing individual web based assessment tools for information
infrastructure and for each of the CARS profile. They will be very similar to the storage
optimization self-assessment and the other self-assessment I showed you on earlier
pages. These will be useful tools for you to use with your customers to identify
opportunities.
Please turn to page 15.
Your next steps should be first to review the sales enablement information we’ve loaded
onto SSI and Partner World. It might be beneficial to review the availability seller
presentation and recording. If you don’t already have a good understanding of the focus
products from availability take a look at the product sales kits and review the quick
reference guide or the selling focused guides. When the information availability
assessment tool is available familiarize yourself with that and use it to guide your
customer discussions.
Finally consider using the studies and workshops from STG and GTS to help progress
you’re selling effort.
Please turn to page 16.
I hope this presentation has provided you with a focus and has given you good tools to
use when you’re identifying your opportunities to sell IBM Information Infrastructure.
Remember that IBM is ready to help and nobody can match IBM’s ability to help across
the spectrum of information infrastructure requirements.
Thank you for your time and good selling.
Welcome to the Addressing Information Retention Conference Call. My name is Brad
Johns and I am the Program Director for Enterprise Storage Marketing for System
Storage. It’s my pleasure to have the opportunity to spend time with you today to talk
about this important topic. It’s regarding the information infrastructure and specifically
we are going to be focusing today on information retention.
Information retention is one of the four focus areas associated with the information
infrastructure worldwide sales play. This is going to be a short but informative session.
Our objective is to point you with the information retention topic and enable you to help
your customers with this important dimension of information infrastructure.
I am also going to point you to additional education and resources to help you in your
sales efforts. Let’s see what’s driving our customers focus on information retention.
Despite the challenging business environment that we are in today our customers
continue to see a rapid growth in the amount of data that is being created and stored.
IDC estimates that our customers will experience a 54% compounded annual growth
rate in their storage needs through 2012. They need to manage this growth within their
tight IT budgets. To make this even more of a challenge the type of data that our
customers are being asked to manage is changing. In fact up to 80% of the data is
unstructured content that is e-mails, videos and images.
While this certainly existed before this kind of information was largely confined to
departmental applications but now it must be managed with the same care as the
traditional structured information that can be found in DB2 databases. There are four
drivers behind this growth. First is the growth of existing applications even something
as basic as e-mail continues to grow rapidly. For example it is estimated that in 2007
130 billion e-mails were sent on a daily basis. This is predicted to double by 2009
increasing to 276 billion e-mails per day.
The second major driver is new applications that are coming online and these tend to be
very information intensive applications like Web 2.0. For examples some of the social
networking sites. Some of the new applications contain a lot of digital content like
video that use a tremendous amount of storage. The third is what we call the multiplier
effect. Customers rarely retain a single copy of data nowadays and in fact this
information needs to be backed up. Copies are often sent off site for disaster recovery
purposes and often other copies are made for test and development. This can lead to a
multiplier effect. So for every instance of primary data it’s not unusual to see 5 to 10
copies of that same information being used for these purposes.
Finally there is also mergers and acquisitions. In today’s economy this is certainly
common with businesses acquiring other businesses and sometimes government
acquiring businesses. Mergers can drive storage growth as a participating entities
integrate their systems and determine that some data needs to be retained for past
purposes are rather for historical purposes.
Let’s turn the page to see how IBM can help our customers with this massive growth.
Last year we launched the information infrastructure strategy. This was a huge launch
for IBM system storage and our strategy is designed to help our customers provide
information efficiently, securely and reliably to their enterprise. We’ve identified some
questions that might be useful in helping you have a conversation with your clients on
this important subject.
Some of the questions that can be asked to start a conversation include first have you
evaluated the cost of storing and managing all the information in the enterprise? It’s not
really just the cost of the hardware. It includes people cost, power, cooling costs and it
looks of these costs for retention purposes over the course of years and maybe even
decades. These costs easily exceed the acquisition cost of the storage hardware. Our
goal here is to talk about all the cost of an information retention solution and look at it
over a long period of time.
The second question to consider is, is your infrastructure optimized for your retention
needs? This is a case of optimization and again not only of cost us being able to quickly
retrieve the information required. In fact it’s estimated that the average knowledge
workers spend 30% of their time just trying to retrieve information. We can help our
customers a lot if we can free up this time and allow them to put it to productive use.
Another area to look at is backup and recovery. We can ask our customers can you
backup and recover your servers fast and reliably enough? You might then think that
backup recovery has nothing to do with retention and we will talk a little bit about this
later in the session. A properly designed to archive system can reduce the amount of
information online in the production systems while reducing the amount of information
in the production systems this reduces the demand on the backup and recovery
processes.
Finally we want to determine where the customer is in terms of addressing these
requirements. We can ask are you addressing these requirements today? Maybe the
customer has already bought some hardware or software and they are looking to
implement it. Maybe they’re looking for something new or they are looking to have a
better use of their existing assets. The intent of this question is to assess where your
customer in addressing their information retention needs.
The essential point is to understand what they’ve done and where they are in terms of
understanding their business problems and then we can help them move from there.
Let’s see why our customers retain information in the first place.
Information retention is one of the more complex of the four information infrastructure
scenarios. The others are pretty self-explanatory. For example information security is
concerned about protecting the customer’s information. Information retention is often a
subject of some confusion. Let’s talk about why customers retain information to begin
with.
First they may keep information to support their daily business activities. For example
of banking enterprise might retain online images for their checks to improve customer
service capabilities. They might outsell keep information to extract business value from
it. For example data mining is a classic application where our clients retain information
to help them identify potential business development opportunities. Of course retention
management comes with a cost and one of the objectives of the overall strategy has to
be to manage the information consistent with its business value. Finally customers keep
information for cultural or historical reasons. For example governmental agencies will
often keep information regarding the historical origins of the country.
IBM has helped two specific customers with their archive needs and these are CocaCola and the Vatican. With Coca-Cola we help them digitized their 100 year history of
advertising. This is proven to be a tremendous new assets and they have used it in their
new marketing campaigns. We also work closely with the Vatican to digitize the books
and manuscripts within the Vatican Library. This has two advantages. First it
eliminates the need for physical handling of these historic manuscripts many which
would be completely irreplaceable. It also allows the information to be widely shared.
By putting this information on the Internet this could be provided to a great more many
people who would be interested in understanding the historical archives.
There are really three different focus areas within information retention. Let’s take a
look at what they are.
First is the storage infrastructure optimization. Our focus here is on providing access to
information from a most efficient, fastest manner consistent with the service level
requirements. Second is our focus on finding and managing information once it has
been stored. We are concerned about building indices to allow information to be
quickly and efficiently retrieved and then implementing business policies automatically
regarding of the treatment of information as it ages. Finally there is a unique and
special category of information that we call long-term retention. What we are thinking
about here is information that needs to be kept for decades and maybe even centuries.
Thinking through all the different considerations with keeping this information.
Let’s start with storage infrastructure optimization.
Storage optimization includes blending storage media types to reduce the overall cost
over long periods of time that includes energy and maintenance costs while meeting
service-level requirements for the information as it ages. Here we have an actual
customer example. This customer was evaluating the retention of information over a
10-year period for customer service application. Our key competitor of course with
EMC and their disk base (inaudible) offerings.
The customer was looking to store 250 TB of information and estimated that was
growing at about 25% per year. The analysis included all costs and not just the
hardware but included software, energy, maintenance as well as computer core costs.
You can see that the EMC all disk solution using low cost SATA disk was going to cost
over $6 million for this ten year period. This solution would have kept all 10 years of
data on the disk storage.
And IBM tape solution was also evaluated and this included IBM LTO generation for
tape drives and the TS3500 library. You can see that it was far less expensive costing
less than $1 million over this same period. However the tape solution had a retrieval
time would be one to two minutes and the customer was not satisfied with this response
time. So instead IBM proposed a blended tape and disk solution and in this case it was
the DR550. We have a number of other blended solutions to but the DR550 was used in
this case study.
The strategy was to keep 18 months of data on disk and then the other 9 ½ years worth
was kept on tape. This blended solution can provide the service level requirements of
disk 99% of the time and only 1% of the retrieval would actually come from the tape
library. You can see that the blended solution cost much less than the pure disk solution
but could meet this customers service level requirements. It’s also worth noting that the
blended solution with much greener than the complete disk solution and used for less
power and cooling over the evaluation period.
Let’s see why this is the case and why this is the IBM strategy.
One aspect of our storage optimization is policy-based automated movement of
information. While blended solutions have obvious financial benefits that they could
not be achieved by reliance on manual operations to migrate the data from the expensive
tier 1 storage to tape media or to lower cost storage of any kind. What is needed is an
automated process to automatically migrate the information. If you look at the upper
left hand graph you can see a typical access pattern for information. When the
information is relatively new the likelihood of retrieval is high but as the information
ages the probability of access drops and after one to two years the probability that any
specific file is going to be accessed is very low.
A storage optimization solution would automatically take advantage of this
phenomenon and migrate the information to less expensive media and you can see this
indicated on the lower left side of the chart. It moves this information automatically as
the information ages. A policy-based archiving solution also allows administrators to
define rules that identify which content should be moved to what type of storage and for
how long the content should be kept.
With these systems a customer compare precisely target content better suited to reside
an ultimate storage tiers as well as manage data replaced across storage tiers to match
service levels. As a result organizations can optimize storage usage while maintaining
end user productivity. Because the data outlives media referring to that long-term
storage that I mentioned, sometimes data needs to be migrated to a newer media and
associated technologies which can be a significant cost factor over time. Just a simple
cost of the migration. IBM offers policy-based data archiving solutions with built-in
media and associated technology which can be a significant cost factor over time. Just
the simple cost of migration. IBM offers policy data archiving solutions with built in
media and technology migration capabilities to help mitigate these migration cost
issues. Data can be moved from disk to tape and from tape generation to generation
while maintaining data as non-erasable non-rewritable in those environments that
require it until deletion is permitted by retention policy.
There are some other technologies that can help our customers optimize their storage
infrastructure. A new exciting technology of reducing retention costs is data
deduplication. Of course IBM required Diligent Technology last year and has recently
rolled out a set of offerings that provide deduplication for backup data, the TS7650
family of offerings. These systems use unique patented technology to reduce the
amount of storage needed by up to 25 times. They can do this by looking for duplicated
information and replacing the duplicates with a pointer to the original. For example an
example that we can all relate to is a PowerPoint presentation. I might create a
presentation and sent it to 20 different people. Each of them in turn may back up their
data to a server including this presentation. In this example the deduplication software
will identify the duplicates and reduce it to a single copy.
Another technology for reducing the amount of data to be stored is compression. This
is a straight forward mechanism that has been available for years with tape for reducing
the amount of media required to store data. There are a number of algorithms available
in the industry but they will typically reduces storage means by a factor of two to three
to one. With IBM’s 1 TB TS1130 tape drives this to result in a single tape cartridge
containing 2 to 3 TB of customer data at a street cost of less than $200 for that tape
cartridge. Of course the tape media also uses no energy or power when not being
accessed.
Now let’s turn to another important aspect of information retention and that is content
collection and archiving.
The is concerned with making sure that the information is available and managed
according to policy. First off we are finding that people are often confused about the
term archiving. For example it’s not unusual to find that people think of it as keeping
backup tapes for a long time and they consider that to be archiving. I’m going to point
out that this is definitely not the case and let me explain why. Archive consists of
primary data, it’s not a backup. We move data out of the production application
environment into an archive environment. Of course we only want to do this for data
that has value and not for all data which tends to be the case with backup (inaudible)
systems. Also archived data is long-term and nature and needs to be isolated from the
production systems.
The IBM definition is that archiving is an intelligent process for managing inactive or
infrequently accessed data that still has value while providing the ability to preserve,
search and retrieve the data during specified retention periods. There are often rules
surrounding how long the data must be archived. These rules can be advanced based,
for example data must be retained for the life of the patient and we don’t know how
long that will be at the time the data is created. Rules may be time based, for example
we must keep certain information regarding security transactions for seven years from
the day of the transaction. An archive system has to recognize these different
requirements.
On the other hand backups and restore applications are not made with these
requirements in mind. In fact we have an example of a large company that was recently
subjected to legal discovery and they have been using this backup application to retain
the data. It was ordered to obtain four years worth of information. This meant that they
not only had to obtain four years worth of tapes from the backup applications but they
also had to re-create the old application environment to read the data. Ultimately they
gave up and were fined millions of dollars. Frustratingly they knew that they had the
data but they could not produce it in a timely fashion.
Some benefits of archiving and treating archive data separately from production data or
from backup data really fall into these four categories. First improving productivity.
The archiving of data removes it from the production systems and this can actually
improve the performance of the customers production systems. We had one customer
example where they told us that their online systems response times improved 15%
simply by reducing the amount of information in their production systems. This current
system happen to be relational database systems but this will be true across SAP, Oracle
or other applications.
Archiving also can improve the backup and recovery process by reducing the amount of
production data that might be backed up on a nightly or weekly basis. Archiving can
also help reduce risk. First we remove the important information from the production
systems where it’s exposed to potential accidents, for example an accidental SQL
command that deletes a large number of rows or columns. We can also improve
operational efficiency by having the systems take advantage of the characteristics of the
data and move it to lower-cost storage automatically as the data ages. This eliminates
manual operations.
Finally of course we can reduce cost. Many customers think that putting everything on
disk is the way to go but as we have shown this can become very expensive and in
today’s economy customers are actively seeking ways to reduce cost.
Let’s turn to the next page.
IBM’s biggest advantage is that we have a comprehensive architected information
retention solutions stack. At the data content layer we have a set of applications that
can take data from a number of different production systems and different file types
including files, e-mails, records management, SAP, Siebel and PAC systems for the
healthcare industry. It can pass the data to the policy management layer. This is an
essential component of the architecture that’s required to help our customers manage the
millions of files that may exist within the enterprise. They cannot possibly manage all
these files manually in a cost effective way.
The policy management layer provides intelligent, automated movement of data over its
life cycle. Finally of course we have the storage management layer where IBM offers a
complete set of storage solutions that work with our policy and data content layers.
Other vendors might only have a single one of these alternatives but IBM cannot for
disk, secure managed storage in form of the DR550, network filers such as N Series
with SnapLock and of course a complete line of tape systems.
Let’s take a look at the next page and talk a little bit about long-term retention.
As I mentioned this is a special case but there are specific industries where this is a
current and pressing issue. For example government sector accounts, health care
accounts, insurance accounts, seismic industries are all industries were customers need
to retain information for long periods of time.
Here we have a pretty dramatic example of the challenges of really long-term retention.
On the left is a mine tablet that is made of clay. It’s 2000 years old almost and it’s still
readable today. Yet on the right side you can see storage media that was created maybe
10 or 20 years ago and whether we can read that information or not is really a problem.
The challenge with retaining information for a very long period of time includes both
the preservation of the digital bits and also understanding the logical format. For
example the dot doc file layout or the metadata that allows us to render the data back to
a form that is intelligible.
Over long periods of time it’s possible that the media used to store the data may lose its
physical properties to support the information. For example ones turn into zeros or
zeros turn into ones. This necessitates the ability to migrate the data different media
over time while maintaining its integrity.
On the other hand just getting the bit is not enough, we must render them back into the
original information. For example, did you know that the original Word .0 documents
can no longer be read by current versions of Microsoft Word? This is strictly a
metadata issue. As we look at the future this is the challenge. We need to be able to
both render bits back and be able to interpret those bits. IBM has research efforts in
both (inaudible) and Haifa that are working on solutions to these long-term retention
challenges.
Let’s talk about why customers should do business with IBM and why we should be
comfortable having conversations with your customers regarding information retention.
When you engage your clients and information retention discussion you should feel
very good because IBM has a comprehensive set of solutions backing you up. We have
archive consulting services that can help your customer understand their information
retention needs based on industry best practices and help them develop the policies and
plans to effectively manage their archival data. We also have services to assist with the
installation of both software and hardware needed for an information retention solution.
Of course we also have a wide variety of storage hardware solutions. We are not
confined to offering only a single technology like many of our competitors. They can
choose from a comprehensive hierarchical set of storage that can help them reduce cost
and provide the necessary service levels. We also can provide integrated solutions that
range from the applications to data management, to Policy Management and the storage
layer. This is the broadest suite of solutions available in the industry.
Many clients are not sure where to start their efforts. Let’s turn the page to see how we
can potentially assist.
We have identified a few questions to help you determine where the client could best
start. First regarding the storage infrastructure optimization we can ask a few of these
questions. Our goal is to understand how we can help our customers more efficiently
manage their information retention data. For example what is driving their information
growth and is it databases, e-mails or other files? Are they able to control their IT
budgets to handle the current anticipated information growth? IT budgets are often
strained by rapid growth of information and we want to understand to what extent the
client is experiencing this.
We also want to ask them about inactive or orphaned data that they may still have
residing on their tier 1 expensive storage systems. It’s possible that a lot of information
is inadvertently retained and of course this costs money in terms of the primary storage
and it costs money to back up and recover that unused data and it can also raise business
risks by keeping information that is not truly required within the enterprise that is still
subject to legal discovery.
Finally do you mainly migrate data to less expensive storage? Maybe the customer
understands that there is less expensive storage available thren the tier 1 production
systems and we want to see if an automated policy driven approach would be of
interest.
We have established what we are calling a decision tree to help you guide the process
with your customer. First off on the left you can see it is quickly trying to understand
has a customer identify their retention problems, areas and requirements. There are a
number of questions that you can ask to help fix whether that is the case or not.
Then based on their answers we direct you to several other questions. Is lack of the
highly scalable storage infrastructure an issue? Is improving storage capacity utilization
and lowering cost the issue? Is perhaps retaining all data not having a proper
information management system in place an issue? Is locating information an issue at
all? Can they find the information they truly need? Or finally is long-term retention a
major issue? Then for each of those we’ve identified some entry offerings that you
could potentially use ranging from information infrastructure optimization studies or
workshops to GTS enterprise archive consulting offerings, to customer briefings that
could be held in the Tucson briefing center in Mainz or (inaudible).
Finally you can see on the right some specific offerings that can work with the services
and the consulting to help meet your clients requirements.
What about next steps?
First we suggest that you listen to this one-hour training on information retention. That
will go into much more detail than this conference call. We have also created a white
paper addressing archiving and retention challenges that is available on SSI and you can
follow the links to quickly retrieve that information. We have also established a wiki to
help you quickly get to this information. Here is inactive link them by clicking on it, it
will take you directly to the wiki. Of course as you have the conversation with your
clients we encourage you to sign up for an in-depth briefing at one of our worldwide
executive briefing centers.
I would like to thank you for your time today and I’m looking forward to working with
you in 2009 in all of your information retention sales efforts.
Good luck and that will conclude today’s conference call.
Hello everyone my name is Alan Marin. I am the Worldwide Marketing Manager for
Enterprise Disk here at IBM based in Boulder Colorado. I’m here to talk briefly about
information infrastructure and how to sell information security.
We can advance to slide 2.
The topics that we will discuss today are listed on this slide here. It starts with the
current challenges that customers are facing with protecting in securing their
information infrastructure. There are a variety of different security capabilities and
technologies available however in this discussion we will focus on the two major focus
areas that we have in information infrastructure security. We will look at the pain
points clients are facing today in the IBM solutions to help address those pain points.
We will also look at how to best sell the IBM information security capabilities that we
will be describing including qualifying questions you can ask your clients and prospects
as well as sales resources we make it available to help you progress the sale towards a
close. Of course we’ve got some recommended actions and next steps.
We can move to slide three.
It’s clear that in today’s business environment security has become a top priority. We
have all seen the headlines and articles that outline and described how clients have lost
data and tape drives and disk drives and it’s been counting quite a stir across a variety of
private enterprises as well of government. When data is lost whether it’s on a tape
cartridge or disk drive many times it is sensitive information such as customer
information or intellectual property and to have that data lost or stolen puts the
organization at a complete disadvantage in terms of having that information show up in
the wrong hands.
Quite likely there is many of the people who are listening to this podcast that have been
notified by an organization they do business with that they lost some storage media than
they are at risk of losing your data. It’s happened to me twice. There is a direct costs as
well as an indirect costs associated with a variety of individuals whose data an
organization might have lost. It’s unfortunately becoming all too common to see
another article written about a certain client or organization that’s lost data and it’s
almost as if we are becoming immune because it happens so often. The key point is
losing data happens very often and companies are starting to spend money to protect
themselves against those security threats.
Slide 4:
What are the costs will we talk about losing or having stored media lost or stolen?
The (inaudible) Institute a couple of months ago released a survey and this is the fourth
year in a row they released this survey. What they do is look at companies and contact
organizations who have lost data or have had a similar security breach and they arrived
at a conclusion with these surveys and studies that each incident cost an average of $6.6
million per breach. If you look at the range and the range is all the way down to the
lower end of $613,000 to all the way up to $32 million for one single security breach.
So there are some serious money associated with losing personal and private data.
On average each of these breaches have recorded that each individual’s record in let’s
say my record with my bank for example or my university, each record that is lost cost
that organization about $202 per record. If you consider how many personal records
can fit in a 1 TB tape drive or 1 TB disk drive it’s easy to see how quickly a cost can
add up.
In addition to direct cost there is also a loss and the cost of losing customer confidence
and losing the goodwill that an organization has accrued over the years. You’ve got
customers that’s don’t trust and might go to competitors because they feel that you are
not adequately protecting their information. Of course you’ve got the remediation costs
associated with providing credit counseling, and credit support for all those individuals
who may have been affected by that data loss. Of course you’ve got intellectual
property and the brand equity associated with the organization that is at risk with some
of these losses.
It’s clearly becoming a fact that it’s not a luxury per se for clients to protect
information, it’s becoming obligatory. There are some legal requirements and laws in
not only the United States but in Europe and Asia that are mandating that clients protect
personal data or intellectual property to a lesser extent but clearly organizations are
being forced to protect sensitive information.
Moving to slide 5.
In this discussion we want to focus on two key aspects of information security. When
we talk about security there are a variety of technologies and solutions available for
protecting your infrastructure from threats from the outside, intrusion detection,
intrusion protection, hackers trying to penetrate the networks. You’ve also got security
that enables the ability to fight viruses that users might be accessing inadvertently when
they click on a particular website or download a particular document.
There are security services that can protect not only your applications in your networks
but certain documents. There is a variety of technology and solutions across the
enterprise that address security.
Here when we talk about information security we are talking of these two primary focus
areas and that’s controlling access to the information into the information systems in
your environment as well as protecting stored data or what we call data at rest. So were
not going to focus on those other tangential security areas but these are the two areas
that we want to discuss today.
When we talk about security to access an identity management the idea is that clients
need to control access to the systems, control access to the applications and devices
across the environment. They need to be able to manage who on the IT staff has access
to what systems and limits to what they can do when configuring the various elements
in their environment. For instance the database administrator should be given access to
the systems and applications she need to manage the organization in the database
environment but she should necessarily have access to the company’s storage system or
network switches. This is what we refer to as separation of duties and role-based
administration. The organization needs to set up policies that manage and enforce the
various members of the IT staff, what they can do and cannot do.
Another aspect of this is to record every configuration action taking on any particular IT
system which not only identifies how configuration changes might have disrupted an
application or other IT service but it also helps identify who actually made any changes
to the environment. This audit logging can help determine internal security threats so
when a <role> database administrator for example logs onto a system that he is not
authorized to access the organization will take steps to understand why.
Most IBM storage systems also offer the ability to automatically call home to alert
service personnel of impending security problems. This is often done over a secure
virtual private network connection and various systems within our portfolio such as the
DS8000 that off or enhance flexibility for customers to use their own virtual private
networks in addition to the one that IBM sets up to connect to that system remotely.
Storage area network security for example. We talk about LUN masking and SAN
zoning. SAN stands for storage area network and LUN stands for logical unit number.
For LUN masking for example the masking is the type of authorization process that
makes a LUN available to some host systems and unavailable to others. This helps
keep certain information shielded from certain users. For SAN zoning this is a method
of arranging Fiber Channel devices on a storage area network into logical groups which
helps separate data it into distinct zones which can help security.
In addition to controlling access to the various elements across the IT infrastructure the
organization needs to control end user access to applications and information and IBM
as the leader access manager in identity management. Managing which end users get
access to what applications and information has proven to be a very difficult task since
organizations are constantly adding and moving employees and existing employees
routinely change positions. Each of these personnel changes require the organization to
change the authorization policy for the employees.
For instance let’s say an employee moves from a financial role to a business
development or partner enablement role. In his financial role he had access to the
company’s day-to-day financial records, ordering systems, sales commissions etc. Now
that he is in the business development role he no longer needs access to financial
systems and in fact access to sensitive information can be quite dangerous if used in the
employee’s new role as a business development executive. He could for example
disclose financial information about future business projects with a potential partner that
might want to know what information about the organizations future business is
forecasting. This is an example of why strong identity and access management are very
important to managing an organization’s infrastructure and security policies.
Of course a sound security strategy demands we have adequate capabilities to audit our
security policies and procedures so we can comply with our own internal as well as
industry or governmental compliance regulations. It’s not enough to have security in
place, we have to be able to prove our security policies and procedures are doing what
they are intended to do to satisfy regulatory or internal compliance policies.
Slide seven.
What does IBM have in terms of controlling access to information?
Well I have already mentioned the two key categories and one of them centers around
the ability to protect ne’er-do-wells from getting access to information and getting
access to information from the data storage systems such as the disk platforms in the
tape storage platforms and of course the servers that we make available. All IBM
storage platforms offer comprehensive system-level access control to help protect the
information and people who want to use that information for noncompliance policies,
we are able to stop them through this access controls at the system level.
So what about the other aspect of information security?
This is security stored data or what we call data at rest. Here is where we bring to
market our innovative self encrypting storage. We’ve got self encrypting tape solutions
which we introduced almost 3 years ago and new self encrypting disk solutions that we
introduced in March of this year. It’s clear that data that is passing over networks in
motion is often secured through virtual private networks but what is left seen as critical
is storing data at rest.
We talked a little bit about it a few slide to go and showed when he saw all the
headlines of systems losing or organizations misplacing tape cartridges and misplacing
disk drives or even entire storage systems being stolen. It’s clear and it’s becoming
even more clear the extent associated with loosing data. This is the data at rest that
sitting in your data center environment.
Why is this needed?
What we clearly discussed that data is getting stolen and stored media is getting lost and
if you look at it it’s plainly obvious that tapes get archived both on-site and off-site.
What is less visible is that disk drives fit any enterprise disk systems are mobile. Disk
drives are leaving the enterprise every day for either a failure or <software> that’s being
recognized or the disk drive is under warranty so the organization has to remove the
drive and send it to the manufacturer to be replaced but nonetheless the data on that disk
drives often is not protected. It’s not only the individual disk drives that are being
removed but you’ve got entire disk systems that are coming off leads or need to be
refurbished in another part of the organization. How do you ensure the data on that
entire system is secure?
It’s clear that lost data breaches are not just embarrassing a tremendously costly. We
looked at that we saw the average cost of a data breach approaching $6.7 million.
What are the benefits that we are offering by encrypting data at rest?
Clearly the key benefits protecting sensitive data when the storage media is physically
removed from the secure data center. Another aspect of some of the benefits this
provides is that we are encrypting everything with zero performance. When you’re
thinking about encryption just the idea of doing data encryption assumes a very
computational, intense operation. It’s very mathematical and you got to do a lot of
calculations and processes on the data in order to encrypt it.
You got to do the reverse of all that once you decrypt the data. So with a self encryption
solution you see a tremendous performance degradation. With the self encrypting
storage that IBM is now offering we see zero performance loss which greatly helps
because you don’t have to buy additional bigger server two host or applications. You
don’t have to introduce expensive hardware accelerators to compensate for that
performance degradation. That is the clear benefits that we want to promote and that
the customers are very excited about.
The self decrypting solution also shows no disruption to the existing environment and
this is in part mainly to the fact that the key manager that every encryption solution
assumes. The key manager is a software base offering that can be run on a variety of
servers including System z servers as well as a variety of UNIX platforms and even
Windows and Linux environments. So the fact that you can run it on an existing server
in your environment and take advantage of the existing backup data recovery and
disaster recovery and high-availability environments of that server clearly means that
it’s going to be less disruptive to your existing environment. In fact it’s almost
transparent to the existing environment because in most cases you have an existing
backup environment or disaster recovery environment that the key manager or softwarebased key manager can be run on.
Another benefit of course is rather than worrying about the risk associated with losing
an individual tape cartridge or disk drive, simply by changing the encrypting capability
associated with your encrypting storage, you can potentially virtually erase all the data
on that storage system. This is very helpful when you are retiring an entire storage
system whether it’s a tape system or disk system that you don’t have to crush each
individual drive and you don’t have to be (inaudible) and destroy the drives because you
are worrying about the data falling in the wrong hands. You can simply as you get a
command change the encryption key associated with that decrypting drive and it
virtually erases all the data on that drive. So you can reuse that drive and you don’t
have to worry about harmful chemicals and materials getting thrown into our landfills.
So it not only helps protect information but it also can help the environment as well.
I mentioned earlier that an encryption solution assumes a key manager. The unified key
manager that we offer is called Tivoli Key Lifecycle Manager. We have it available to
manage both our encrypted tape solutions which have been available for almost 3 years
now and the new disk solution. The unified key manager helps to simplify the
deployment of storage encryption in your environment. Of course we’ve got integration
with the zO/S security features that truly provide enterprise class security which helps
manage the security environment not only in the storage environment across the
enterprise.
So why wouldn’t you encrypt data at rest? We are on slide 10 here I believe.
Well we’ve noticed that four main concerns arriving from the client. Of course the first
one is performance. Knowing how to mathematically computational encryption really
is, customers are concerned that introducing encryption is going to slow down their
applications. Well our response is our integrated self decrypting storage solution that
has less than 1% impact on performance. We can undermine that an address the
concern right there.
What about the potential to lose data?
It’s true that if you lose the encryption key associated with the encrypted data you’ve
lost your data forever. That is a concern. We can show our clients that are key manager
is proven with thousands of customers worldwide in some of the biggest banks across
the world.
What a complexity?
Some solutions add extra encryption appliances and that all the data must pass through
what they require data classifications or constant configuration or application changes.
That’s not true with our solution. As I mentioned our solution is virtually transparent to
an existing application environment which simplifies the deployment.
Total cost of ownership is if you’ve got double the size of your current application
server to compensate for encryption or you’ve got to introduce a new encryption
appliances or hardware accelerators, all that additional hardware costs a lot of money.
We feel and we have been able to show our clients that our encryption solution add to
small incremental costs which is very easy to manage.
As far as helping you sell information security we have created this decision tree to help
you get the conversation started with your clients. First you can see that you ask
whether the customer has analyzed their enterprise security posture and identified any
security vulnerabilities. If they haven’t then you can recommend a couple of tools that
we make available in GTS and across lab-based services to help the client identify some
vulnerabilities they might have across their environment.
If they do understand their security posture and they know their security vulnerabilities,
ask yourself these three questions in the center of this chart. Is controlling access to
applications and information an issue? If so you want to forward your lead to the Tivoli
Security Management Team. However if there is an issue with securing data on storage
media when they are physically removed from the system we’ve got a couple of white
papers and some information that can help address the vulnerability with your client but
you’ve got to learn a little bit about them yourself. We have provided some information
to help you learn as well as educate your client on how IBM can help address that
particular security vulnerability.
Lastly is there an issue with security or cost effectively sanitizing or virtually erasing
the data from their storage systems when they are retired? If so you need to explain to
the client how our self encrypt in solution allows the client to simply change the
encryption key associated with the encrypted data and be able to completely and
securely wipe those information systems that are being retired and wipe them clean in a
cost effective and simple manner. They don’t have to crush the drive and they don’t
have to throw the drive in the landfill. They can white and clean and ensure that the
data is not being compromised.
At the top of this slide to see the qualifying questions that we have included to help you
get that dialogue started with your clients.
We also make available the IBM Information Infrastructure Sales Kit it which has a
variety of documents. We’ve got the quick reference guides which have an overview
and some core information that can help you understand and help your clients
understand what IBM can do for them in terms of securing their information
infrastructure. We’ve got some flash demos and we’ve got some analyst white papers
as well as some brochures to help arm you when you talk with your client about how we
can help them address their information security challenges.
We are working on some Information Infrastructure Assessment Tools for the four main
information infrastructure areas and you can see that circled in red, Information
Security. This helps the business partner understand how to approach the client that
might or might not have a security vulnerability. We give you the types of questions
you can answer and we can suggest certain deliverables and documents that you can
forward to your clients to help them educate on how it is that we can satisfy some of
their security vulnerabilities.
Next steps. I mentioned earlier that you to educate yourself on the IBM Information
Infrastructure. We make a variety of sales kits available on SSI and Partner World to
help educate you as well as your client. It’s important to keep in mind that the tools
focal points that we discussed today are access control and storage encryption. Keep in
mind that those are only two aspects of a wider and broader enterprise security strategy.
To some extent you need to understand a little bit about the other types of security
solutions available but when your client is talking about information security, access
controlled information and storage encryption are the two that you need to worry about
or be most concerned with.
Of course you need to begin conversation with your clients and understand what it is
they are concerned about when it comes to security. Are they looking for access control
or securing storage data and what about the recommended self-assessment tools and
workshops that you can encourage them to take to understand more about how an
effective security policies can help their business. Of course we make available the
Tivoli Security Team and they’ve had specialists over there that can help support your
sales goals. You can’t expect sellers and business partners to understand all the
nuances, all the encryption algorithms and encryption standards that are available today.
There’s a lot of detailed information and so when you get to that stage of the storage
sale then you need to contact the Tivoli Security Specialists and pull them in. They are
getting compensated for the sale of Tivoli Key Lifecycle Managers so they’ve got the
encouragement to help you close the deal. Gordon Arnold over at Tivoli can help put
you in contact with the right people.
That brings us to the end of the presentation. I appreciate you giving us the time to take
you through the IBM information infrastructure security capabilities that we make
available. Again there is a lot of information that we make available for end users as
well as for sellers to enable themselves to help sell our Information Security Portfolio.
Again my name is Alan Morin. If you have any questions you can feel free to send me
an e-mail. I think I left my e-mail address on the front cover page. We look forward to
working with you. Be sure that your client understands that IBM is in fact a security
vendor. We build security in everything we do. That is important to relate that to your
clients.
Thank you very much.