DISA introduces new ways to store sensitive data
Right technology mix helps ensure proper environment
Agencies are devoting a considerable amount of time and resources to distributed data centers, backups and archives for their secure data storage needs. As the organization responsible for managing the Defense Department’s networks, the Defense Information Systems Agency is following a similar pattern for its military customers, said Kerry Miller, chief of storage and software engineering at DISA’s Computing Services division.
Most of DISA’s clients want their data stored online so that it is readily available for access, Miller said. Those customers also often want their data encrypted. DISA approaches data encryption on a case-by-case basis. He noted encryption complicates the data storage process and adds overhead to the input/output processes. “But some data warrants that protection,” he said.
Government organizations need to look at the building blocks of their storage systems, said Joe Cupano, a technology consultant at EMF Federal. He said there is growing concern among Defense Department officials about where products have been developed and what is in their source code. As more services and applications move to the cloud, such as DISA’s cloud, protection must be built into the hardware and follow the data as it migrates, he said.
Another trend in secure data storage is storing data in multiple physical locations for protection, backup and operational continuity. Miller said his agency has a philosophy called “assured computing,” which seeks to ensure the customer’s ability to retain and process data regardless of what might happen to any particular facility. To deliver that kind of assurance, data must be stored at several physical locations to ensure that major disruptions, such as man-made or natural disasters, do not affect organizations' ability to access their data.
As more data moves online, DISA is focusing on information life cycle management. As data ages, fewer users will need to frequently access it, but it must be stored for possible discovery and legal purposes. Miller said that a growing area of policy use. A major challenge of the policy approach is prompting customers to identify specific policies and ensuring that they conform to regulatory and legal requirements. “Sometimes, getting [policy] definitions is the hard part," he said. "Making it happen technically is often the easy part.”
Data migration poses another challenge for archiving. Miller said the data for records such as personnel or medical information has a very long life. However, the media formats that store data become obsolete over time. He noted that during the years, he has seen storage systems come and go, and as they age, the ability to maintain them becomes difficult as spare parts and services become harder to acquire. “Being able to migrate that data over many years and being able to move it from what it’s being stored on today to whatever the latest storage mechanism in the future is are always a challenge because the quantities of data are staggering,” he said.
Another challenge is that data must be stored in a form that software can read. For example, in 50 years, will future systems be able to read documents created in Microsoft Word? The National Archive Group has been struggling with that issue by moving to create data standards and formats for archived data, Miller said.
Sharing and accessing secure data presents another conundrum. Some DOD units have complained about sharing data across entities, Cupano said. The challenge remains in authorizing specific individuals and organizations to share with one another. DISA must consider issues such as where data streams originate from and the data's sensitivity levels. He said chief information officers must answer several questions, such as: Is protection based on ownership or consumption, and how is data being proactively protected?
DISA and other federal agencies also are looking at data deduplication to ease backup processes. Miller said the technique originated in the data storage world and is becoming more prevalent in the primary data world. Data deduplication is a more efficient method for backing up file data. For example, during a computer’s weekly backup, instead of backing up all of the information, a system only copies those files used during the week. “It only backs up those things that are different from your prior backup,” he said.
Data deduplication is advancing into the primary data world because many organizations are now storing information at multiple sites for security and continuity of operations. Miller said DISA is using this process to cut down on the volume of equipment that it needs to store data with and keep customer costs down.