Another Data Center Headache: Log Data Exploding

The newest storage headache for data centers? A worsening torrent of real-time log data. Bad news: For compliance reasons, you'll soon have to not only store more log data, but also make it more searchable. Good news: You can use this data to improve security.

Robert Lemos (CIO (US))
30 April, 2009 09:11
Comments

Following the March, 2004, bombings in Madrid, Spain, law enforcement searching for leads on those responsible for the attacks focused on the cell phones used by the terrorists and requested that European telecommunications providers turn over their call data. The only problem: It took the companies weeks to find the relevant data.

In an attempt to eliminate such problems in the future, the European Union created data-retention guidelines that require service providers to hold up to two years worth of call records and Internet records. The amount of data that the companies have to store skyrocketed-becoming a major data center issue, says Matthew Aslet, enterprise software analyst for The 451 Group.

"One of the issues is the volume of data," Aslet says. "One European telco we have spoken to cited three years of data equating to 36TB of storage."

The storage problem reaches far beyond Europe. While most companies use data centers to store their primary business information-such as backups of important files and customer data-real-time log data and unstructured transactional data are quickly becoming major issues as well, according to Aslet and other experts.

Most industries will face a significant data problem in the future, as compliance requirements force them to not only retain more data, but also make such data easily searchable.

Banks have to keep data from cash machines, utilities have to keep data on various events happening on their control and monitoring networks, and public companies need to document who accessed certain sensitive financial data to be compliant with Sarbanes-Oxley.

Much of the data is stored as event logs from a host of different devices on a network.

In the past, event data was not stored in a way to make retrieval easy. Every device on a network-whether a bank's ATM network, a corporate local network or a utility's control network-generates event data and storing that data has always been a problem. The issues will only become more significant in the future, says the 451 Group's Aslet.

"Clearly some of the major drivers are SOX and PCI (requirements), for which security log management is a partial answer to the problem, but issues such as the EU data retention guidelines for electronic communications are potentially broader and larger problems in terms of the amount of data to be collected and analyzed," he says.

Hewlett-Packard, one of many companies that sells systems to handle so-called event data warehousing issues, sees customers dealing with anywhere from 10 GB of data per day to 1 TB of data daily.

"There is a torrent of information coming out of these devices," says Gary Lefkowitz, a director in HP's Secure Advantage group.

Yet, once collected, the data becomes and opportunity for the company, he says. "A lot of customers look at this as a compliance tax, but once you get your system running, it is not like you are just checking off the compliance box-there are a whole host of things you can do."

Companies that store such event data in a easily accessible way, for example, find that they can analyze the data for anomalous events that could indicate an attacker in their system, says Jim Pflaging, CEO of data-warehousing software provider SenSage.

"We think there is a class of customers that will really see this as a positive thing for the security of their company," he says. "To nail insiders, you really have to collect more data. Insiders don't have failed logins-you have to be able to analyze how they accessed the data."

In the past, companies that collected log data in a single location would typically use a flat file, which made the data difficult to comb through for significant events, says Pflaging. Using more efficient database software to store and retrieve the data, companies also gain a lot more insight into what is happening amongst the devices on their network, he says.

"For most companies, this security log data will be the largest single data store," Pflaging says.

Follow everything from CIO.com on Twitter @CIOonline

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email CIO
Follow CIO on twitter

More about: Hewlett-Packard, HP

References show all

CIO.com (CIOonline) on Twitter

Comments

Post new comment

Share
Share this article
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Coverage

Related Whitepapers

Latest Stories

Community Comments

"As are ours."

Monash Uni reduces IT teams after consolidation project
"QR code is a great invention people made. I'm making mobile apps ..."

FTC warns makers of background checking apps
"Based in Europe and Asia, this is exactly our job: explain to ..."

Time to get Agile
"It hasn't cost the government, its cost the people -'The bungle has ..."

QLD govt demands answers after pay glitch
"Our thoughts are with the Monash staff."

Monash Uni reduces IT teams after consolidation project

Tags: Data Center, data centre

Latest Blog Posts

Whitepapers

Prepare Your Enterprise for the Mobile Revolution: Boost the Bottom Line with Mobile UC
This white paper will highlight the changes in the mobile workplace; outline the benefits of unified communications (UC) and Fixed-Mobile Convergence (FMC) for mobile workers; identify the key market trends and business challenges IT managers must pay attention to now and into the future; and offer best practices for choosing a solution that will deliver clear ROI.

Learn more »
Three government scenarios for cloud printing
Does your organization rely on a mobile workforce? If so, cloud printing can make printing easier and mobile workers more productive. And getting started is easier than you think.

Learn more »
Sun Blade 6000 Modular System: Power and Cooling Efficiency
Most IT organizations are struggling with the need to deploy ever more applications in the fixed space, power, and cooling envelope of their data centers, the ability to save even a hundred watts per system quickly turns into more breathing room for future applications and the servers to run them. Read on.

Learn more »

All whitepapers

Most Read
Most Commented

Get exclusive access to Invitation only events CIO, reports & analysis.

Latest Jobs

Zones

Featured Whitepapers

8 Critical Requirements for Secure Mobile File Sharing

With more and more employees downloading free, consumer-grade apps to access work files from mobile devices, your enterprise may be at risk for a security breach. Learn the requirements to ...

Another Data Center Headache: Log Data Exploding

Comments

Post new comment

The hierarchy of wisdom

ERP reload

Tourism sector bites the bullet

iPad 3 rumour rollup for the week of February 7

Don’t wait for Windows 8

How to create a clear project plan

Preview: Prada Phone by LG 3.0

5 open source help desk apps to watch

Monash Uni reduces IT teams after consolidation project

Time to get Agile

iPad initiative for pupils in WA

QLD govt demands answers after pay glitch

FTC warns makers of background checking apps

HP Business Efficiency - Money Payback Guarantee Resource Centre

The Australian Cloud

8 Critical Requirements for Secure Mobile File Sharing

Top Ten Considerations when Deploying IT Operations Management in the Cloud

Unified Storage Strategy guide

2011 Pathways Advanced ICT Leadership Development Program

Enabling Agile and Intelligent Businesses