Training and education key to IT compliance, says Hillingdon's Bearpark

Roger Bearpark at the London Borough of Hillingdon talks about ways to cut down on data sprawl, and how training and education can help your firm meet its compliance goals. regularly interviews data storage managers as part of its Storage Pro-File series. This week, bureau chief Antony Adshead speaks with Roger Bearpark, assistant head of ICT for the London Borough of Hillingdon. Bearpark talks about how to get IT staff interested in storage, ways to cut data sprawl and keep on top of compliance, and dealing with 'Sunday Supplement Syndrome' among senior managers.

If you think you or someone you know would be a good candidate for our Storage Pro-File, please submit their contact information to [email protected]

Only by talking to users and finding where the line is between what you're doing and what the law requires will you know what data you really have to keep.
, How did you get into data storage?

Bearpark: When I first arrived at Hillingdon we had physical servers with direct-attached storage [DAS]. We were forced to look for a better way of doing things with shared storage and in 2003 we opted for a StorageTek SAN. In 2006 we moved to a virtualised server environment and dual Compellent Storage Center SANs with automated tiering and snapshots to the new disaster recovery (DR) site.

Specifically, I got involved in the shared storage projects at Hillingdon because I knew it would make a big difference to how we worked. While I had overall responsibility, I wanted the team to develop their skills from being just third-line storage support staff. So, we got them out in the minibus visiting the vendors and collectively making decisions about products, and that has paid off in terms of the team taking ownership of storage. How is storage viewed by the business and other parts of IT?

Bearpark: The business sees storage as something simple, cheap and infinitely expandable. In IT, it used to be seen as something boring, that all you did was add capacity. But with the type of virtualised, tiered storage we have now, it's seen as quite sexy. Shared storage has really opened up the possibility of doing many things, including opening new routes to market. What's the biggest satisfaction you get in your job?

Bearpark: It's good to have the ability to surprise people with the adaptability of the storage we have and to do things relatively quickly and cheaply, instead of having to trot out the time-worn IT mantra of "We can do it for you but it'll cost a shedload of money." What's the biggest challenge you face in storage?

Bearpark: The biggest challenge is how to reduce the amount of storage we have. Because it's flexible and adaptable, people take it for granted. A phenomenon we often have to deal with is what I call Sunday Supplement Syndrome, where senior business managers have seen a 1 TB hard drive for £49.99 and ask why our storage is so much more expensive. You have to patiently explain to them the limitations of the standalone hard drive and the benefits of a virtualised, intelligent storage system. What has been your biggest item of storage spend over the past year?

Bearpark: The biggest storage spend this year has been on solid-state drives [SSDs]. Having said that, because we're getting 14 or 15 times the performance of disk, the cost per gigabyte is probably very favourable compared to adding disk. What's the most valuable tip you can give to other storage professionals?

Bearpark: Talk to users. There's often a great deal of fuss made over restoration of data and finding particular files, often for perceived legal compliance reasons. Only by talking to users and finding where the line is between what you're doing and what the law requires will you know what you really have to keep. If you don't have to back something up and there's no statutory duty to keep it, then don't.

You have to understand what people need to keep and what is kept by default, and if you understand that you can design a storage policy that's more effective.

One example is where we had a proliferation of images. People were taking photos for various reasons -- ranging from the hygiene conditions of restaurants to peeling wallpaper in council properties -- and keeping the images on their local drives. We engaged with them and discovered that most of the images didn't need to be kept for very long, so we implemented a policy of keeping them for three months on a shared drive – so that they could be accessed by anyone who needed to – and then three months on the archive before deletion.

We keep on top of compliance issues by making sure as many people as possible attend training. In a local authority there's a tendency to do things 'organically' and things grow by default, so a delicate balance is required to set policy, not coming across as 'the big I am' but also making sure you achieve efficient policy with regard to data held.

Read more on Data protection regulations and compliance