Survey Finds Infinite Data Retention Leading to Costly Information Management Mistakes

High storage costs, long backup windows, litigation risk and inefficient eDiscovery plaguing companies

MOUNTAIN VIEW, Calif. - Symantec Corp. (Nasdaq: SYMC) today released the findings of its 2010 Information Management Health Check Survey, which highlights that a majority of enterprises are not following their own advice when it comes to information management. Eighty-seven percent of respondents believe in the value of a formal information retention plan, but only 46 percent actually have one. Survey results also found that too many enterprises save information indefinitely instead of implementing policies that allow them to confidently delete unimportant data or records, and therefore suffer from rampant storage growth, unsustainable backup windows, increased litigation risk and expensive and inefficient discovery processes.

“Infinite retention results in infinite waste. Enterprises see the value of a solid information management plan, but too many still follow the outdated practice of keeping everything forever,” said Brian Dye, vice president of product management, Information Management Group, Symantec. “The sheer volume of data is growing exponentially, so trying to keep everything consumes large amounts of storage space and demands too much of IT’s resources. As a result, businesses spend far more time and money on the negative consequences of poor information management and discovery practices than they would by working to change them.”

Survey Highlights:

* Gap between enterprise information management goals and practice. Most enterprises (87 percent) believe a proper information retention strategy should allow them to delete unnecessary information. However, less than half (46 percent) actually have a formal information retention plan in place.
* Enterprises are retaining far too much information. Seventy-five percent of backup storage consists of infinite retention or legal hold backup sets. Respondents also stated that 25 percent of the data they back up is not needed for business or should not be kept in a backup.
* Enterprises are misusing backup, recovery and archiving practices. Seventy percent of enterprises use their backup software to implement legal holds and 25 percent preserve the entire backup set indefinitely. Respondents said 45 percent of backup storage comes from legal holds alone. In addition, enterprises cited that, on average, 40 percent of information placed on legal hold is not specifically relevant for that litigation. Using archiving and backup together provides immediate access to the most pertinent information while allowing enterprises to retain less.
* Nearly half of the enterprises surveyed are improperly using their backup and recovery software for archiving. Additionally, while 51 percent prohibit employees from creating their own archives on their local machines and shared drives, 65 percent admit that employees routinely do so anyway.
* Differences in how IT and legal respondents cited top issues for lack of an information retention plan Forty-one percent of IT administrators don’t see a need for a plan, 30 percent said no one is chartered with that responsibility, and 29 percent cited cost. Legal cited the top issues as cost (58 percent), lack of expertise to build a plan (48 percent), and no one chartered with the responsibility (40 percent).

The consequences of these information management missteps are severe and far-reaching:

* Storage costs are skyrocketing as over retention has created an environment where it is now 1,500 times more expensive to review data than it is to store it, highlighting why proper deletion policies and efficient search capabilities are critical for enterprise organizations.
* Backup windows are soaring while recovery times have become prohibitive.
* Finally, with the massive amounts of information stored on difficult-to-access backup tapes, eDiscovery has become a lengthy, inefficient and costly exercise.

Recommendations

Enterprises need to regain control of their information. The costs of waiting for the perfect plan are far outweighed by the benefits of being proactive.

* Backup is not an archive, and it is not recommended to use backup for archiving and legal holds. Enterprises should retain a few weeks of backup (30 - 60 days) and then delete or archive data in an automated way thereafter.
* By using backup only for short-term and disaster recovery purposes, enterprises can backup and recover faster while deleting older backup sets within months instead of years. That’s a huge amount of storage that can be confidently deleted or archived for long-term storage.
* Implement deduplication everywhere within applications and within a backup environment. Enterprises that deploy deduplication as close to the information sources as possible free network, server and storage resources. When deduplication is combined with shorter retention periods, enterprises enable tapeless disaster recovery via replication for better SLA.
* Enterprises should also develop and enforce information retention policies (what can and cannot be deleted, and when) automatically. Automated, policy-driven deletion creates less risk than ad-hoc, manual deletion. The 46 percent of respondents that have a retention policy should consider taking immediate steps to begin executing those policies. Paper policies that are not executed can be a litigation risk.
* Use a full-featured archive system to make discovery as efficient as possible. Companies can then search for information more quickly – and with more granularity than they would in a backup environment. This will reduce the time and cost it takes to evaluate litigation risk, resolve internal investigations and respond to compliance events.
* Enterprises should deploy data loss prevention technologies to measurably reduce their risk of data breaches, demonstrate regulatory compliance and safeguard their customers, brand and intellectual property. IT administrators should look for a solution that discovers, monitors and protects confidential data while providing insight into the ownership and usage of information.

The survey was conducted in June 2010 and is based on responses from 1,680 senior IT and legal executives in 26 countries.

About Symantec

Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at www.symantec.com.

NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at http://www.symantec.com/news. All prices noted are in U.S. dollars and are valid only in the United States.

Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.