ESG Guest Blog 3 of 6: ‘Governance is more than IT, but the IT has to be there’

Posted 4 November 2015 7:48 PM by Commvault

We're happy to welcome Jason Buffington, senior analyst at ESG (Enterprise Strategy Group), onto our blog page. Jason will contribute a six-blog series that will focus on key issues related to data and information management, compliance, security and share his perspective on top customer considerations for establishing best practices in today’s changing IT landscape.

Buffington is focused primarily on data protection, Windows Server infrastructure, management, and virtualization. He has actively deployed or consulted on data protection and storage solutions since 1989, working at channel partners, Cheyenne (CA) ARCserve, NSI DoubleTake and Microsoft. Check out all of ESG’s data protection perspectives from Jason at

In this third installment, he’ll explore Commvault’s initiatives toward ‘Governance from Inception.' Read the first and second installments.

If you’ve been following this blog series, we’ve used the Data Protection Spectrum model to describe a complimentary set of activities that are grounded in Backup, but are supplemented by snapshots, replication, etc. Outside of these blogs, ESG often contrasts the ‘products/technologies’ of backup/snaps/replicas and the ‘processes/culture’ of Business Continuity and Disaster Recovery (BC/DR) appended to the right side of the graphic.

The Spectrum of Data Protection and Information Governance




In much the same way that BC/DR builds from the replication & high availability technologies with processes and procedures, Information Governance (IG) often builds from archival technologies with processes and procedures, as well. In fact, to take the analogy further, you can’t buy BC/DR or IG.

  • To achieve your BC/DR goals, you have to acquire reliable backup/snapshot/replication technologies, then add orchestration/processes and drive an operational culture that is prepared.
  • To achieve your IG goals, you have to acquire reliable archival and backup technologies, and then add orchestration/processes and drive an operational culture that is intentional.

In both cases, it starts with technology that adds a layer of agility beyond just ‘data protection.’ And while BC/DR and IG are both ‘more than technology,’ neither is accomplishable without the right IT components underneath.

  • For BC/DR, you have to understand the business processes, the potential impact on key systems, and the organizational requirements of the users.
  • For IG, you have to understand the data!  You have to understand not what files or file-types (applications) that you have, but the business-value, regulatory-value and disclosure-value of the data itself.

And while the needs of BC/DR must be addressed through collaboration, IG’s insight into the data is actually best addressed by technology that can ingest and understand the data, based on rules, patterns (in characters and usage) and policies. In wrapping up the blog series, there are some parallels to earlier entries that can be applied here:

  • Similar to how non-DP additional copies are often cost-prohibitive unless part of a broader DP plus non‑DP strategy under ‘Data Management,’ adding an archival solution that is data-savvy and can enable a broader Information Governance schema is also less practical when run as an isolated platform.
  • Similar to how organizations’ requirements for IT resiliency continue to evolve ‘beyond backup-alone,’ Information Governance isn’t achievable as an afterthought. With data sharing and access technologies being so deceptively simple, your IG strategy (and the technologies that you apply to it) must be applied from the time data is created and govern it throughout its whole lifecycle.
  • As discussed earlier, a broad ecosystem of partners wants to leverage a modern data protection infrastructure, in order for both solution platforms to help their shared customers with Information Governance needs.  As such, having an open architecture that will allow the vertical or other partners (who understand their data even more than the underlying technology) can add tremendous value to a comprehensive IG strategy.
  • Considering the convergence trends that have been discussed so far, it should come as no surprise that Commvault has incrementally evolved its platform for Governance in much the same way that it has evolved it for other customer data protection and data management scenarios – through a common code-base that is enhanced by listening to its customers and building what was necessary.
  • And, in the spirit of tying the entire blog series, but especially poignant when considering Information Governance … remember, your data is a strategic asset. Treat it as such.