Logging and archiving: Where storage and security needs intersect

Computerworld - When IT managers consider logging and archiving, they are faced with a dilemma: Keep enough data, and audit and regulatory needs are met, business continuity is maintained, and recovery after disaster goes off smoothly.
Keep too much data, though, and the cost associated with storing that data and the resources needed to maintain the archives could skyrocket, outweighing many of the benefits.
What's needed is a careful, business-based balance between security and storage. Simple storage of the data isn't enough. How data is stored and how the associated threats to it are mitigated are critical parts of the puzzle. Even the most sophisticated storage-area network (SAN) isn't much use if an attacker can access the logs and delete or otherwise tamper with them. In this article, we'll take a look at some of the questions that companies should ask to understand how to store and archive logs reliably.
Do you need it on demand?
Stored log data may differ in its overall value to the organization. For example, log files from a development server that contains old builds of phased-out code may have a different weight than the logs from the corporate human resources, enterprise resource planning and mail servers. Because the cost of data storage varies depending on the ways in which it will be used and accessed, old copies of log files from testing and prototype machines may lend themselves to less expensive storage methods, such as off-line digital archive tapes, while ERP system logs may need to be available around the clock via the corporate SAN.
Assign a value weight to each set of logs that will be archived and then determine the most cost-effective storage method. If the data can't be accessed when it's needed, it's not of much use. Archived data that has been stored in a third-party, off-site facility, where it may take days or weeks to retrieve, could cause a breach of a service-level agreement or be in potential violation of audit policies.
One of the most important contributors to data availability is management of the SAN and all of the archives. If more storage space is needed, can it be discovered, provisioned and made available automatically? If not, what are the consequences? Is data lost? Does someone gets paged at 3 a.m. on a Sunday to go into the data center and provision additional storage? Are there metrics to provide alerts for anomalous storage usage and for strategic planning of storage needs?
How safe does it need to be?
With a valuation