In part 1 of this series, we explained that there are 5 key capabilities needed for a successful file cleanup project, and discussed Capability 1 – File Discovery, and 2 – Sensitive data discovery. In this second blog we pick up the discussion with Capability 3 – Activity and File Usage.
Capability 3 – Activity and File Usage
Understanding who is actively using files on file servers can offer tremendous insight into how to approach a cleanup effort. By monitoring activity, it is possible to know what files are heavily used and what files are not used at all. Moreover, the activity also identifies who is using a file server, which can be valuable when determining ownership and getting involvement from the business during the cleanup process.
Understanding activity and file usage can be done in several
Attributes – By evaluating the Created, Modified, and Accessed timestamps,
it is possible to get useful information on the activity of a file. This can help answer where new files are
being created or updated, and quickly identify areas of the file server that
have gone dormant. While this can be
done quickly without collecting any activity event data, it should only be used
for scoping further efforts since it does not provide definitive information on
what files are used or being accessed regularly.
Handles – Enumerating the open file handles on a server can quickly
identify which files are in use at a particular time and by whom. This is something that is easy to do and
provides some initial insight into who is interacting with the data on file
servers, without performing heavy collections or leveraging activity events.
Events – Monitoring all activity events is the most informative and useful
approach to understanding file activity.
This, however, requires ongoing monitoring and analysis of the activity
data. If possible, avoid using native
event logs as they can be limited in the value they provide and costly to
If done appropriately, activity monitoring data can provide
incredible insight into usage patterns and help scope a highly targeted cleanup
effort. Knowing what files are used and
what files aren’t provides a clear path to remove only what is no longer
needed, and to communicate with the users who actively utilize the data so they
are informed each step of the way.
Capability 4 – Owner Engagement
No cleanup can be efficient without involving the business
and the people who depend on the data to do their jobs. However, this is typically one of the most
challenging aspects of any cleanup campaign.
It is difficult to find people who can be accountable for the data that
needs to be managed, not to mention finding an automated way to gather their
feedback and communicate with them.
Some very effective communication mechanisms that can ensure
a seamless cleanup campaign are:
Notifications – Before starting to clean up files, it is best to inform the
employees that are actively using these files.
However, this should be sent only to the necessary people at the right
time to avoid causing too much confusion.
Certifications – In most cases, the IT personnel tasked with doing the file
cleanup do not understand the importance of the files in scope. To make good decisions, it is necessary to
engage the business users who have this understanding. Providing a simple process so that owners can
review files prior to archiving them is a very effective way to automate the
feedback loop and make sure no important files are removed. In many cases determining ownership can be
complicated when employees change roles, transfer to other departments, or
leave the company. Here, activity
monitoring can indicate who is still actively using the files, even when the
original file creator and owner is no longer available.
Capability 5 – Cleanup Actions
Eventually, in any cleanup campaign, it is necessary to move
or delete the files that are no longer needed.
There are some additional measures that should be taken when moving
files to make this as seamless as possible for end users. The actions needing to be performed include:
Moves – The first step is to move the file to an archive location on a
separate server or to a secured folder on the existing server. It’s important to be able to move the files
while maintaining the folder path so the file can easily be restored to its
original folder if needed.
Stubs – With the right level of planning, only files that are not being
used will be moved. However, if an
employee does come looking for one of the recently archived files, it is good
to have a way for them to find it. Leaving
stub files behind that redirect the user to the file in the new location can
accomplish this task. It can be
extremely effective in avoiding any confusion from end users during the cleanup
- Secure – By
locking down a file, it is possible to simulate a delete of a file without actually
deleting it. When users do attempt to
open the file, they will get access denied messages, which can trigger an alert
through activity monitoring so the file can be unlocked if needed. This would typically be done on sensitive
files without activity as part of a more secure, staged archival workflow.
– Eventually files will need to be deleted from the archival location. When files can be safely deleted depends on
the retention policy of the department, organization, or relevant compliance
Using this graduated approach to file cleanup will result in
fewer business disruptions and better results.
time: Putting It All together.