Application Decommissioning for Information Security, Step 4: Cataloging Data within the Target Application

Once an organization has created consensus regarding application decommissioning, identified the applications to be retired and built a long-term plan for application decommissioning, the next step is to catalog the data within the target application to be decommissioned.

Why catalog data within an application that's being decommissioned?

Because dormant applications contain up to petabytes of inactive content, all of which presents a security risk, you need to understand the nature and use of the content within each application before the application is decommissioned. Essentially, this is taking a deep dive into the content in each application.

Lacking knowledge of the specific data each application holds (beyond a high level view,) you can’t effectively decommission applications without potentially breaking the business, damaging the integration between systems or running afoul of compliance requirements.

How to catalog data using application archiving and file analytics tools.

Although you can catalog the data manually through the use of scripts and SQL queries, most organizations have far too many applications (and far too much data within those applications) to make this approach feasible. Instead, you’ll need to leverage an application archiving solution. In addition, file analytics also helps you look into a target application to identify the tables and records the application contains. That's important because it can tell you what parts of the content should be archived.

File analytics helps identify ROT and parses data by retention criteria.

Some content may be identified as redundant, obsolete, or trivial (ROT). And identifying ROT content prior to archiving reduces the volume of content that needs to be moved to an archive environment, thereby reducing cost and risk.

File analytics solutions also allow you to parse application data by retention criteria (a capability important to your Records Management team). This allows you to support date- and event-based disposition of content that’s past its legal life, according to your corporate retention schedules. That is important to stakeholders in Legal who will be interested in determining whether data up for disposition is under any current or anticipated legal hold.

How to match file types to the right archiving solution.

The figure below shows a list of common categories of repositories, together with the leading file analytics solutions best suited to catalog each type of content.


The next post discusses Step 5, on archiving and managing the content from your decommissioned applications.

The Doculabs Application Decommissioning Blog Series

Step 1: Getting Your Stakeholders on Board

Step 2: Identify and Prioritize Systems to Retire

Step 3: Defining the Archiving Plan

Step 4: Cataloging Data Within the Target Application

Step 5: Archive and Manage the Content

Step 6: Retire Applications

The CISO's Six-Step Guide to Managing Application Risk

Rich Medina
Joe Shepley
I’m VP and Practice Lead, focusing on developing Doculabs’ InfoSec practice and its applications in a wide range of industries.