Peter A. Gerr -- Analyst at Enterprise Storage Group recently completed a 3-month long research project about the impacts of regulatory standards such as SEC Rule 17a-4 and Sarbanes-Oxley Act (SOX) on storage operations. "Compliance and corporate governance should absolutely be the topic of conversation at board meetings and executive meetings across businesses large and small, public and private." he says. However, Gerr says while...
compliance is very important, organizations shouldn't be panicking or spending foolishly to "become compliant".
In the study, Gerr found the users that were the most confident that they could efficiently and quickly address compliance, were those that removed the internal barriers between IT and the LOBs (lines of business), and took a proactive approach towards compliance. Gerr says it is also important to "look at information as an asset that needs to be managed, retained, and protected like other corporate assets -- an information-centric view, not a systems-level view."
"Clearly, compliance, corporate governance and similar risks are causing increased spending in certain areas of IT," says Gerr.
For example, he notes, EMC recently announced that it has shipped 100 petabytes (10,000TB) of its Centera product since it was first introduced in April 2002 -- a significant accomplishment for a new product introduction. To meet regulatory requirements such as non-erasability and non-rewriteabilty, organizations have traditionally relied on various optical media. "EMC really broke down this barrier when it introduced Centera in 2002, -- the first mainstream example of a magnetic disk system that provided non-erasability and non-rewritability features," says Gerr.
Similarly, since announcing its SnapLock software in Q2 2003 that is also targeted at regulated industries, Gerr says Network Appliance has shipped approximately 100TB of storage with this feature enabled. "And there are a myriad of startup vendors building competitive products in the same vein," he adds.
Gerr explains that while the SEC doesn't officially endorse any technology solutions as "compliant", Centera and NetApp's SnapLock technology have been accepted to date as viable solutions for meeting the requirements of rule 17a-3 and 4.
But it isn't solely a matter of regulators forcing change on unwilling organizations. "I think it's more appropriate to say that compliance is one of the driving forces causing a shift in how vendors and users think about their digital libraries of information and the value and the risk that these mountains of data hold," Gerr says. Indeed, a recent Meta Group survey found 49% of firms polled believe SOX is a necessary cost of doing business, and 39% say SOX will eventually make them more competitive.
Mike Casey, principal analyst at Contoural, Inc. and a SearchStorage.com Expert, also agrees that compliance is big and getting bigger. In particular he notes the scope of things considered to be business documents -- notably emails -- continues to expand. And in general, too, retention periods are rising. The pressure that's facing storage pros, however, comes not just from the need to retain records -- but to do so efficiently. Thus, where a hospital might have been content to archive medical images in physical media, the need to move and easily located images means electronic storage has become more compelling.
And, just as the move to introduce data mining techniques was inspired by less expensive storage, Casey believes the continued drops in the price of storage will help make the new era of compliance more palatable.
For more information:Webcast: Make your storage Sarbanes-Oxley compliant
Crash course: Compliance
Expert advice: Convince management to spend for Sarbanes-Oxley
About the author: Alan Earls is a freelance writer in Franklin, MA.