Technology Case Studies
|
Managing Long-Term Data Storage in a Regulatory Environment
| posted 08-29-2009 |
Average Rating: 
|
 Today’s regulatory environment is enough to make a data manager’s head spin. From legislation such as the Sarbanes-Oxley Act and the Health Insurance Portability and Accountability Act to credit card processing security standards, data managers now face a dizzying array of regulations regarding what types of data must be stored and for how long. But that’s not all. Thanks to a December 2006 amendment to the U.S. Federal Rules of Civil Procedure to encompass digital information, U.S. courts are now empowered to order companies to produce the right data in record time. Because e-discovery allows everything from e-mail to PowerPoint presentations to be called into evidence, companies must be prepared to preserve and sift through mounds of electronic data at breakneck speed or face possible legal penalties. In response to such challenges, many data managers are upping the ante by purchasing vast amounts of data storage hardware. Research firm IDC reports the total amount of disk storage shipped in 2008 grew 40.5 percent over the previous year. According to research firm Forrester Research, 40 percent of enterprises said they plan to spend more on storage hardware in the coming year, with another 46 percent saying their spending on storage will be level. What’s more, Forrester estimates storage capacity requirements are growing at a rate of between 15 percent and 25 percent per year. In addition to scrambling for the necessary hardware, many companies are adopting solutions that promise to help them better analyze, archive, manage, protect, and purge their data to meet long-term management goals. Taking inventory Take, for example, Vivisimo and its Velocity Search Platform. This data analysis software provides companies with easy access to information and content without having to rethink the way in which content is produced and stored. Using proprietary conceptual search technology, Velocity helps companies easily determine what information currently resides on a databases, how employees use and access this information, and how best to store this data on a long-term basis. Setting data aside Once companies have taken proper inventory of their data, the next step is deploying a data archiving tool. Data archiving works by removing and archiving master data from a database and storing it on a variety of storage mediums for future access. After all, says Brian Babineau, a senior analyst with the Enterprise Strategy Group in Milford, Massachusetts, “If data is being transacted upon on a regular basis, trying to figure out how you’re going to store that data, where you’re going to keep it, and how long you’re going to keep it is nearly impossible.” Fortunately, by systematically extracting data from a primary environment, data archiving technology lets data managers store only the information needed to meet regulatory requirements while improving the performance and availability of critical systems. Managing resources Another approach data managers are taking to sorting out their data is through the use of storage resource management (SRM) technology. Tool suites such as the IBM Tivoli Storage Productivity Center help companies better manage their storage system capacity by centralizing, simplifying, and automating storage tasks. What’s more, not only can SRM tools better provision storage to optimize the use of existing storage resources, but they can also forecast future storage needs to prevent outages. For example, an SRM tool can automatically notify a data manager that storage capacity has reached its maximum threshold and that it’s time to acquire more capacity before disaster strikes. Preventing leakages Similarly, data-leak prevention products are helping companies keep better tabs on their data. Firewalls and encryption may keep hackers at bay, but a data-leak protection solution from vendors such as RSA, the security division of EMC, can serve as an early warning system that notifies data managers when employees are about to send out sensitive or classified corporate data. It’s a policy-based approach to data protection that, according to Greg Schulz, founder of StorageIO Group, a storage consultancy, helps data managers “monitor their networks, systems, and applications for vulnerabilities that will automatically set off an alarm when critical data is about to be leaked.” New trends Getting a better handle on data storage is also leading many companies to hot trends such as cloud computing and virtualization. Virtualization, for instance, pools storage from multiple devices into a single storage mechanism that can be managed centrally, enabling one computer to do the work of several machines. “The more tools that a company has to move data between physical devices, the better off they are,” says Babineau, highlighting the flexibility provided by virtualization. The downside, warns Schulz, is that virtualization can introduce more issues. “With virtualization and cloud computing, all you’re doing is moving data around. That data still has to be stored and protected somewhere. You can protect it in the cloud, but guess what, you’ve just introduced another point of vulnerability.” Internal checks and balances Hot technologies aside, if data managers plan to cope with the regulatory requirements governing data storage today, then they must take a long, hard look at their internal policies and procedures. “Don’t make the mistake of assuming that your data and information are secure as long as they’re in your company,” says Schulz. “The headline news is always about a [storage] tape containing a million names getting released. But how about the 12,000 laptops that are lost or forgotten every month at Los Angeles airport—and the data on those [computers].” For this reason, Schulz recommends that data managers establish and enforce stringent policies related to company-issued USB thumb drives, laptops, iPhones—any portable device that can transport confidential information and risk exposing a company to security breaches and legal liabilities. “Policies are essential,” says Schulz. “Too often, we try to throw technology at the problem rather than create a policy or approach.” Babineau agrees. He says that many companies make the mistake of leveraging technology to store too much data. For example, the Radicati Group estimates that the average corporate email user sends and receives a total of 84 messages per day and that the average size of a message without an attachment is about 22 KB. That can add up to a ton of non-mission critical data—and ever-expanding storage capacity needs. However, with the right data retention polices in place, a company can regularly purge its data while still sticking to the letter of the law. “The Federal Rules of Civil Procedure allow you to expire content,” says Babineau. “You just can’t do it on a one-off basis. You actually have to have some consistent rules and policies to do it.” Today’s data managers are facing stringent storage requirements at a time when companies are being deluged with everything from Word documents and email to business-processing applications and data-devouring digital content. In the end, overcoming these long-term data management challenges comes down to striking just the right balance between cutting-edge technology and internal policies. ______________________________ Surviving the data avalanche Server virtualization 101 ______________________________  COMMENTSHow is your business dealing with data storage issues in an age of rapidly changing technology? Leave your response in the comments below. |
