Building compliance, block by block.

Every few years, unbeknownst to the IT community, an event happens that will have a profound effect on the way IT administrators, managers or executives manage their daily business. Sometimes these events are based on technology and are, therefore, more predictable. The step-change from paper to an electronic-based economy, networked and Internet computing computing - computer , and networked storage are good examples. These changes evolved over time and organizations adapted at their own pace, depending on relevance to the business, available budget and expertise. But sometimes these changes are based on real-world events and are largely unpredictable; like the scramble To encode (encrypt) data in order to make it indecipherable without having a secret key to "unlock" it. The term came from the early days of cryptography which camouflaged analog transmissions with secret frequency patterns. to solve the Y2K problem Y2K problem or Y2K bug: see Year 2000 problem.

(Year 2000 problem) The inability of older hardware and software to recognize the century change in a date. before December 31, 1999, and the emphasis on disaster recovery after September 11th. In these cases, companies had little choice but to address these issues, regardless of relevance to their business, budget or expertise.

2004 has been referred to by many as "the year of regulations"--which is appropriate since many regulations became enforceable or had deadlines extended during this year (i.e., Sarbanes-Oxley and HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, ). But what do these regulations mean to the IT community and how does it affect them? Are these evolutionary, non-disruptive events that can be dealt with when it is convenient? Or are there more significant implications that require attention from IT resources to the point that it becomes disruptive disruptive /dis·rup·tive/ (-tiv)
1. bursting apart; rending.

2. causing confusion or disorder. ?

The answer is: both. A number of well-publicized events in the upper echelons of corporate America, the continued fight against terrorism, the groundswell ground·swell
n.
1. A sudden gathering of force, as of public opinion: a groundswell of antiwar sentiment.

2. of public demand for privacy rights and other non-technical events have forced an increasingly burdensome level of regulations upon organizations.

There is little that the IT department can do on its own to "comply" with regulations because compliance is more about people and business processes than a required technology change. However, it does force IT to think about the lifecycle of data since one of the most prominent effects of the regulations is how long data must be kept, ranging from a few years to a century or more. This is known as Information Lifecycle Management Information Lifecycle Management refers to a wide-ranging set of strategies for administering storage systems on computing devices. Specifically, four categories of storage strategies may be considered under the auspices of ILM. (ILM): the policies, processes, practices, services and tools used to align align (

līn),
v to move the teeth into their proper positions to conform to the line of occlusion. the business value of information with the most appropriate and cost-effective infrastructure from the time information is created through its final disposition (as defined by the Storage Networking Industry Association's Data Management Forum).

While ILM may be the organization's long-term goal, complying with government regulations is a much more immediate issue that must be addressed. But, by taking steps to achieve regulatory compliance and focusing on key areas of infrastructure like backup, recovery and archive, the company may ultimately be closer to realizing ILM.

Has This Happened Before?

The IT community has been in a frenzy Frenzy
Beatlemania

term referring to the Beatles’ (rock musicians) immense popularity; manifested by screaming fans in the 1960s. [Pop. Culture: Miller, 172–181]

Big Bull Market over compliance, mostly perpetuated by vendors capitalizing on the fear of customers to promote the sale of their existing point products as "catch-all" compliant solutions. But IT departments need not panic because they have been subject to the whim whim
n.
1. A sudden or capricious idea; a fancy.

2. Arbitrary thought or impulse: governed by whim.

3. A vertical horse-powered drum used as a hoist in a mine. of the business before--the shift to 24X7 global operations Global Operations is a first-person shooter computer game developed by Barking Dog Studios and published by both Crave Entertainment and Electronic Arts. It was released in March of 2002, following its public multiplayer beta version which contained only the Quebec map. and Internet-based business, for example. The IT department used to rely on the non-business hours between 10 p.m. and 6 a.m. Eastern time to perform network maintenance and server backup operations. It had a lot of flexibility in choosing how they architected networks and backup strategies to fulfill ful·fill also ful·fil
tr.v. ful·filled, ful·fill·ing, ful·fills also ful·fils
1. To bring into actuality; effect: fulfilled their promises.

2. their commitment to the organization. Then businesses decided to start selling products on the Internet 24 hours a day and/or open offices in Europe and Asia (which would rely on network servers at the U.S. headquarters in order to run the expanding operation). This had profound effects on the availability of the network, when backups were going to take place and how they were performed. Additionally, data that was lost was expected to be restored in very short periods of time. This led to the creation of Service Level Agreements (SLAs) that the IT department formed with its "internal customers".

IT departments satisfied the SLAs in a very deliberate fashion. Enough power, connectivity and storage was built into the system to accommodate the stipulations of the SLA (1) (StereoLithography Apparatus) See 3D printing.

(2) (Service Level Agreement) A contract between the provider and the user that specifies the level of service expected during its term. but scalability and flexibility were also considered so that new requirements driven down by the business would not require "forklift upgrades".

Addressing Compliance Does Not Change the Model

The increase in corporate governance Corporate Governance

The relationship between all the stakeholders in a company. This includes the shareholders, directors, and management of a company, as defined by the corporate charter, bylaws, formal policy, and rule of law. is not much different than other business process changes that have been forced upon IT in the form of SLAs. A simple review of the requirements (mostly storage related) to support new compliant business processes reveals the changes that need to be made. In many cases, companies will find that if they have implemented best practices in backup, recovery and archive, they will not be greatly affected by corporate governance today. There will be some changes required, usually in the length of time data is retained, who has access to the data and how quickly it can be accessed, but the IT department will not need to address these challenges from a standing start.

The key to defining a compliance strategy is to look at the problem from two perspectives. Corporate finance will be most concerned from the "top-down" view of the organization and its processes, to make sure adequate procedures are in place to identify the areas of the business that are affected by regulations. Determining which business policies and procedures Policies and Procedures are a set of documents that describe an organization's policies for operation and the procedures necessary to fulfill the policies. They are often initiated because of some external requirement, such as environmental compliance or other governmental have compliancy com·pli·an·cy
n.
Compliance.

Noun 1. compliancy - a disposition or tendency to yield to the will of others
complaisance, obligingness, compliance, deference implications will allow a reasonable SLA to be created and negotiated with the IT department. On the other hand, IT should not wait for the decision of the business to begin looking at its infrastructure from the bottom-up to understand how certain requirements for longer retention periods or other compliancy issues might be met.

While demonstrating the improvements that can be made to backup recovery and archive infrastructures using a combination of disk and tape, The savvy vendor can help customers realize these solutions can also address the problems that were identified as roadblocks in meeting regulatory compliance requirements Compliance requirements are a series of directives established by United States Federal government agencies that summarize hundreds of Federal laws and regulations applicable to Federal assistance (also known as Federal aid or Federal funds). . This can often be done with little or no disruption disruption /dis·rup·tion/ (dis-rup´shun) a morphologic defect resulting from the extrinsic breakdown of, or interference with, a developmental process. to their existing environment.

The Building Block Approach to Achieving Compliance

Companies currently backup, recover and archive to meet their disaster recovery policies. These are business processes that are designed to respond to internal requirements or SLAs for restoring data after accidental accidental /ac·ci·den·tal/ (ak?si-den´t'l)
1. occurring by chance, unexpectedly, or unintentionally.

2. nonessential; not innate or intrinsic. or catastrophic loss. It involves the retention and protection of the organization's data. It is very similar to the process for meeting external government-mandated regulations for the retention and protection of the organization's compliant data. Even so, compliance will be difficult to achieve if backup, recovery and archive processes are not performing to the expectations of the SLA.

The recent availability of Quantum's Write-Once, Read Many (WORM) capability, DLTIce, in its tape automation systems is evidence of a cost-effective, non-disruptive solution. Quantum's tape libraries and autoloaders with WORM capability enable companies to meet regulatory requirements Regulatory requirements are part of the process of drug discovery and drug development. Regulatory requirements describe what is necessary for a new drug to be approved for marketing in any particular country. for secure, unalterable data storage using open systems tape drives and media, rather than paying for additional and more costly technology, such as proprietary content systems.

For example, an IT manager wants to address retention and archive requirements for 5TB of data which needs to be retained and secured in order to comply with certain government regulations. If they utilize WORM tape, it would cost only $1,500 for the price of media because they would be using their existing backup, recovery and archive infrastructure to move data to a compliant media. In contrast, if they were to implement a proprietary disk-based content system, they would likely spend upwards of $200,000 without even accounting for the cost of floor space, power and cooling. In short, implementing a WORM tape solution in an existing infrastructure gives the organization an alternative path to compliance at a substantial cost savings of thousands of dollars.

This approach to best practices in backup, recovery and archive offers IT managers the best of both worlds: investment protection on the most cost-effective storage medium (streaming linear tape) and secure data archiving to meet regulatory requirements. Tape libraries with WORM tape address compliance requirements for secure and unalterable data while also providing cost-effective archival storage with no changes to backup processes, saving IT departments' time, money and hassle Hassle () is a location in Närke, Sweden, where a Celtic treasure was found in 1936.

It comprises a large bronze cauldron which contained two Bronze Age swords of the Hallstatt type, a pommel of bronze, two bronze buckets with . This is further evidence that regulatory compliance can be addressed by building on the best practices and infrastructure already in place for backup, recovery and archive.

There is No "End Game" to Compliance

Clearly, government regulations and its impact on computing have just begun. Those that design their infrastructures to only solve regulations that are being enforced today will be doing a great disservice dis·ser·vice
n.
A harmful action; an injury.

disservice
Noun

a harmful action

Noun 1. to themselves as existing regulations get more narrowly defined or new regulations are introduced. Designing a flexible and open computing See open system and open source. infrastructure, particularly where scalability of longer term storage is concerned, leaves the forward-thinking IT department the most flexibility to address the uncertainty that will exist in the next year or next administration. Choosing vendors that are equipped to help address backup, recovery and archive challenges is the first step to building a solid foundation in which IT can respond to regulatory compliance requirements. Once this is established, the organization is that much closer to applying a realistic ILM implementation.

ILM

Aligning business value of information with policies, processes,
practices, and tools with the most appropriate and cost effective IT
infrastructure--from data inception through to disposition

Regulatory          Based on government regulations--impacts some
Compliance          companies more than others
Data Protection/    Based on a company's internal business continuance
Disaster Recovery   requirements
Backup, Recovery &  Leveraging best practices in backup, recovery and
Archive             archive is the foundation for protecting a company
                    from data loss

Shane Jackson is director of strategic alliances for Quantum Storage Systems (San Jose San Jose, city, United States
San Jose (sănəzā`, săn hōzā`), city (1990 pop. 782,248), seat of Santa Clara co., W central Calif.; founded 1777, inc. 1850. , CA)

www.quantum.com

COPYRIGHT 2004 West World Productions, Inc.
No portion of this article can be reproduced without the express written permission from the copyright holder.

Reader Opinion

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:	Storage Management; Information Lifecycle Management
Author:	Jackson, Shane
Publication:	Computer Technology Review
Geographic Code:	1USA
Date:	Nov 1, 2004
Words:	1594
Previous Article:	Addressing power and thermal challenges in the datacenter.(Data Protection)
Next Article:	Archiving stakes its claim to lower TCO.(Storage Management)(total cost of ownership )
Topics:	Computer services industry Forecasts and trends Information lifecycle management Evaluation Information technology Evaluation Management Information technology management Evaluation Information technology services industry Forecasts and trends

Related Articles
The IM building blocks.(Brief Article)
Lifecycle management drives data management's evolution from art to science.(Disaster Recovery)
The impact of compliance on storage: will you benefit from increased demand?(Regulatory Compliance)(Information Lifecycle Management)
IBM, EMC, HP, CA, Oracle and Iron MTN executives gather to define lifecycle MGMT.(Computer Associates)(EMC Software Group)(management)
Not Information Lifecycle Management but Information Value Management.(Special ILM Issue)
Transparent capacity management.(Storage Management)
Information Lifecycle Management and the government.(Storage Networking)
Streamline data to support the ILM infrastructure.(Storage Management)(Information Lifecycle Management)
Looking back.(Calendar)
Data management for compliance.(STORAGE)