Printer Friendly

How to identify storage solutions: remote data-protection services offer an alternative to purchasing new equipment and adding staff.

Originally established to strengthen practices and policies for protecting, retaining, securing, accessing and destroying financial records, the Sarbanes-Oxley Act has forced organizations to rethink some fundamental tenets of their data-protection strategies. Sarbanes-Oxley, however, needs to be viewed as more than just policies, procedures and penalties. Rather, it is creating unprecedented demand oil organizations to store more records for longer periods of time. It is forcing businesses to increase both the accessibility and security of information with documented processes to ensure the integrity, accessibility and retrieval of this information.

With this growing complexity and regulation comes an equally unprecedented opportunity for companies to re-evaluate their current storage-management solutions. One of the leading data-protection strategies emerging is remote data protection and the use of offsite facilities to perform real-time data-protection services for increasingly dispersed data. By leveraging the speed of today's networks with the security and accessibility levels of Tier-1 storage facilities, remote data protection helps businesses manage their data to the strict requirements of the Sarbanes-Oxley regulation--practically automatically.

The risks for failing to meet Sarbanes-Oxley compliance requirements include Section 404, which holds CEOs and CFOs accountable for internal controls that support corporate decision-making, financial reporting and fraud prevention. These reporting requirements force companies to have a documented set of internal rules that control how data is generated, manipulated, recorded and reported.

Financial transactions and information are heavily dependent on technology, therefore your storage infrastructure is an integral part of your Sarbanes-Oxley compliance strategy. IT processes and systems should be designed, implemented and audited to ensure the same levels of compliance, reliability, security and documentation.

This will require many organizations to rethink how they manage company information. These organizations should develop new policies and procedures to prevent inadvertent or willful deletion, alteration or destruction of any information relevant to corporate financial reporting. To avoid a judicial process, companies should retain all documents relevant to an audit or review for a period of seven years following the conclusion of the audit.

By forcing IT organizations to evaluate and implement storage solutions that provide the flexibility and control needed, without dramatically increasing the cost of maintaining their data, they are being forced to establish new and higher levels of service to their organization.

For example, different types of company and financial information will have different storage and retrieval requirements. Each information type will need to be stored, secured and made accessible for varying retention periods. Certain types of data will also need accessibility procedures and controls to ensure its authenticity and maintain an audit trail of any revisions. At the end of the Sarbanes-Oxley-mandated retention periods, this information must be quickly and completely destroyed.

For different types of data with different lifecycles, and different retention policies, varying types of information likely will be handled by different solutions. Add to this the complexity of geographically dispersed information, an increasingly mobile work force and constantly changing data, and the issue of data centralization takes on a life of its own. As a result, multiple storage solutions will need to seamlessly coexist within an organization.

This creates an opportunity for more modular, more efficient storage infrastructures that put the right information into the right employee hands when needed, with the confidence that the information is accurate, protected, reliable and traceable. This can translate into improved business processes and better business relationships with customers, partners and suppliers.

Today's regulatory-friendly storage solutions should address the data resilience, security, privacy and accessibility requirements of the different types of data across dispersed business locations. These solutions also need to guarantee service levels that provide businesses with the confidence, control and protection they need to ensure Sarbanes-Oxley storage compliance, while dramatically improving the quality of the service provided to their customers.

Remote data protection can help businesses quickly and cost-effectively move data offsite for backup reliability, offer multiple levels of data security, and deliver rapid on-demand restores--all without investing in new storage equipment or resources. Here are some of the ways remote data protection ensures Sarbanes-Oxley compliance:

Reliability. Based on the degree of risk and exposure for each data type, companies need to identify and categorize data based on this type and provide the appropriate level of protection. Remote data protection utilizes disk-to-disk backup and retrieval. Data is then preserved on tamperproof media. This provides long-term data retention to protect data and ensure its ready retrieval throughout its lifecycle, while eliminating manual handling of removable media by personnel-ensuring privacy compliance.

Security. From desktop to server to backup to archival, remote data protection protects data with a secure chain of custody. Data is stored at a highly secure, offsite location, ensuring that critical records and communications remain encrypted and protected until needed.

Centralization. An estimated 60% of company data is created and stored outside of the corporate data center. Therefore, implementing storage solutions that can centralize this data is necessary to ensure it is properly categorized and protected according to the company's verifiable policies and procedures. The encrypted transport and storage of data to disaster recovery centers ensures information is protected at a secure facility away from the primary server facility, and made accessible only to those authorized to access it.

Scalability. As the amount of data under regulatory scrutiny continues to increase, today's storage systems need to scale without creating undue operational complexity or undermining reliability and performance. Furthermore, infinitely scalable storage infrastructure is designed to keep up with this capacity growth using data life-cycle solutions that meet even the longest-term data-retention needs, while minimizing the amount of data storage required.

Accessibility. Today, 24x7 access to data is the expectation. For some data under Sarbanes-Oxley rules, multiple years of backed up data need to be as readily accessible as data backed up yesterday. Remote data protection provides a secure, Web-based repository available for anytime, anywhere access by authorized personnel. The multilevel authorization ensures confidential restoration and search of electronic records.

Service quality. No two companies' data protection needs are alike. Tolerance levels in recovery-point objectives, recovery-time objectives, restore times and frequency of backups can vary significantly. All companies, however, have the ability to provide the best service quality to their organization at the lowest possible cost. In turn, service quality directly impacts the ROI of the data-protection solution. Hence, tuning the service quality to optimize the solution for your business will ultimately determine its effectiveness not only in ensuring Sarbanes-Oxley compliance, but in proving value-added benefits, such as reducing downtime and reducing costs, while improving backup frequency, reliability and restore times. With remote data protection, service levels are often guaranteed, so service is financially backed to protect from loss and downtime disasters.

For more information from Arsenal Digital Solutions:

Sam Sigarto is chief operations officer for Arsenal Digital Solutions, Cary, N.C.
COPYRIGHT 2005 Nelson Publishing
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2005 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Sigarto, Sam
Publication:Communications News
Geographic Code:1USA
Date:Aug 1, 2005
Previous Article:Home improvement: Russ Rosen's priority at Rooms To Go was to create a disaster-recovery site to protect the company's data from Florida storms.
Next Article:Consider SAN cabling.

Related Articles
Centralized file-cached storage protects against disaster: consolidated data is easier to protect, easier to manage, and much less expensive. But...
Simplifying disaster recovery solutions to protect your data.
Addressing the challenges of data protection; key data must be 100% reliable, accessible and up-to-date.
The key suppliers in business continuity.
Data protection and disaster recovery of local and remote file servers.
Managing distributed data in the enterprise.
Marlboro company gets $22M influx.

Terms of use | Copyright © 2016 Farlex, Inc. | Feedback | For webmasters