Printer Friendly
The Free Library
22,728,960 articles and books

How to identify storage solutions: remote data-protection services offer an alternative to purchasing new equipment and adding staff.

Originally established to strengthen practices and policies for protecting, retaining, securing, accessing and destroying financial records, the Sarbanes-Oxley Act See SOX.  has forced organizations to rethink some fundamental tenets of their data-protection strategies. Sarbanes-Oxley, however, needs to be viewed as more than just policies, procedures and penalties. Rather, it is creating unprecedented demand oil organizations to store more records for longer periods of time. It is forcing businesses to increase both the accessibility and security of information with documented processes to ensure the integrity, accessibility and retrieval of this information.

With this growing complexity and regulation comes an equally unprecedented opportunity for companies to re-evaluate their current storage-management solutions. One of the leading data-protection strategies emerging is remote data protection and the use of offsite facilities to perform real-time data-protection services for increasingly dispersed dis·perse  
v. dis·persed, dis·pers·ing, dis·pers·es
a. To drive off or scatter in different directions: The police dispersed the crowd.

 data. By leveraging the speed of today's networks with the security and accessibility levels of Tier-1 storage facilities, remote data protection helps businesses manage their data to the strict requirements of the Sarbanes-Oxley regulation--practically automatically.

The risks for failing to meet Sarbanes-Oxley compliance requirements Compliance requirements are a series of directives established by United States Federal government agencies that summarize hundreds of Federal laws and regulations applicable to Federal assistance (also known as Federal aid or Federal funds).  include Section 404, which holds CEOs and CFOs accountable for internal controls that support corporate decision-making, financial reporting and fraud prevention. These reporting requirements force companies to have a documented set of internal rules that control how data is generated, manipulated, recorded and reported.

Financial transactions and information are heavily dependent on technology, therefore your storage infrastructure is an integral part of your Sarbanes-Oxley compliance strategy. IT processes and systems should be designed, implemented and audited to ensure the same levels of compliance, reliability, security and documentation.

This will require many organizations to rethink how they manage company information. These organizations should develop new policies and procedures Policies and Procedures are a set of documents that describe an organization's policies for operation and the procedures necessary to fulfill the policies. They are often initiated because of some external requirement, such as environmental compliance or other governmental  to prevent inadvertent or willful Intentional; not accidental; voluntary; designed.

There is no precise definition of the term willful because its meaning largely depends on the context in which it appears.
 deletion, alteration or destruction of any information relevant to corporate financial reporting. To avoid a judicial process, companies should retain all documents relevant to an audit or review for a period of seven years following the conclusion of the audit.

By forcing IT organizations to evaluate and implement storage solutions that provide the flexibility and control needed, without dramatically increasing the cost of maintaining their data, they are being forced to establish new and higher levels of service to their organization.

For example, different types of company and financial information will have different storage and retrieval requirements. Each information type will need to be stored, secured and made accessible for varying retention periods. Certain types of data will also need accessibility procedures and controls to ensure its authenticity and maintain an audit trail of any revisions. At the end of the Sarbanes-Oxley-mandated retention periods, this information must be quickly and completely destroyed.

For different types of data with different lifecycles, and different retention policies, varying types of information likely will be handled by different solutions. Add to this the complexity of geographically dispersed information, an increasingly mobile work force and constantly changing data, and the issue of data centralization cen·tral·ize  
v. cen·tral·ized, cen·tral·iz·ing, cen·tral·iz·es
1. To draw into or toward a center; consolidate.

 takes on a life of its own Memory Burn A Life Of Its Own was released by Noise Kontrol in 2002. Memory Burn is made up of several high profile musicians who came together to create this special work. . As a result, multiple storage solutions will need to seamlessly coexist co·ex·ist  
intr.v. co·ex·ist·ed, co·ex·ist·ing, co·ex·ists
1. To exist together, at the same time, or in the same place.

 within an organization.

This creates an opportunity for more modular, more efficient storage infrastructures that put the right information into the right employee hands when needed, with the confidence that the information is accurate, protected, reliable and traceable. This can translate into improved business processes and better business relationships with customers, partners and suppliers.

Today's regulatory-friendly storage solutions should address the data resilience, security, privacy and accessibility requirements of the different types of data across dispersed business locations. These solutions also need to guarantee service levels that provide businesses with the confidence, control and protection they need to ensure Sarbanes-Oxley storage compliance, while dramatically improving the quality of the service provided to their customers.

Remote data protection can help businesses quickly and cost-effectively move data offsite for backup reliability, offer multiple levels of data security, and deliver rapid on-demand restores--all without investing in new storage equipment or resources. Here are some of the ways remote data protection ensures Sarbanes-Oxley compliance:

Reliability. Based on the degree of risk and exposure for each data type, companies need to identify and categorize cat·e·go·rize  
tr.v. cat·e·go·rized, cat·e·go·riz·ing, cat·e·go·riz·es
To put into a category or categories; classify.

 data based on this type and provide the appropriate level of protection. Remote data protection utilizes disk-to-disk backup and retrieval. Data is then preserved on tamperproof tam·per·proof  
Designed to prevent tampering or provide evidence of tampering: tamperproof aspirin containers. 
 media. This provides long-term data retention to protect data and ensure its ready retrieval throughout its lifecycle, while eliminating manual handling of removable media In computer storage, removable media refers to storage media which can be removed from its reader device, conferring portability on the data it carries. A removable drive is a reader device for such media.  by personnel-ensuring privacy compliance.

Security. From desktop to server to backup to archival, remote data protection protects data with a secure chain of custody The movement and location of physical evidence from the time it is obtained until the time it is presented in court.

Judges in bench trials and jurors in jury trials are obligated to decide cases on the evidence that is presented to them in court.
. Data is stored at a highly secure, offsite location, ensuring that critical records and communications remain encrypted en·crypt  
tr.v. en·crypt·ed, en·crypt·ing, en·crypts
1. To put into code or cipher.

2. Computer Science
 and protected until needed.

Centralization. An estimated 60% of company data is created and stored outside of the corporate data center. Therefore, implementing storage solutions that can centralize cen·tral·ize  
v. cen·tral·ized, cen·tral·iz·ing, cen·tral·iz·es
1. To draw into or toward a center; consolidate.

 this data is necessary to ensure it is properly categorized cat·e·go·rize  
tr.v. cat·e·go·rized, cat·e·go·riz·ing, cat·e·go·riz·es
To put into a category or categories; classify.

 and protected according to according to
1. As stated or indicated by; on the authority of: according to historians.

2. In keeping with: according to instructions.

 the company's verifiable policies and procedures. The encrypted transport and storage of data to disaster recovery centers ensures information is protected at a secure facility away from the primary server facility, and made accessible only to those authorized to access it.

Scalability. As the amount of data under regulatory scrutiny continues to increase, today's storage systems need to scale without creating undue operational complexity or undermining reliability and performance. Furthermore, infinitely scalable storage infrastructure is designed to keep up with this capacity growth using data life-cycle solutions that meet even the longest-term data-retention needs, while minimizing the amount of data storage required.

Accessibility. Today, 24x7 access to data is the expectation. For some data under Sarbanes-Oxley rules, multiple years of backed up data need to be as readily accessible as data backed up yesterday. Remote data protection provides a secure, Web-based repository available for anytime, anywhere access by authorized personnel. The multilevel mul·ti·lev·el  
Having several levels: a multilevel parking garage.

Adj. 1. multilevel - of a building having more than one level
 authorization ensures confidential restoration and search of electronic records.

Service quality. No two companies' data protection needs are alike. Tolerance levels in recovery-point objectives, recovery-time objectives, restore times and frequency of backups can vary significantly. All companies, however, have the ability to provide the best service quality to their organization at the lowest possible cost. In turn, service quality directly impacts the ROI (Return On Investment) The monetary benefits derived from having spent money on developing or revising a system. In the IT world, there are more ways to compute ROI than Carter has liver pills (and for those of you who never heard of that expression, it means a lot).  of the data-protection solution. Hence, tuning the service quality to optimize the solution for your business will ultimately determine its effectiveness not only in ensuring Sarbanes-Oxley compliance, but in proving value-added benefits, such as reducing downtime The time during which a computer is not functioning due to hardware, operating system or application program failure.  and reducing costs, while improving backup frequency, reliability and restore times. With remote data protection, service levels are often guaranteed, so service is financially backed to protect from loss and downtime disasters.

For more information from Arsenal Digital Solutions:

Sam Sigarto is chief operations officer for Arsenal Digital Solutions, Cary, N.C.
COPYRIGHT 2005 Nelson Publishing
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2005 Gale, Cengage Learning. All rights reserved.

 Reader Opinion




Article Details
Printer friendly Cite/link Email Feedback
Author:Sigarto, Sam
Publication:Communications News
Geographic Code:1USA
Date:Aug 1, 2005
Previous Article:Home improvement: Russ Rosen's priority at Rooms To Go was to create a disaster-recovery site to protect the company's data from Florida storms.
Next Article:Consider SAN cabling.

Related Articles
Centralized file-cached storage protects against disaster: consolidated data is easier to protect, easier to manage, and much less expensive. But...
Simplifying disaster recovery solutions to protect your data.
Addressing the challenges of data protection; key data must be 100% reliable, accessible and up-to-date.
The key suppliers in business continuity.
Data protection and disaster recovery of local and remote file servers.
Managing distributed data in the enterprise.
Marlboro company gets $22M influx.

Terms of use | Copyright © 2014 Farlex, Inc. | Feedback | For webmasters