New ILM solutions for regulatory compliance: case study on how a customer achieves both financial and operational efficiencies.Deadlines for achieving regulatory compliance are fast approaching and many are already here. With almost daily news of scandals, ethics violations, and privacy tampering, the federal government and other enforcement bodies have beefed up enforcement of existing regulations on data retention and added more far-reaching ones: SEC 17a.4 and NASD NASD See: National Association of Securities Dealers NASD See National Association of Securities Dealers (NASD). rules, Sarbanes-Oxley Act See SOX. of 2002 and HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, , to name a few. As a result, corporate officers and their organizations across America face substantial legal and financial penalties if regulated data is not properly managed and retained over its lifecycle. According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. a report by the Enterprise Storage Group, the worldwide capacity of compliant records will increase from 376PB in 2003 to 1,644PB in 2006--a CAGR CAGR See: Compound Annual Growth Rate of 64%. Although some see compliance as a grim but necessary evil that overloads IT, strands compliance officers, and scares senior management with personal liability threats, others see it as an opportunity to improve the operations of their company and the efficiency of the data storage infrastructure. These regulations can have long-ranging effects on the organization and how its information assets are managed over time. Storage management functions such as capacity management, backup and restore, archiving and tiered-storage are all either directly or indirectly impacted by this new wave of regulations on how data is to be retained or disposed of over its lifecycle. According to Peter Gerr, research analyst with the Enterprise Strategy Group, "From my perspective, compliance should not be seen as another corporate tax, but as an opportunity, a strategic investment that also helps an organization improve its ability to manage and protect its valuable information assets throughout their lifecycle." Fortunately, there are new Information Lifecycle Management Information Lifecycle Management refers to a wide-ranging set of strategies for administering storage systems on computing devices. Specifically, four categories of storage strategies may be considered under the auspices of ILM. (ILM) solutions available today that can address compliance requirements Compliance requirements are a series of directives established by United States Federal government agencies that summarize hundreds of Federal laws and regulations applicable to Federal assistance (also known as Federal aid or Federal funds). while still addressing business and technology objectives, and at the same time reducing costs and improving operational efficiencies. Technologies for Regulatory Compliance Every day, new technologies become available to help organizations address compliance. EMC (1) (EMC Corporation, Hopkinton, MA, www.emc.com) The leading supplier of storage products for midrange computers and mainframes. Founded in 1979 by Richard J. Egan and Roger Marino, EMC has developed advanced storage and retrieval technologies for the world's largest companies. released its Centera Content Addressed Storage A storage technique from EMC for content that is in its final form (fixed content). CAS assigns an identifier to the files so they can be accessed no matter where they are located. (CAS) System with regulatory compliance features, NetApp introduced SnapLock, and IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries) recently launched its TotalStorage DR450, to name a few. In addition, storage management vendors such as Arkivio, iLumin, and Microsoft have introduced software solutions specifically designed to enable regulatory compliance. While vendors can help by providing the nuts and bolts nuts and bolts pl.n. Slang The basic working components or practical aspects: "[proposing] of a compliance solution, the burden is on end users to adhere to adhere to verb 1. follow, keep, maintain, respect, observe, be true, fulfil, obey, heed, keep to, abide by, be loyal, mind, be constant, be faithful 2. and prove compliance with the different regulations. Typically, what customers require is a custom solution for regulatory compliance that integrates multiple hardware and software technologies, along with professional services (job) professional services - A department of a supplier providing consultancy and programming manpower for the supplier's products. to get the job done right. For example, one regulatory requirement Regulatory requirements are part of the process of drug discovery and drug development. Regulatory requirements describe what is necessary for a new drug to be approved for marketing in any particular country. for broker dealers is that they retain all electronic records on non-alterable and non-erasable types of media, such as WORM (write once read many) technology. Traditionally, this has been tape and optical technologies, but today customers have newer options such as on-line, disk-based solutions, which also ensure a record cannot be prematurely erased before the expiration of its retention period. In a company's environment, however, a disk-based WORM solution relies upon the ILM software application to implement retention policies for the tens of millions of files they have and to drive data movement via policies into the proper storage system at the best cost. [ILLUSTRATION OMITTED] ILM Solutions for Regulatory Compliance To overcome the many challenges and properly retain regulated data, customers should first consider ILM solutions specifically tailored for regulatory compliance. As an example, let's explore a customer case study where the Arkivio auto-stor ILM software was used to manage and archive regulatory data on the EMC Centera CAS system. Fortune 500 Manufacturer Company Background ABC ABC in full American Broadcasting Co. Major U.S. television network. It began when the expanding national radio network NBC split into the separate Red and Blue networks in 1928. Company designs, manufacturers, markets and supports complex products for commercial and military markets worldwide. The company provides Information Services See Information Systems. and IT Management that support over 8,500 employees in 25 countries. IT Environment At one of its corporate data centers, ABC Company has a total of 108 Windows 2000 and 110 Unix application/file servers and its IT Department manages over 45 terabytes (TB) of storage capacity across its heterogeneous DAS/NAS/SAN infrastructure. Three years ago, ABC Company acquired an 11-TB EMC Celerra  This article or section is written like an .Please help [ rewrite this article] from a neutral point of view. Mark blatant advertising for , using . in an effort to consolidate their disparate server and storage resources. Since then, the EMC Celerra has become the primary storage device for the company's unstructured data--such as user home directories, engineering CAD/CAM CAD/CAM in full computer-aided design/computer-aided manufacturing. Integration of design and manufacturing into a system under direct control of digital computers. files, critical business documents, and regulatory information. In order to comply with both internal and external data retention guidelines from the FAA, DoD, SEC, and Sarbanes-Oxley, ABC Company acquired a 10-TB EMC Centera, and the plan is to utilize this as the primary enterprise archive repository for both compliance data and business documents that must be retained but not altered for extended periods of time. The Challenge: Capacity Management and Regulatory Compliance With millions upon millions of files, growth rates Growth Rates The compounded annualized rate of growth of a company's revenues, earnings, dividends, or other figures. Notes: Remember, historically high growth rates don't always mean a high rate of growth looking into the future. of 60% or higher, increasing concern about regulatory compliance, and limited IT staff resources, ABC Company faced many storage management challenges. The company decided to move to a tiered-storage architecture in order to optimize placement of data on the most appropriate EMC storage system, while at the same time, reduce the Total Cost of Ownership (TCO (1) (Total Cost of Ownership) The cost of using a computer. It includes the cost of the hardware, software and upgrades as well as the cost of the inhouse staff and/or consultants that provide training and technical support. See ROI. ) of their storage. However, this plan created another problem. It increased administrator time required to manually examine all the data, identify critical business files that should remain on the EMC Celerra, as well as regulatory files that should be archived to the EMC Centera, move the data, and then inform the end users as to the changes to their environment. The IT Department decided to look for a solution that would automate this entire process. Unfortunately, ABC Company did not have an accurate picture of total available and utilized storage capacity across their entire IT infrastructure. They did not know what types of files were out there, how old the data was, how many files were duplicates, or how valuable the data was to the different business units (e.g., how often users accessed their files). Additionally, the IT Team did not have an effective method to identify and classify their regulatory data to ensure, for instance, that the appropriate files were being retained on the EMC Centera for compliance. ABC Company developed in-house tools that attempted to scan existing databases and file systems across the network, but they were inefficient and difficult to maintain. Step One: Data Storage Assessment: Without deploying any agents on servers or storage devices, the Arkivio auto-stor software scanned all DAS/NAS/SAN volumes on the network. ABC Company focused their initial analysis on the EMC Celerra system. Within hours, ABC Company was able to run in-depth reports on total available and utilized capacity, space consumption by file type, and data usage patterns. The IT Team learned, for instance, that 80% of their data on the EMC Celerra had not been accessed in 180 days or more. They were also able to identify the location of their regulated data and which users, departments or applications had created these files. Step Two: Data/Storage Classification Next the IT Team at ABC Company utilized the Arkivio auto-stor solution to create logical groupings of data and storage resources that spanned multiple volumes and systems. They logically grouped files based on attributes such as file type, size, application, and last accessed/last modified date. Then they utilized Arkivio auto-stor to classify files based on their business value or applicable federal regulation (i.e. HIPAA, DoD, Sarbanes-Oxley, etc.). Similarly, they utilized Arkivio auto-stor to logically group storage volumes based on common characteristics such as cost, utilization, and make/manufacturer. Step Three: Data Management Automation: ABC Company decided they were now ready to create a variety of policies to automate data management between their EMC Celerra and EMC Centera. Their first priority was to clean up PST PST Paroxysmal supraventricular tachycardia, see there files, since the company had a corporate governance Corporate Governance The relationship between all the stakeholders in a company. This includes the shareholders, directors, and management of a company, as defined by the corporate charter, bylaws, formal policy, and rule of law. policy against users storing PST files on home directories. They created a migrate policy that incorporated a File Group consisting of all PST files not accessed in 90 days that moved those files from the EMC Celerra to the EMC Centera, while leaving behind a link (for NFS (Network File System) The file sharing protocol in a Unix network. This de facto Unix standard, which is widely known as a "distributed file system," was developed by Sun. See file sharing protocol and WebNFS. NFS - Network File System ) or shortcut (1) In Windows, a shortcut is an icon that points to a program or data file. Shortcuts can be placed on the desktop or stored in other folders, and double clicking a shortcut is the same as double clicking the original file. (for CIFS (Common Internet File System) The file sharing protocol used in Windows. It evolved out of the SMB (Server Message Block) protocol in DOS, which is why the terms CIFS/SMB and SMB/CIFS are sometimes seen. The word "Internet" in the CIFS name has little relevance. ). The migration was completely seamless to users and Microsoft Outlook. A FIFO (First In First Out) A storage method that retrieves the item stored for the longest time. Contrast with LIFO. See traffic engineering methods. FIFO - first-in first-out (First In First Out) retention policy was established so that users (after being notified of this policy) had a brief period to archive their PST files to off-line media such as CD-ROM CD-ROM: see compact disc. CD-ROM in full compact disc read-only memory Type of computer storage medium that is read optically (e.g., by a laser). before the migrate policy permanently removed the older PST files. In less than a week, the IT Team became very proficient creating a variety of other policies using Arkivio auto-stor. They created data management policies which executed different actions such as migrate, move, delete, and copy. As illustrated in the Figure, all regulated data such as engineering CAD/CAM files and other fixed-content data was identified and classified before being moved to the EMC Centera based on the retention policies set by the administrator. The Arkivio auto-stor ILM solution also enabled ABC Company to simulate policy actions. IT Administrators could create a policy and then simulate it to test the results. This enabled them to know exactly how many files would be migrated and how much capacity would be freed on primary storage. Arkivio auto-stor also provided a means of supporting regulatory audits by enabling attributes-based search and restoration of files that have been archived on the Centera. Business Benefits: 2-Month ROI (Return On Investment) The monetary benefits derived from having spent money on developing or revising a system. In the IT world, there are more ways to compute ROI than Carter has liver pills (and for those of you who never heard of that expression, it means a lot). , Productivity Gains & Backup/Recovery Improvement ABC Company achieved many compelling benefits after implementing the joint Arkivio-EMC ILM solution for regulatory compliance. IT administrators are now able to easily identify and report on regulated files across multi-vendor storage platforms, heterogeneous file systems, and DAS, NAS (1) See network access server. (2) (Network Attached Storage) A specialized file server that connects to the network. A NAS device contains a slimmed-down operating system and a file system and processes only I/O requests by supporting the popular , and SAN environments. ABC Company is also now able to automate tiered-storage management between its EMC Celerra and EMC Centera to ensure that critical business files remain on the EMC Celerra, while regulatory and other fixed-content data is archived to the EMC Centera. As a result, ABC Company has been able to immediately free storage capacity on their EMC Celerra extending its life and enabling ABC Company to achieve a more cost-effective balance between its storage tiers as it makes better use of its lower cost EMC Centera enterprise storage system. In short order, the project yielded very positive results: * The Arkivio software paid for itself within two months after implementation * Over 2TB of regulated and fixed-content data has been migrated to the EMC Centera * By optimizing placement of data across its different tiers of EMC storage, ABC Company has achieved a 50% improvement in application server performance, which in turn has significantly improved user productivity * ABC Company has also significantly improved productivity within the storage administration team by automating capacity management functions * Over 14 person-hours per month alone have been saved by automating the previous manual processes of notifying users of full volumes and manually migrating data using scripts * ABC Company estimates they will reduce their back-up and recovery times by over 50% on file servers, freeing up valuable network bandwidth and reducing costs on backup media. Conclusion Avoiding substantial financial penalties are not the only motivation for implementing an ILM solution for regulatory compliance. Customers can also better store, protect, duplicate and manage their data over its lifecycle according to regulations, and at the same time, observe best practices management throughout the company. By implementing an integrated ILM solution specifically designed for regulatory compliance, organizations are better able to ensure their regulated data remains safe and immediately accessible, as well optimize the utilization of resources and productivity of their IT staff. Equally important, however, is the fact that senior management, compliance officers and IT can turn compliance measures from reactive cost centers into strategic storage initiatives that deliver both financial and operational benefits to the organization. Glenn Rhodes is director of product marketing at Arkivio, Inc. (Mountain View, CA) www.arkivio.com |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion