The impact of compliance on storage: will you benefit from increased demand?After years of research and analysis, the expected lifetime of people, animals, plants and most other objects has been documented and reasonably well understood. For data, this process is just beginning. Most businesses still don't know Don't know (DK, DKed) "Don't know the trade." A Street expression used whenever one party lacks knowledge of a trade or receives conflicting instructions from the other party. the value or the required lifetime of their data. Increased concerns about terrorism, anti-money laundering Anti-money laundering ("AML") is a term mainly used in the financial and legal industries to describe the legal controls that require financial institutions and other regulated entities to prevent or report money laundering activities. , corporate corruption, and increased privacy have moved the compliance issue to center stage. As custodians of most of this increasingly valuable data, the storage industry has a new demand driver in compliance. Numerous new government regulations have made us change the amount of time we preserve data and the way we manage data as it ages. For example, SEC rule 17a-4(t) mandates several new digital archiving requirements. These requirements include what type of storage format should be used, how long data must be retained, and where and how long duplicate copies of data must be stored, as well as specifying countless security policies. The back-end of the data lifecycle is swelling, not shrinking as was the case previously, and retention policies are now being based on data value and legality issues, not just reference activity. This change in the storage landscape calls for new management policies based on the value of data and means that a universal, standard classification scheme for data needs to emerge. All data is not created equal and many storage management vendors are working on advanced data classification schemes to generate a value factor for specific data. Is compliance with regulatory agencies worth the expense? Increasing regulatory pressure to comply with federal and global mandates for e-mail, medical/insurance, legal, financial/government classified data is forcing many businesses to fortify for·ti·fy v. for·ti·fied, for·ti·fy·ing, for·ti·fies v.tr. To make strong, as: a. To strengthen and secure (a position) with fortifications. b. To reinforce by adding material. any potential weak points in their long-term storage systems. New applications and a variety of legal and business requirements are driving the need for many businesses to reexamine re·ex·am·ine also re-ex·am·ine tr.v. re·ex·am·ined, re·ex·am·in·ing, re·ex·am·ines 1. To examine again or anew; review. 2. Law To question (a witness) again after cross-examination. or finally create their security, long-term storage and archival policies. One of the most visible examples of the emphasis on the increasingly critical value of archival data lies with the HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, (Health Insurance Portability and Accounting Act) requirements. Not only does HIPAA require health providers to preserve data for a yet to be determined time period, but the failure to protect critical patient data carries penalties presently ranging up to or exceeding $25,000 per violation. The threat of the fines and other forms of non-compliance are encouraging storage administrators to examine the increasing amount of archival data required to be kept indefinitely for future reference. For example, the PACS (Picture ArChiving System) A storage and management system for high-resolution images. Typically pertaining to the medical field, images such as X-rays, MRIs and CAT scans require a greater amount of storage than other industries. (Picture Archiving and Communications System In telecommunication, a communications system is a collection of individual communications networks, transmission systems, relay stations, tributary stations, and data terminal equipment (DTE) usually capable of interconnection and interoperation to form an integrated whole. ) application that captures and stores radiology information and other medical images is a primary component of the HIPAA requirement. Data used to be retained for one year, and then three years, then seven years, now infinite retention seems inevitable for some applications. Some health care businesses are planning to retain digital records for patients' lifetimes plus seven years (which could be over 100 years). At that point, the data may never be deleted. The growing list of regulations is becoming increasingly important to storage administrators' data management strategy and includes: * The Sarbanes-Oxley Act See SOX. : Defines rules for falsification falsification /fal·si·fi·ca·tion/ (fawl?si-fi-ka´shun) lying. retrospective falsification unconscious distortion of past experiences to conform to present emotional needs. of records and e-mail with retention and deletion guidelines requiring data to be kept 4 years after audit * HIPAA: Health Insurance Portability and Accountability Act The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress in 1996. According to the Centers for Medicare and Medicaid Services (CMS) website, Title I of HIPAA protects health insurance coverage for workers and their families when for medical images and records, possible lifetime or longer retention periods * Telecommunications: Title 47, Part 42 * Banking: OCC OCC See: Options Clearing Corporation OCC See Options Clearing Corporation (OCC). and FDIC FDIC See: Federal Deposit Insurance Corporation FDIC See Federal Deposit Insurance Corporation (FDIC). regulations * Defense: DOD (1) (Dial On Demand) A feature that allows a device to automatically dial a telephone number. For example, an ISDN router with dial on demand will automatically dial up the ISP when it senses IP traffic destined for the Internet. 5015.2 regulation * Osha: Records of individuals exposed to toxic substances retained for 30 years * Pharmaceutical and Life Sciences: Records for food kept for 2 years after availability * Electronic transactions: The Uniform Electronic Transactions Act The Uniform Electronic Transactions Act (UETA) is one of the several United States Uniform Acts proposed by the National Conference of Commissioners on Uniform State Laws (NCCUSL). Since then 46 States, the District of Columbia, and the U.S. * Brokerage Business: SEC Rule 17a-3 and 17a-4, for the life of the business entity * The U.S. Patriot Act Patriot Act: see USA PATRIOT Act. * Numerous other regulations are under review: Estimates suggest as many as 10,000 total regulations may exist Lingering Compliance Questions Understanding what happens to digital data throughout its lifetime is becoming an increasingly important aspect of effective data management. Compliance has fueled the concept of Information Lifecycle Management Information Lifecycle Management refers to a wide-ranging set of strategies for administering storage systems on computing devices. Specifically, four categories of storage strategies may be considered under the auspices of ILM. , but keep in mind that ILM is more than compliance. What happens to data as it ages? Does usage decline as data ages? Does the value of data increase or decrease as it ages? Why are we keeping more data longer than ever before? What conditions indicate when data should be retired? Do storage management requirements change as data goes through its lifecycle? If data is the most valuable asset of so many businesses, why do we know so little about it? Why don't any storage vendors include the non-digital assets of a business such as film and paper as part of their ILM strategy or offerings? Impact of Compliance on Storage These questions have become increasingly important and are in need of answers in order to understand where data should ideally reside and how it should be managed during its existence. In particular, the probability of reuse of data has become one of the most meaningful metrics for understanding optimal data placement and it is important for HSM (1) (Hierarchical Storage Management) The automatic movement of files from hard disk to slower, less-expensive storage media. The typical hierarchy is from magnetic disk to optical disc to tape. (Hierarchical Storage Management See HSM. ) to be more effective. For much digital data, the axiom of "90 days on disk and 90 years on tape" applies for lifetime management. For most all data types, the number of references to data significantly declines as it ages. This basic observation provides deeper insight into more cost-effective storage management as it enables the movement of less active data to lower-cost levels of storage. The lower frequency of access as data ages has been a fundamental concept of the HSM concept for over 25 years, and HSM is becoming a key component of both compliance and ILM implementations. However, finding a single, robust, policy-based HSM as effective as the HSM on mainframe systems that works for Unix, NT, and Linux platforms remains a distant goal. Managing Compliance Data A better way to manage data throughout its lifetime is paramount. Note that I said managing data, not devices. The lifetime of data now exceeds the lifetime of the devices containing the data. Data will not reside on the same piece of media for the duration of its digital lifetime for several reasons. Therefore, the ability to move data to newer technologies throughout its lifetime is required. Most likely, it won't become possible without some major enhancements to the existing levels management capability. As we continue to observe, data is growing faster than our ability to manage it. As SAN deployment continues to evolve, optimal data placement within the tiered storage hierarchy will begin to occur automatically without human involvement but will initially be host based. Later, these functions will move outboard of the servers and will be implemented as either an in-band or out-of-band function in the storage network itself. Advanced policy-driven SRM (1) (Storage Resource Management) The management of the storage resources in an organization in order to avoid duplication of files and to determine space utilization across all servers. (Storage Resource Management) software is positioning to measure reference patterns and trigger management actions that result in moving data to the most optimal storage locations throughout its lifetime. Final Thoughts The value of data is increasing, irrespective of economic and other pressing global issues. As the storage management requirements for data change over time, storage management has become a lifetime activity. Where data is initially stored is often not the same place where it will finally be stored. The value of data will change during its lifecycle based on unforeseen conditions. Begin building your compliance strategy now. The months that lie ahead promise that even more compliance concerns are headed your way. Today, compliance may seem like an option. Tomorrow, compliance will not be an option. |
|
||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion