Printer Friendly

New ILM solutions for regulatory compliance: case study on how a customer achieves both financial and operational efficiencies.

Deadlines for achieving regulatory compliance are fast approaching and many are already here. With almost daily news of scandals, ethics violations, and privacy tampering, the federal government and other enforcement bodies have beefed up enforcement of existing regulations on data retention and added more far-reaching ones: SEC 17a.4 and NASD rules, Sarbanes-Oxley Act of 2002 and HIPAA, to name a few. As a result, corporate officers and their organizations across America face substantial legal and financial penalties if regulated data is not properly managed and retained over its lifecycle.

According to a report by the Enterprise Storage Group, the worldwide capacity of compliant records will increase from 376PB in 2003 to 1,644PB in 2006--a CAGR of 64%.

Although some see compliance as a grim but necessary evil that overloads IT, strands compliance officers, and scares senior management with personal liability threats, others see it as an opportunity to improve the operations of their company and the efficiency of the data storage infrastructure. These regulations can have long-ranging effects on the organization and how its information assets are managed over time. Storage management functions such as capacity management, backup and restore, archiving and tiered-storage are all either directly or indirectly impacted by this new wave of regulations on how data is to be retained or disposed of over its lifecycle.

According to Peter Gerr, research analyst with the Enterprise Strategy Group, "From my perspective, compliance should not be seen as another corporate tax, but as an opportunity, a strategic investment that also helps an organization improve its ability to manage and protect its valuable information assets throughout their lifecycle."

Fortunately, there are new Information Lifecycle Management (ILM) solutions available today that can address compliance requirements while still addressing business and technology objectives, and at the same time reducing costs and improving operational efficiencies.

Technologies for Regulatory Compliance

Every day, new technologies become available to help organizations address compliance. EMC released its Centera Content Addressed Storage (CAS) System with regulatory compliance features, NetApp introduced SnapLock, and IBM recently launched its TotalStorage DR450, to name a few. In addition, storage management vendors such as Arkivio, iLumin, and Microsoft have introduced software solutions specifically designed to enable regulatory compliance.

While vendors can help by providing the nuts and bolts of a compliance solution, the burden is on end users to adhere to and prove compliance with the different regulations. Typically, what customers require is a custom solution for regulatory compliance that integrates multiple hardware and software technologies, along with professional services to get the job done right.

For example, one regulatory requirement for broker dealers is that they retain all electronic records on non-alterable and non-erasable types of media, such as WORM (write once read many) technology. Traditionally, this has been tape and optical technologies, but today customers have newer options such as on-line, disk-based solutions, which also ensure a record cannot be prematurely erased before the expiration of its retention period.

In a company's environment, however, a disk-based WORM solution relies upon the ILM software application to implement retention policies for the tens of millions of files they have and to drive data movement via policies into the proper storage system at the best cost.


ILM Solutions for Regulatory Compliance

To overcome the many challenges and properly retain regulated data, customers should first consider ILM solutions specifically tailored for regulatory compliance. As an example, let's explore a customer case study where the Arkivio auto-stor ILM software was used to manage and archive regulatory data on the EMC Centera CAS system.

Fortune 500 Manufacturer Company Background

ABC Company designs, manufacturers, markets and supports complex products for commercial and military markets worldwide. The company provides Information Services and IT Management that support over 8,500 employees in 25 countries.

IT Environment

At one of its corporate data centers, ABC Company has a total of 108 Windows 2000 and 110 Unix application/file servers and its IT Department manages over 45 terabytes (TB) of storage capacity across its heterogeneous DAS/NAS/SAN infrastructure.

Three years ago, ABC Company acquired an 11-TB EMC Celerra in an effort to consolidate their disparate server and storage resources. Since then, the EMC Celerra has become the primary storage device for the company's unstructured data--such as user home directories, engineering CAD/CAM files, critical business documents, and regulatory information.

In order to comply with both internal and external data retention guidelines from the FAA, DoD, SEC, and Sarbanes-Oxley, ABC Company acquired a 10-TB EMC Centera, and the plan is to utilize this as the primary enterprise archive repository for both compliance data and business documents that must be retained but not altered for extended periods of time.

The Challenge: Capacity Management and Regulatory Compliance

With millions upon millions of files, growth rates of 60% or higher, increasing concern about regulatory compliance, and limited IT staff resources, ABC Company faced many storage management challenges. The company decided to move to a tiered-storage architecture in order to optimize placement of data on the most appropriate EMC storage system, while at the same time, reduce the Total Cost of Ownership (TCO) of their storage. However, this plan created another problem. It increased administrator time required to manually examine all the data, identify critical business files that should remain on the EMC Celerra, as well as regulatory files that should be archived to the EMC Centera, move the data, and then inform the end users as to the changes to their environment. The IT Department decided to look for a solution that would automate this entire process.

Unfortunately, ABC Company did not have an accurate picture of total available and utilized storage capacity across their entire IT infrastructure. They did not know what types of files were out there, how old the data was, how many files were duplicates, or how valuable the data was to the different business units (e.g., how often users accessed their files). Additionally, the IT Team did not have an effective method to identify and classify their regulatory data to ensure, for instance, that the appropriate files were being retained on the EMC Centera for compliance.

ABC Company developed in-house tools that attempted to scan existing databases and file systems across the network, but they were inefficient and difficult to maintain.

Step One:

Data Storage Assessment:

Without deploying any agents on servers or storage devices, the Arkivio auto-stor software scanned all DAS/NAS/SAN volumes on the network. ABC Company focused their initial analysis on the EMC Celerra system. Within hours, ABC Company was able to run in-depth reports on total available and utilized capacity, space consumption by file type, and data usage patterns. The IT Team learned, for instance, that 80% of their data on the EMC Celerra had not been accessed in 180 days or more. They were also able to identify the location of their regulated data and which users, departments or applications had created these files.

Step Two:

Data/Storage Classification

Next the IT Team at ABC Company utilized the Arkivio auto-stor solution to create logical groupings of data and storage resources that spanned multiple volumes and systems. They logically grouped files based on attributes such as file type, size, application, and last accessed/last modified date. Then they utilized Arkivio auto-stor to classify files based on their business value or applicable federal regulation (i.e. HIPAA, DoD, Sarbanes-Oxley, etc.). Similarly, they utilized Arkivio auto-stor to logically group storage volumes based on common characteristics such as cost, utilization, and make/manufacturer.

Step Three:

Data Management Automation:

ABC Company decided they were now ready to create a variety of policies to automate data management between their EMC Celerra and EMC Centera. Their first priority was to clean up PST files, since the company had a corporate governance policy against users storing PST files on home directories. They created a migrate policy that incorporated a File Group consisting of all PST files not accessed in 90 days that moved those files from the EMC Celerra to the EMC Centera, while leaving behind a link (for NFS) or shortcut (for CIFS). The migration was completely seamless to users and Microsoft Outlook. A FIFO (First In First Out) retention policy was established so that users (after being notified of this policy) had a brief period to archive their PST files to off-line media such as CD-ROM before the migrate policy permanently removed the older PST files.

In less than a week, the IT Team became very proficient creating a variety of other policies using Arkivio auto-stor. They created data management policies which executed different actions such as migrate, move, delete, and copy. As illustrated in the Figure, all regulated data such as engineering CAD/CAM files and other fixed-content data was identified and classified before being moved to the EMC Centera based on the retention policies set by the administrator.

The Arkivio auto-stor ILM solution also enabled ABC Company to simulate policy actions. IT Administrators could create a policy and then simulate it to test the results. This enabled them to know exactly how many files would be migrated and how much capacity would be freed on primary storage. Arkivio auto-stor also provided a means of supporting regulatory audits by enabling attributes-based search and restoration of files that have been archived on the Centera.

Business Benefits: 2-Month ROI, Productivity Gains & Backup/Recovery Improvement ABC Company achieved many compelling benefits after implementing the joint Arkivio-EMC ILM solution for regulatory compliance. IT administrators are now able to easily identify and report on regulated files across multi-vendor storage platforms, heterogeneous file systems, and DAS, NAS, and SAN environments. ABC Company is also now able to automate tiered-storage management between its EMC Celerra and EMC Centera to ensure that critical business files remain on the EMC Celerra, while regulatory and other fixed-content data is archived to the EMC Centera. As a result, ABC Company has been able to immediately free storage capacity on their EMC Celerra extending its life and enabling ABC Company to achieve a more cost-effective balance between its storage tiers as it makes better use of its lower cost EMC Centera enterprise storage system.

In short order, the project yielded very positive results:

* The Arkivio software paid for itself within two months after implementation

* Over 2TB of regulated and fixed-content data has been migrated to the EMC Centera

* By optimizing placement of data across its different tiers of EMC storage, ABC Company has achieved a 50% improvement in application server performance, which in turn has significantly improved user productivity

* ABC Company has also significantly improved productivity within the storage administration team by automating capacity management functions

* Over 14 person-hours per month alone have been saved by automating the previous manual processes of notifying users of full volumes and manually migrating data using scripts

* ABC Company estimates they will reduce their back-up and recovery times by over 50% on file servers, freeing up valuable network bandwidth and reducing costs on backup media.


Avoiding substantial financial penalties are not the only motivation for implementing an ILM solution for regulatory compliance. Customers can also better store, protect, duplicate and manage their data over its lifecycle according to regulations, and at the same time, observe best practices management throughout the company. By implementing an integrated ILM solution specifically designed for regulatory compliance, organizations are better able to ensure their regulated data remains safe and immediately accessible, as well optimize the utilization of resources and productivity of their IT staff. Equally important, however, is the fact that senior management, compliance officers and IT can turn compliance measures from reactive cost centers into strategic storage initiatives that deliver both financial and operational benefits to the organization.

Glenn Rhodes is director of product marketing at Arkivio, Inc. (Mountain View, CA)
COPYRIGHT 2004 West World Productions, Inc.
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2004, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:Regulatory Compliance; Information Lifecycle Management
Author:Rhodes, Glenn
Publication:Computer Technology Review
Geographic Code:1USA
Date:May 1, 2004
Previous Article:The case for compliance profiling.
Next Article:Assessing your storage and backup for regulatory compliance.

Related Articles
The impact of compliance on storage: will you benefit from increased demand?
Information lifecycle management: the next wave.
IBM, EMC, HP, CA, Oracle and Iron MTN executives gather to define lifecycle MGMT.
Unstructured data: the roadblock to effective ILM.
Information lifecycle management: mastering complexity.
Archiving has nasty sting in tail.
Building compliance, block by block.
Looking back.
Will the promise of ILM remain elusive?
Data management for compliance.

Terms of use | Privacy policy | Copyright © 2021 Farlex, Inc. | Feedback | For webmasters |