What are some best practices for retaining data in a highly regulated business environment?

Have a good information retention policy. I see a lot of organizations where they retain backups or copies of databases, but they don't know why they're retaining it or for how long...

Storage security information
Why and how your storage environment will be attacked

Five must-have storage security testing tools

Protect your data from hidden threats
Have a good information retention policy. I see a lot of organizations where they retain backups or copies of databases, but they don't know why they're retaining it or for how long. This not only demands storage space, but can also consume network bandwidth, CPU cycles and present a potential liability issue by retaining vast quantities of sensitive information that are susceptible to attack. There's no need to reinvent the wheel. Sample policies can easily be obtained from sources on the Internet.

If possible, the storage administrator or network administrator should try to get other people involved in the retention process. Don't develop a retention policy on your own; mainly because you won't be able to enforce it, especially if management has not bought into it. Perhaps create a compliance committee or IT governance committee to form the foundation of retention practices that encompass technical issues, as well as business considerations, including legal and human resources.

Remember that it's not just about laws and regulations. You're also potentially dealing with litigation and discovery requests, so you must determine what to keep and how long it really needs to be kept. If you retain data longer than necessary, it can actually create some liabilities during litigation. The information you're retaining must be searchable and retrievable within a timely manner, so use the technology, such as content indexing, to support retention. The faster a storage organization can facilitate an investigation or discovery request, the less expensive and disruptive it will be to the business.

You must also demonstrate that you have a secure storage environment for all of the data and information being protected. If trouble strikes and investigation proves that you do not have secure storage or a sound retention policy, or are not following the established policy, it will create additional legal problems for the enterprise.

Listen to the Storage Security FAQ audiocast here.

Go to the beginning of the Storage Security FAQ Guide.

This was first published in March 2007
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSolidStateStorage

SearchVirtualStorage

SearchCloudStorage

SearchDisasterRecovery

SearchDataBackup

Close