This article can also be found in the Premium Editorial Download "Storage magazine: Using file virtualization to improve network-attached storage."
Download it now to read this article plus other related content.
Laws and regulations generally specify the content of the records a company must create and retain, but not the form in which the records are organized or the media on which they're stored. However, the organization and location of the data can make a big difference when you're defining your compliance program and selecting appropriate technologies for implementation.
|Business drivers for data management|
A key question that needs to be addressed is the appropriate scope of your compliance program and the types of records that will be addressed first. Does it include management of email, instant messages, voice mail, office documents, scanned document images and databases? What about paper records? Which areas represent the most immediate sources of compliance or litigation risk/cost? Which ones represent important opportunities for improved efficiencies and cost reductions?
The "Business drivers for data management" matrix on this page illustrates how many companies see semistructured data--particularly email and instant messages--as the most immediate pain point to be addressed to reduce the risk of noncompliance or the cost of litigation discovery. Structured data--including ERP databases and other enterprise applications --is often thought to be adequately controlled and compliant, although longer retention periods and increased regulatory scrutiny have many firms considering alternative ways to preserve and manage those records over the full information life cycle. Finally, unstructured data--such as office documents stored on network file shares--has typically been viewed primarily as a giant storage cost problem. However, many companies are now beginning to address these files in terms of their compliance and litigation strategy requirements, and storage professionals can make a big contribution in this area.
Given the broad range of data types a compliance program must ultimately address, it probably doesn't make sense to seek a single integrated solution for all of these data types. Most companies choose to start with the most pressing pain points and tackle problems one step at a time.
For example, many enterprises, particularly those in industries such as banking and securities trading, have implemented email archiving applications to ensure compliance with regulations or to provide appropriate retention of email records as part of a litigation-readiness strategy (see "Tools for managing legal holds and e-discovery," PDF file below). As attention turns to the contents of file systems, and as vendors introduce capabilities to handle multiple data types, it may make sense to expand an existing solution or include a complementary product to address other data types.
|Tools for managing legal holds and e-discovery|
|Click here for an overview on the tools for managing legal holds and e-discovery (PDF).|
The key to success is to first develop an understanding of the important business drivers, including compliance and litigation readiness, in addition to service levels, productivity and cost control. Once you've developed a consensus on the business requirements, you can define technical requirements and architect appropriate solutions.
This was first published in March 2007