Storage vendors have identified regulatory compliance as "the next Y2K," i.e., a huge opportunity to milk you of...
your IT budget dollars, says Richard Scannell, vice president of strategy with storage consultancy, GlassHouse Technologies in Framingham, MA.
"Compliance is the fear and terror that they're putting into the hearts of CIOs, saying, 'If you don't get into compliance, you're going to jail,'" Scannell said at last month's Storage Decisions conference in Chicago.
That responsibility is falling squarely on the shoulders of IT managers, who are increasingly being asked to demonstrate proof--not just good intentions--of compliance. Federal regulators are saying, "'Show me. If you can't produce the evidence, you're not in compliance,'" he says.
Thankfully, most federal regulations aren't prescriptive--that is, they don't provide you with any hard and fast rules about what is or is not compliant. Instead, "they give you a blank pad on which you write your own lesson." Steps you can take toward compliance include developing a data classification model, documenting your processes and developing an audit process.
But "if you're going to focus on just one regulation now," Scannell suggests, "focus on e-mail management and archiving," which should take care of regulations such as Sarbanes-Oxley.