Aiming to make regulatory compliance an easier process, IBM has pulled together several existing server, storage, software and retention products to create the TotalStorage Data Retention 450.
The system was designed to provide a central point of control, which will help manage growing compliance and data-retention needs, IBM said. It features several elements in a single cabinet, including IBM eServer pSeries Power processor-based servers with IBM TotalStorage products, as well as the new Tivoli Storage Manager for Data Retention.
The crown jewel of the Data Retention 450 is Tivoli Storage Manager for Data Retention (TSM). Using policy-based management, TSM can store data in three ways: indefinitely, based on a retention event, or based on a predetermined expiration date. The software can also verify that data is written correctly and prevent modifications and deletions. IBM said that Tivoli users can utilize a variety of content management and archive applications, as well as more than 600 storage devices on which to enforce retention policies throughout the data life cycle.
Alan Stuart, IBM's chief strategist for compliance and data-retention solutions, said that most of the technology in the Data Retention 450 is already in IBM's arsenal.
"TSM already had almost all of these data-retention capabilities," he said. "We hardened it by removing the administrator option to delete records on the fly. Now data can only be deleted through policies. The other thing we're bringing to the marketplace is the ability to build tiered storage. After 20 or 30 TB, even cheap disk is expensive. What happens with disk is you have to turn it over every three to five years." That's where tape enters the equation, he said.
Despite the advent of cheap disk, tape still plays a critical role in the long-term data retention process. The Data Retention 450 supports IBM's TotalStorage Enterprise Tape Drive 3592, as well as IBM's Linear Tape Open (LTO) family of products. "You can put hundreds of terabytes of tape behind this unit and give yourself tiered storage," he said.
In addition, upcoming support for IBM's write once read many (WORM) media technology for the IBM TotalStorage 3592 will provide non-rewriteable media. IBM did not specify when the WORM technology would be generally available.
The TotalStorage Data Retention 450 can be shipped with a minimum of 3.5 TB and can expand up to 56 TB. It supports the ability to retain data without alteration throughout its lifetime. The Data Retention 450 can also be bought piecemeal and custom-built by IBM Global Services, its partners or by end users. The IBM TotalStorage Data Retention 450 has a $141,600 starting price tag and will become available in March 2004.
The compliance conundrum
IBM said the Data Retention 450 is "well-suited" for companies dealing with the data-retention and corporate-governance regulations of the Sarbanes-Oxley Act , HIPAA and SEC Regulation 17a-4. Like most other storage vendors, IBM says it is "focused" on supplying a comprehensive set of compliance and data-retention products -- but are products the answer?
Even Big Blue was careful to note that users are ultimately responsible for ensuring their own compliance with legal requirements. IBM said it "does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law."
So, if you can't buy compliance in a box, how do you achieve compliance? Do you even know what regulations will affect your business?
"[The Data Retention 450] is a good product, and it's not unusual at all. It's built from a lot of everything else that they have," said Jack Scott, a partner with the Evaluator Group Inc. "IBM has a vast repertoire from the ILM [information life cycle management] work that they've had forever that they never put together."
Scott said that an understanding of compliance in general is more important than understanding products. "One of the things that really bugs me," he said, "is people who think [one product] is going to solve their problems. [One product] isn't going to solve your problem at all."
If you study the regulations -- there are about 4,000 in the U.S. that apply to IT -- you'll see that there is no single product that's going to solve the compliance problem, he said. "The first thing you do is go over and see your general counsel and find out what you need to do. If they don't know you, find a consulting firm that does. There is no quick fix on this stuff. It's all elbow grease," he said.
There is no doubt there are consulting costs involved in setting up a complete compliance, retention-management or content-management solution. However, Nancy Marrone-Hurley, senior analyst with the Enterprise Storage Group Inc., said that's going to be the case no matter what -- whether a customer chooses to go with IBM or some other vendor.
"There is an up-front process of assessment. Then there's the 'socialization' phase, where policies are determined and data values are set, and then the actual implementation process. Every customer will need to go through those processes, so it's not as though only IBM will require up-front services costs," she said.
Let us know what you think about the story; e-mail: Kevin Komiega, news editor.