The storage industry may think that compliance-in-a-box is a helpful concept, but the reality is that end users are baffled by regulatory rules and don't know which products can help keep their bosses out of jail.
A recent SearchStorage.com poll
So are vendors blowing smoke on an already foggy issue? Hardware and software makers are all throwing their hats into the compliance ring. Microsoft has developed a tool for Sarbanes-Oxley compliance, EMC Corp. has tweaked its EMC Centera Content Addressed Storage System with regulatory compliance features and IBM has pulled together existing server, storage, software and retention products to create the TotalStorage Data Retention 450, to name a few.
But while vendors can help by providing the nuts and bolts of a compliance solution, the burden is on end users to satisfy Uncle Sam's rules for data retention.
As the vice president of Compliance Consulting for SANZ Inc., Castle Rock., Colo., Thomas Bookwalter doesn't force hardware and software on his users. Under Bookwalter's direction, SANZ has begun a regulatory compliance consulting service to teach end users how to handle regulations themselves. "The thing that is overwhelming for many organizations is trying to get a handle on all of the different regulatory requirements that affect them," he said.
The SANZ approach is hardware and software agnostic as Bookwalter agrees there is much confusion in the industry around which products to buy. It seems every storage vendor lays claim to compliance and they have it to some degree, says Bookwalter, but they only address part of the problem. End users are tired of hearing about the dangers of non-compliance. Now they want to know: What do I have to buy?
"Lots of users clearly know that they are way out of compliance, but they're paralyzed and they don't know where to start," Bookwalter said.