Compliance: The effect on information management and the storage industry
Published: May 2003
By Peter A. Gerr, Brian Babineau and Patrick C. Gordon, The Enterprise Storage Group
Main research themes
Research scope and highlights
Compliance in the financial services industry
Compliance in the life sciences industry
Compliance in the healthcare industry
Compliance in the government industry
Compliance is quickly emerging as the primary issue for technology vendors and IT and business professionals. Successfully navigating the complexities of compliance and the impact it will have on the organization starts with awareness.
CIOs, CTOs, legal and IT departments now know that compliance is a risk they must address. The challenge is in discovering how best to address it, which steps to take first, which individuals to include in the discussion, and which vendors to trust.
Information is pervasive to business, to the global economy, and to individuals in their daily lives. As the volume of information created continues to grow and as more information is shared, the increase in value that information carries also increases.
Just as laws prohibit certain behavior (theft, fraud, harassment) to facilitate a safer civilization, today's compliance regulations and enforcement bodies should be seen as the "sheriffs of the digital age" protecting the misuse of information. Technology vendors are just beginning to capitalize on the demands that the growth of e-mail messages and new compliance regulations are having on IT organizations.
Specialized applications that enable businesses to better manage, store, retain, archive, and retrieve e-mail messages, attachments, instant messages, and associated links have found great demand for their products.
ESG expects this trend towards specialization to continue and expand as more ISVs develop products and/or solutions that are tuned to the unique characteristics of specific types of information (See chart 34 later in this section).
Storage hardware vendors will capitalize on the sheer growth in the volume of records being created and the requirement to retain more of those records for longer periods of time. Likewise, the ever-increasing flow of information over public and private networks will provide ample opportunity for storage networking vendors to answer the call for increased security and encryption of data in transit.
While there are over 10,000 regulations in force in the U.S. alone today, our research shows that the impact of very few is being felt today. Much like civil law in the U.S. and abroad has expanded, so too will the boundaries of information compliance expand. Civil law migrated from the "frontier" days when few laws existed or were enforced, to our current culture that legislates nearly every aspect of our personal and professional lives. In much the same way, we expect compliance rules and legislation to expand.
While regulations and rules exist in nearly every industry, many remain ambiguous and open-ended. As we reinvent ourselves as a digital culture where information is the currency, ESG looks to a future where each industry's unique types of information and records will be regulated by one or more compliance rules. This will impact all types of information that is created, exchanged, bartered and retained in each industry. (See Chart 34 for more about the expanding scope and depth of compliance regulations on various industries and types of data.)
Just as new laws will be developed and enforced, so too will incremental opportunities appear for technology vendors, consultants, and integrators. These opportunities will allow product and service providers to help businesses protect themselves and their customers from misdeeds and noncompliance.
Compliance is a universal challenge that is altering the landscape of businesses in every industry. Compliance does not only affect large organizations. The neighborhood doctor who services 50 patients must comply with the same HIPAA regulations as the largest community hospitals.
The most persistent conclusion that we draw from our months of research into a small number of regulations is that:
- Regulations are all in constant flux.
- We are witnessing the "tip of the iceberg" with respect to the impact compliance will make.
- All the ingredients are present for compliance to continue to be near the top of CIO's white boards for years to come.
Technology vendors need to educate themselves quickly to first understand the real requirements driven by compliance so they can then develop and deliver solutions to address this still-emerging trend.
Information knows no boundaries and where there is information, more likely than not, a compliance regulation will be close behind.
The above information was excerpted by permission from the Enterprise Storage Group executive summary to the research report, "Compliance: The effect on information management and the storage industry," published in May 2003. To learn more about the full report, contact the Enterprise Storage Group.
Copyright 2003, Enterprise Storage Group
Peter Gerr is a senior research analyst at the Enterprise Storage Group. He will be speaking about the IT impact on compliance legislation at Storage Decisions 2003.