News Stay informed about the latest enterprise technology news and product updates.

SD 2003: Vendors seen as feeding off compliance paranoia

While vendors are striking fear in the hearts of users, the truth is that communication is more important to compliance than any technology solution on the market today.

CHICAGO -- In a tight economy, storage hardware and software companies are looking for the next big trend that will catalyze product sales. With the onset of data retention requirements that have been handed down recently by the federal government, users are paranoid about what data they need to save and how long they need to save it. Lo and behold, storage vendors just might have their next sales bonanza.

"Today, regulations are front and center for a lot of industries, and many are ill-prepared," said Richard Scannell, vice president of storage consulting firm GlassHouse Technologies Inc., Framingham, Mass.

Scannell told attendees at the Storage Decisions conference Thursday that vendors have found their next Y2K. "This is the fear and terror they've put into the hearts of CIOs to say, 'If you don't get compliant, you're going to jail,'" said Scannell, who spoke at a panel discussion on the issue.

But there are a few things that storage users may not know about satisfying Big Brother's data retention requirements. The main thing is that there are no rules.

"Regulations are all about interpretation. [The regulators] give you a pad on which to write your own destiny," Scannell said.

Regulators don't supply IT users with a checklist for how to satisfy compliance. Scannell said the government is simply saying, "Tell us what you're going to do, and then show us that you do it." For example, if a business has a documented procedure in place that says it will perform backup operations twice a week, they must be able to prove that they perform those backups as stated.

Scannell added that businesses need to move from a focus just on technology to one of effective process management. "It sounds trite and we've been talking about it for years, but now there are regulators knocking on the door," he said.

According to Peter Gerr, senior technology analyst for the Enterprise Storage Group Inc., Milford, Mass., there's no "silver bullet" for addressing regulatory compliance, from a technology point of view, but there are things to look for when evaluating what vendors are selling.

Gerr, another speaker on the panel, said there are several must-haves in a compliance situation, including the ability to retrieve and recover electronic documents, to read data at any time, to verify the authenticity of data and to provide for a third-party review.

But Gerr agreed that this is a people issue more than a storage problem. "Compliance is really much more about people and process than it is about technology," he said. "It's about communication."

It sounds simple enough, but getting business managers to understand the limitations of IT -- and vice versa -- is no small task.

"I wish it was that easy in my organization. Users want rapid turnaround of data. They don't want to wait for tape mounts," said Steve Fike, senior technical specialist for BJC HealthCare, St. Louis. "There's a lot of things that people want to do, but no plan in place to do it."

Fike is also facing an immature marketplace; he needs storage systems and applications that can handle data retention for long periods of time, which, in Fike's case, can be for the life of a given patient.

"[Users] are storing data forever because they don't know what to do with it. One of the things that causes this in my organization is that it's driven by vendors," he said.

Securities attorney Jeffrey Plotkin, who started his career as an attorney with the Securities and Exchange Commission (SEC), offered one major tip for conference attendees to take back to their data centers. "E-mail is the one application that needs attention, no matter what industry your company is in," he said.

"The importance of an e-mail management system can't be oversold," he said. "There are short-term costs of not thinking long term about data retention. There can be serious criminal consequences."

Let us know what you think about the story; e-mail: Kevin Komiega, News Editor

Data retention rules demand a group effort

New data regulations: How to achieve compliance

Of Sarbanes, Oxley and storage

Comment on this article in the Discussion forums

Dig Deeper on Data storage compliance and regulations

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.