For a VAR that provides secure data storage for a large company with several remote or branch offices, the challenge is two fold: Information sent from satellite offices to the home office, as well as data going from home to satellite, must be secured.
Greg Schulz, founder and senior analyst of the StorageIO Group and author of Resilient Storage Networks, believes that securing this traveling information offers an opportunity for VARs to help make remote data security part of an organization's critical data strategy and provide storage support.
Marc Staimer, president of Dragon Slayer Consulting, agreed: "VARs can provide the methodology that companies need to keep their data secure. Many times companies try to force fit a solution onto a problem. But by offering the right support through encryption, consolidation and optimization, VARs can help companies rethink their strategies."
By applying a square method to a square problem -- both storage in flight and at rest -- organizations can have peace of mind knowing that their information is secure. Once that security is reached, companies can begin considering the regulatory compliance standards that, by law, they are required to meet.
Once a company's data is secured, a company's attention may turn to regulatory compliance. Meeting and maintaining regulatory compliance is an interesting task for VARs. There isn't necessarily a single piece of hardware to install or a single program to run, making it necessary for VARs take on more of an adviser role, said Randy Kerns, a storage consultant.
A VAR's primary goal should be to stay educated on the latest regulations as legislation is passed and new requirements are implemented. Once these laws come into effect, the objective should be to find out which products can help a company meet the requirements. However, noted Kerns, some products will meet some standards while not necessarily meeting all requirements. Making this clear to an organization is an integral part in providing good support.
"The coming year has at least one piece of legislation that applies directly to storage VARs," said Brian Babineau, analyst for Enterprise Strategy Group. "House Bill 4127, the Data Accountability and Trust Act will affect compliance directly."
Currently, regulatory compliance is not federally legislated, but this bill may change that. "Right now data breech legislation is housed in individual states. There are 33 states with compliance regulations, eight that are considering legislation and nine without. This bill could change that," Babineau said.
If the bill is passed, data breech and security regulations would be moved from the state level to the federal level, empowering the Federal Trade Commission to establish and enforce regulatory rules.
"I would advise all VARs to monitor this piece of legislation closely," noted Babineau. "It could obviously affect the way they conduct their business."