Real problems and real solutions: Using ILM to address compliance

This excerpt from "Data Lifecycles: Managing Data for Strategic Advantage" details the storage problems that come with new compliance regulations. In a nutshell, these companies have to store more data, for longer periods, and have an efficient system in place that allows for easy access to it, should the need arise. Information Lifecycle Management tools offer solutions – read more to get started.

1.1.1 Real issues identified – regulation, legislation and the law

Regulations traditionally dealt with business information management via paper-based audit trails. But these regulations have become redundant over the years – no paper, no paper-based audit trails to follow. Legislation needed a decent make-over. It took a while, but regulations have now begun to catch up with the movement of data from paper-based storage to electronic data storage devices. To exacerbate matters on the regulatory front, we have recently seen terrorist acts and corporate scandals that have increased the amounts of data that organizations have to store. The effect of these additional regulations is to exponentially increase the amounts of data that organizations have to store and for longer periods.

More on compliance
Federal Rules of Civil Procedure: A guide to providing FRCP services

Meeting email archiving regulations in a K-12 school district

Now, generally storage is relatively cheap, however, the issue is not the storage of the data so much as the retrieval of the data. Because there is so much data being saved it is much like looking for the proverbial needle in the haystack. Organizations, therefore, must have the ability to understand the relative importance of their data within its lifecycle as well as have ways to find it in an open system that historically has had no due process behind its filing methodology. So, storing information effectively is unquestionably vital for organizations, but with data volumes rising frighteningly and a growing need to make archived data available both for end users and to comply with legislation, the way IT departments approach storage is critical. Although the storage price per gigabyte may be dropping, simply installing new devices is not always a perfect solution. Rather than making data harder to retrieve and contributing to rising costs for support and maintenance, many organizations are looking to reduce the complexity, inefficiency and inflexibility of their data centre environments.

Actually, it hasn't taken organizations long to work out that, not only do they want to be able to retrieve data but also to store it logically so that like files are stored in the same place – hence, Information Lifecycle Management (ILM). ILM in itself suggests some due process or implied activity that has occurred to the 'data'. This is where technology is searching for a utopian solution.

Total Lifecycle Management (TLM) is the technology that will make all and/or any document(s) retrievable in an instance; the data is logically stored on the most appropriate medium for the correct length of time and then deleted from disk or the tape destroyed at the right time – automatically.

1.1.2 More regulation, legislation and the law

Failure to retrieve data becomes increasingly critical to organizations when new regulations require data retrieval, an audit trail proven, as well as the ability to prove originality and what has happened to the data when, where, how, and by whom. There are many examples of companys' prosecutions and fines, although there is a lack of high profile prosecutions simply because organizations try to play down any large fines because of the potential bad publicity.

The UK Information Commissioner's Annual Report lists prosecutions In the 12 months between 1st April of the previous year and 31st March of the year of its annual report. In the last report, there were 10 defendants convicted – in all of these cases the defendants were convicted of multiple breaches of the Data Protection Act (UK) with fines up to £5000. (Potentially fines can be up to £5000 in the magistrates court and unlimited in the Crown Court.)

Prosecutions have recently been approached on a 'per data subject' basis, i.e. where a company has breached the Data Protection Act (UK) in respect of one individual a conviction has been sought and a fine imposed; where the company has breached the Data Protection Act (UK) in respect of a number of individuals a conviction has been sought and a fine imposed in relation to each individual. Therefore, according to this approach, where the personal data of 500 data subjects has been misused, 500 fines of, say, £5000 could be imposed (£2,500,000 or $4,000,000 US).

And not only is there new legislation to deal with the new phenomenon of electronic data, but old laws are catching up. We now have of examples of entertainment exploiting large enterprise organizations who have no idea what they are storing in their vast data warehouses. In fact, most third-party or copyright infringements relate to the sharing of electronic entertainment media. DVDs and CDs have made third-party infringement a big issue. A recent news report indicated that a media company, which determined that music piracy was on the increase, decided to look at, not the cause of the copyright theft, but the holding company … so to speak.

Previously, someone taping a vinyl record was a nuisance, but now with perfect reproductions possible with each copy, copyright infringement has become a big problem. Peer-to-peer music sharing may well be neat technology, but unfortunately it's illegal to actually do any sharing unless you both own the rights to the music (if that was the case why bother sharing?). But suing an individual for breech of copyright is hardly worth the bother. Now consider an employee putting their own music onto their work computer, no problem so far. Suppose these guys are members of the Musicians' Union and so the last thing they are going to do is share the music – which they know is illegal. So, are they OK? No … what happens when their workstation or laptop is backed up? All the MP3 files back up onto an organization's network server and then migrate onto offsite storage tapes. Before you know it, you have multiple illegal copies of redundant data, all illegal. To make your day even worse, not only are you storing illegal redundant files on valuable disk space but the media company the music belongs to in the first place can then take you to court for big monetary fines.

Recent Forrester research revealed that 2/3 of all organizations in the USA in 2003 had illegal music files held on their servers. Not only are they storing something illegal, they don't really want to store it in the first place. Typically, in most organizations, 30% of all stored data is illegal or simply rubbish. This, of course, has a storage management and media cost impact. It also has an immediate and recurring impact on the time it takes to backup data.

Eliminating this data thereby helps reduce the data growth rate.
All these considerations are of vital importance to organizations over the next few years.

1.1.3 Current storage growth

Finally, data is quite rightly viewed as a key aspect of an organization's operation and success. To underline the fact that data is one of an organization's most important assets, consider that managing information badly through inept retrieval or illegally held data can have enormous financial implications. The sheer volume of digital information is increasing exponentially. Web sales, email contracts, e-business systems, data demanding sales, marketing and operational systems – all of which are the lifeblood of most modern organizations – not to mention managing wireless, and remote and handheld devices, together with multimedia usage, all lead to heavier data traffic and more storage requirements, with larger and more files being saved. All this stuff needs to be saved, stored, retrieved, monitored, verified, audited and destroyed, not just so the organization can do business, but also to comply with data retention legislation, just so the organization can continue commerce without the threat of financial penalty or operating license withdrawal.

Use the following table of contents to navigate to chapter excerpts or click here to view Introducing Utility Computing in its entirety.

Data Lifecycles: Managing Data for Strategic Advantage
  Home: Introducing utility computing
  1: Real problems and real solutions: Using ILM to address compliance
  2: New storage management with utility computing
  3: Data lifecycle management: What should organizations consider?
  4: What does data lifecycle management mean?
  5: Why is IT lifecycle management important?
Plenty of storage products are now available, but the challenge remains for companies to proactively manage their storage assets and align the resources to the various departments, divisions, geographical locations and business processes to achieve improved efficiency and profitability. Data Lifecycles: Managing Data for Strategic Advantages identifies ways to incorporate an intelligent service platform to manage and map the storage of data. The authors give an overview of the latest trends and technologies in storage networking and cover critical issues such as worldwide compliance. Purchase the book from Wiley Publishing
Roger Reid is an enterprise storage architect for Veritas Software Corp. with more than 10 years of combined industry experience supporting various Fortune 500 customers in architecting and implementing a variety of storage solutions including storage area networks, storage virtualization, active storage resource management, backup and hierarchal storage management products. Gareth Fraser-King is the Manager for Product Marketing in the European, Middle East, and African emerging territories producing high level messaging, white papers, articles, presentations, and marketing deliverables. He has worked as a writer and marketer for over 20 years, the last 10 within the IT industry, and possesses a wide range of marketing experience, including copywriting, business, technical and service authoring, as well as business development, operation efficiency, strategic planning, affinity marketing, product development and quality management.

Dig Deeper on Data Management Technology Services

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.