|
|
|
Features
< Back
Sarbanes Oxley : Technology : Storage
Compliance: How BackUp Technologies Can Help
Disk-to-disk backup surpasses and complements tape, delivering compliant retention plus business value through searchable content and information management
By
Manish Goel
|
|
Manish Goel
VP & GM Data Protection and Retention Solutions
Network Appliance
|
Compliance is an equal-opportunity taskmaster. Whatever your business size, location, or industry, you?ve no doubt been working diligently to achieve compliant data protection across the organization. The bad news is that traditional backup techniques are not making your life simpler. The good news is that disk-to-disk (D2D) backup technology can. Disk-based backup and archiving enables compliant data retention, with the added benefits of searchable content and intelligent information management.
Where tape systems fall short, D2D backup solutions pick up with much-needed data accessibility and policy automation. The best of the D2D solutions simplify compliance-related storage operations by integrating innocuously into existing infrastructures and business processes.
It is interesting to note that while regulatory requirements have largely been driving the development of compliance solutions and the rapid growth of data archives, there have been ancillary business benefits. Organizations are quickly taking opportunistic advantage of their expanding information stores and D2D backup/archiving capabilities to derive business value from data mining, long-term trend analysis, and other similar applications.
Faster, Safer, and More Efficient Compliant Retention
To understand the comparative value of disk-based data permanence solutions, it?s helpful to consider how compliance requirements impact records-retention systems. First of all, compliance requires preserving an audit trail of data. Once you?ve created and committed data in a compliant archival format, you have to be able to prove?to the satisfaction of regulators?that the audit trail is completely tamper-proof, and that stored data cannot be accidentally or willfully altered or deleted. The time period for tamper-proof, auditable retention generally ranges from a few years to tens of years, depending on the type of data and applicable regulations.
The conventional approach to compliant data storage has been to create backups on WORM (write once, read many) tape media. WORM technologies based on tape generally meet ?tamper-proof? requirements. But compared to disk-based WORM storage, tape systems suffer from multiple disadvantages?backups are slower, the media is inherently less reliable, granular searches and restores (especially important during legal discovery phases) are impossible, and archiving large amounts of unstructured data for long periods of time can create burdensome media, tape drive/library, vaulting, and administrative costs.
In contrast, D2D backups are fast, more efficient in their use of storage capacity, allow granular searches and restores, can in-large measure run unattended, and require a considerably smaller footprint in the data center or remote storage location. Certain compliance products help customers create non-rewritable, nonerasable WORM volumes on economical secondary storage. These compliance solutions also offer the advantage of a common, open-protocol architecture across all storage platforms, making integration of compliant retention functionality seamless and on-going administration simple, requiring no special equipment or expertise. Certain software products enable compliant backups and require no changes in existing backup or business processes.
Certain vendors have also taken care to integrate functionality that specifically addresses the tamper-proof requirement of compliant retention. As just one example, one vendor integrates a compliance clock that operates independently of the system clock. Embedded in the retention period, the compliance clock prevents willful changing of time/date stamps via malicious interference.
On the reliability front, disk media is inherently safer than tape?just ask any administrator who has attempted to read back an old tape pulled from an off-site vault. Tape technology simply comes standard with insurmountable risks and does not offer the compliance-specific functionality of newer D2D enterprise and compliance software solutions.
Fast Access for Searches and Legal Discovery
?We need copies of all internal emails and customer records that reference the following Social Security numbers. And we need them by the end of the week.? If your attorneys or financial officers have not yet come to you with similar requests, they surely will.
Moving well beyond the passive requirement of data lockdown, compliance increasingly requires the ability to actively respond to legal discovery requests, to answer litigation-related inquiries, and conduct compliance audits for regulators.
Which brings us to the second key requirement of compliance solutions: they must allow you to rapidly answer regulatory inquiries. Again, tape systems do not measure up. You may be able to take comfort in knowing that you?ve written your data in a compliant format on WORM tapes, but you probably shouldn?t assume that five or ten years from now you?ll be able to quickly locate the correct tape in your archive, read it back to your main storage device, and run a records search. For most companies, tape retrieval will not be the answer to efficiency and timeframe requirements.
If D2D outpaces tape technology in compliant retention, it takes a commanding lead when it comes to data accessibility for timely information discovery and retrieval. Classification and search engines enable high-speed, content-aware searches. Specifically, new systems enable rapid searches of networked storage to find and tag files related to pending litigation. One particular solution lets companies accommodate shorter discovery windows and exploding data stores without adding significant staff or infrastructure.
Foolproof Deletion, Automated Policy Management
The third critical element of a compliance solution relates to the retention period. If your business is required to keep data for seven years, for example, you probably have no incentive to keep that data for seven years and a day. In fact, keeping the data longer might even in some cases prove to be a liability. Most businesses want to be active in destroying data as soon as compliance timelines expire.
In a tape environment, maintaining accurate, up-to-date inventories of tapes and their expiration dates requires considerable administrative resources. And, since the media is WORM and tamper-proof, deleting data means physically destroying tapes, not recycling them. The whole system can be cumbersome and costly.
Alternatively, disk-based compliance solutions allow creation of policies that track data and expiration dates, automatically deleting records at the end of the retention period. Deletion is foolproof, hands-off, and cost-efficient. Products are available which allow customers to set specific file lockdown periods, as well as policies for automatic destruction at the end of compliance timelines, at which point storage can recovered and reused.
Business Intelligence: The Payoff of Hard Work
Compliance may be cracking the whip, but there are clearly payoffs in the hard work put in by IT teams and storage vendors on the subject of compliance. Enterprises are already finding productive uses for the increasing stores of data originally retained for compliance purposes. While traditional tape technology, designed for 30- to 365-day retention of records, rendered long-term trend analysis impractical, D2D backup/archival solutions mean that data mining and other long-range analytics at last make economic and business sense.
The journey to being a truly compliant enterprise obviously requires focus on multiple fronts, from business processes to auditing practices and employee education. Storage technology is certainly not the sole answer to achieving compliance, but choosing the right technology infrastructure?one that offers flexibility, reliability, and compliance-specific functionality?is a critical element of success.
Manish Goel
VP & GM Data Protection and Retention Solutions
Network Appliance
Manish Goel is vice president and general manager of the Data Protection and Retention Solutions Business Unit at Network Appliance. Goel is responsible for the disk-to-disk backup, disaster recovery, compliance, and digital archival and information lifecycle management product portfolios at Network Appliance.
Goel joined NetApp in 2002 as senior director of Corporate Development and later assumed the role of vice president of Enterprise Accounts. Prior to working at NetApp, Manish led Corporate Development, M&A, and Business Development for Cadence Design Systems and Copper Mountain Networks. Goel also spent four years as a strategic consultant for McKinsey and Co.
Goel holds a bachelor of science degree in electrical engineering from the Indian Institute of Technology and an MBA in finance from the Wharton School of Business at the University of Pennsylvania.
|
|
|
|
|
