Compliance Concerns Key When Evaluating Storage
When thinking about the future of storage, regulatory compliance is a key consideration. IT managers must still evaluate storage systems and technologies on performance, capacity and manageability, but now its just as important to look at data preservation, security and distance replication.
Regulations such as Securities and Exchange Commission Rule 17a-4 are forcing IT managers to make sure that sensitive business data is preserved and can be quickly recovered in the event of an audit.
WORM technologies are increasingly being used to comply with a number of mandates. WORM storage once was synonymous with optical and MO (magneto-optical) libraries, but hard drive and tape vendors have quickly created WORM solutions that compete with the old guard.
Although optical and MO libraries have been solid solutions for preserving data for long-term storage, new WORM disk systems can provide faster data recovery and easier auditing. WORM tapes, meanwhile, give IT managers high storage capacity and density.
Network Appliance Inc.s SnapLock is a software add-on that lets IT managers freeze data on data volumes, preventing users (even administrators) from altering data once it has been written to a protected volume. Through SnapLock, IT managers can use Network Appliances NAS (network-attached storage) units to store data according to regulatory standards without having to invest in a separate WORM storage unit.
Following the lead of Network Appliance, FalconStor Software Inc.s recently announced WORMLock provides WORM capabilities to protect data volumes. In fact, eWEEK Labs predicts this type of functionality will become common among vendors of hard-drive-based storage.
New regulations are also mandating that IT managers replicate data, ensuring that organizations can recover data and get back to business in a timely manner, even in the event of a flood, fire or other disaster.
The requirements for data replication are not spelled out in regulations as clearly as the requirements for WORM technologies, but they are implied in regulations including the Basel Capital Accord (covering international banks) and the
Synchronous data replication is the highest-quality form of data replication, but its steep costs eliminate it as an option for most IT departments. In addition, synchronous data replication is latency-sensitive, limited by the speed of light to maximum distances of 150 to 200 miles between data nodes. Distances longer than that between replication nodes create latency higher than recommended levels.
During the past few years, asynchronous replication technology has made great strides, and it now allows IT managers to replicate data using WAN links.
While asynchronous replication does not provide the transaction loss insurance of synchronous replication, it does offer a solution that can run over long distances and is affordable for most small and midsize businesses.
Products such as Kashya Inc.s KBX4000 data protection appliance allow IT managers to asynchronously replicate business data to a backup site and allow clustering solutions such as Microsoft Corp.s Cluster Server to be extended over a WAN so that cluster nodes can be in different locations.
The asynchronous data replication products available today optimize data transfer over a WAN by using compression and delta differential technology, ensuring that only changed data, as opposed to an entire file, is transferred over the WAN. In the event of a disaster at a primary site, an IT organization would lose only a few seconds or minutes worth of data using an asynchronous replication solution, and that level of protection will be acceptable for non-mission-critical business applications.
When storage networks were highly localized and isolated from IP networks, storage was an afterthought. But with IP SAN (storage area network) extension and ILM (information lifecycle management) creating multiple copies of data throughout an organization, new levels of data protection are needed.
California Senate Bill 1386, designed to protect consumer privacy, has brought storage encryption into the limelight. Under SB 1386, companies whose security has been compromised must inform all at-risk customers of the breach. Companies that have encryption implemented on their data, however, do not have to go through the disclosure process, according to SB 1386.
Storage security solutions such as Decru Inc.s DataFort allow IT managers to encrypt data on disk- and tape-based storage systems in a seamless manner. These solutions ensure that data is safe, even when it is physically stolen, which is a distinct possibility with portable storage media such as tape.
Senior Analyst Henry Baltazar can be reached at firstname.lastname@example.org.