Increased regulatory oversight that mandates better corporate control of data at the heart of enterprises is forcing some CIOs and IT managers to take a hard look at the consequences of leaving in place systems with inadequate data retention and disaster recovery capabilities.
To help ease that burden, vendors such as IBM and Permabit Inc. are introducing compliance-specific hardware and software aimed at better capturing and retaining business records.
Looming and existing compliance mandates that apply to broad swaths of companies—including such measures as the Sarbanes-Oxley Act, the USA Patriot Act, SEC Rule 17 a-4, and the Health Insurance Portability and Accountability Act—are leaving many organizations unsure how to manage large amounts of data.
According to analysts and users, the prolific rise of e-mail and instant messaging over the last decade is one culprit plaguing companies that face requirements to store all correspondence. "The customer is asking for [compliance guidance] because the regulatory environment has forced the customers to ask those questions. They need help," said Rob Martens, vice president of Strategic Alliance Development for Cleveland-based KeyBank National Association, a unit of KeyCorp.
To help its customers, KeyBank last week added software and services vendor AmeriVaults online server backup and disaster recovery offering to its KeyGuide suite of e-business solutions. KeyGuide provides online image archiving and retrieval services to help KeyBank customers data retention efforts. AmeriVault, of Waltham, Mass., provides a data recovery and backup capability for KeyGuide customers. When the capability recognizes a block of changes within a customers files, it compresses and encrypts the data, then sends it over the Internet to a secure storage vault.
Companies looking to address archiving and data retention issues on their own can turn to IBM, which late last month made available the IBM TotalStorage Data Retention 450, a package of hardware and software targeted to help companies address government and industry regulation issues. The Armonk, N.Y., companys product integrates IBM Tivoli Storage Manager for Data Retention software, IBM eServer pSeries systems and software retention components into a single protected cabinet that can hold up to 56 terabytes of data.
The offerings open architecture enables customization for IBM, Sun Microsystems Inc., or Hewlett-Packard Co. hardware, said Alan Stuart, chief strategist for IBM Compliance and Data Retention Solutions.
TotalStorage Data Retention 450s Events Based Records Management capability allows customers to add policies and maintain a record until an event occurs. The Deletion Hold feature enables users to freeze a record or proof of a record even if a retention policy says the record should expire.
The IBM package incorporates the ability to put tiers of storage behind it, enabling end users to add tape, optical, DVD and other storage devices to the system. Therefore, a customer could set up a storage pool policy to put six months of data on tape and then spill over onto disk once reaching capacity, Stuart said.
"[Customers] wanted a system that would retain and manage data over a period of time and protect it," Stuart said. "The problem is, all the other systems to date work on chronological retentions—[but companies] said they had no idea how long to keep the data."
Meanwhile, Permabit is expected to unveil next week its Permeon Compliance Vault software, according to sources familiar with the Cambridge, Mass., companys plans. The content address storage software, which was designed to meet the requirements of the Securities and Exchange Commissions 17 a-4 regulation, runs on high-volume hardware from vendors such as HP and Dell Inc.
SEC 17 a-4 primarily affects banks, securities firms, stockbrokerages and any financial institution that deals in electronic record keeping.
Permeon Compliance Vault is a nonrewritable, nonerasable disk-based storage system that meets SEC 17 a-4s criteria by allowing WORM volumes to be defined. Retention periods can be set for each record in the volume. The product also verifies that records are stored accurately and have not been altered via a content-addressed storage portal, sources said.