Enterprise storage and government mandates

Charles Bennett was in a storage predicament. By Securities Exchange Commission mandate, all business records at the full-service brokerage Hornor, Townsend & Kent, where he is director of compliance, needed to be stored on nonerasable, nonrewritable storage media. His dilemma was how to meet the requirements and do so quickly.

“We’re sending and receiving 6,000 e-mails per day,” Bennett says. “Our choice was to print e-mails and put them in a file — which would be impossible to index, and we’d need a team of bodies to respond to any SEC request — or go electronic.”

Not surprisingly, he chose the electronic route. More and more, other enterprises are also seeking new data storage solutions in the face of government mandates. Compliance is a problem that has taken center stage in many companies due to a host of new government regulations addressing everything from privacy concerns to document retention and the astronomical rate of data creation.

With many new and complex regulations on the books, IT managers are desperate for solutions and advice. These regulations include HIPAA (Health Insurance Portability and Accountability Act), which addresses medical documents to ensure patient privacy; SEC Rule 17a-4, which requires brokers and dealers to preserve communications with clients; U.S. Department of Defense (DoD) 50515.2, which requires all agencies associated within the DoD to have a certified application or technology solution to manage records; and the Sarbanes-Oxley Act, which holds members of companies accountable for the financial information they report.

These regulations raise several tricky enterprise storage issues. New regulations stipulate that electronic records must be saved in a nonerasable, nonrewritable format, commonly referred to as WORM (write once read many) disk technology. The regulations also require different lengths of data retention. That means IT managers must now tag and create retention periods for data. Additionally, they must be prepared to respond to requests for data in a short period of time. And the problems are made more complex because each regulation has different storage requirements.

Storage vendors IBM, Hewlett-Packard, EMC, Network Appliance, and Hitachi Data Systems are addressing these new mandates with dedicated appliances, bundled solutions, and data management and retention strategies. But there is no panacea, primarily because each company has different needs when it comes to regulatory compliance. However, new solutions addressing specific regulations are arriving more rapidly and new technologies promise to make compliance faster and cheaper.

Nonerasable Media and Retrieval

Enterprises need solutions that meet stringent storage media requirements. Although tape and optical media met past WORM requirements, they do not meet some of the new retrieval guidelines. For example, one of the tenets of SEC Rule 17a-4 is that “every such broker and dealer shall preserve [data] for a period of not less than three years, the first two years in an accessible place.” This means that stored data must be available instantly if required.

In the near future vendors will lean on emerging disk technologies including SATA (Serial ATA) and SAS (Serial Attached SCSI). As successors to current parallel disk drive technologies — ATA and SCSI, respectively — the new disk formats offer speeds up to 30 times faster than those of parallel technologies; smaller connectors; and compatibility between the two new drives.