Compliance is a hot topic, not only among IT professionals, but at the highest levels of corporate management. A wave of new regulations is changing the way corporations need to manage data and requiring businesses to implement information security by adopting comprehensive policies and procedures. Yet the industry analyst firm Gartner, Inc. believes that fifty percent of medium-sized companies are not investing adequately in compliance activities.

Most business professionals are aware that HIPAA protects the privacy and integrity of medical information and that the Sarbanes-Oxley Act places strict requirements on publicly traded companies to retain electronic business records. But in the U.S. alone, more than 15,000 electronic data laws now govern data retention. A growing mix of international data retention and privacy laws place an added burden on businesses operating in the global marketplace.

What are some of the common compliance regulations required of business?

• Data must be securely stored in its original form without risk of alteration or deletion;
• Records must be accurate and complete from the time they are created;
• Data must be easily retrievable;
• Disaster recovery plans that back-up data offsite must be in place.

The bottom line is that businesses need to meet these requirements to avoid potential fines and serious penalties. The challenge is to develop a way to store and manage growing volumes of data with minimal disruption and expense.

Evaluating retention and security needs

Getting started with a compliance program means knowing which data regulations affect your company and developing a roadmap based on best practices. This process includes evaluating where data resides in the organization, the formats used to store information, the time required to store various kinds of data, and how quickly specific data needs to be accessed.

Corporate email management, from filtering spam and viruses to archiving messages, requires a deeply integrated hardware and software environment, along with management tools that enable IT staff to control their environment.

Moving to an environment that supports compliance involves developing business processes and controls, as well as deploying storage technology. But the need to comply with regulatory requirements can be a business opportunity as well as a challenge.

“Designing systems and processes for compliance purposes can have a silver lining.  It can lead to opportunities to improve the overall storage infrastructure.” says Praveen Asthana, Dell’s director of storage product marketing.  “For example, by implementing tiered networked storage along with backup, recovery and archiving systems, organizations find that their data is much more manageable, available and secure.  And, at the same time they can often improve performance as well.”

Developing a compliance program is as much about corporate culture as it is about IT infrastructure. In developing a compliance program, executives need to communicate to their organization that compliance is a priority and adopt written ethics and compliance policies. Organizations need to provide employee training and incentives for compliance, along with consequences for violations. Compliance programs need to be evaluated periodically and internal controls must be audited for effectiveness.

Certain kinds of information, such as e-mails and other data archives, are considered unalterable and must be retained for long periods of time. Data backups, on the other hand, are intended to recover lost data in an emergency and are retained for relatively short periods. Businesses need to identify the various types of data, develop appropriate retention policies and deploy the technology that supports regulatory requirements.

Moving to a compliance infrastructure

An IT environment that supports compliance requires storage systems with many of the same attributes needed to support business operations and meet customer demands:

• Scalability. As data grows exponentially, enterprises need to be able to easily add capacity with scalable, cost-effective storage arrays;
• Accessibility. Storage needs to be consolidated and networked to deliver fast retrieval of information;
• Security. Unalterable data needs to be stored in formats that prevent tampering and erasure, with access defined by user privileges;
• Flexibility. Enterprises need to implement customized compliance policies using flexible storage management software that provides audit trails of changes made to archived data, as well as reports that reflect data origin and activity.

Partnering with Dell

Dell can help your enterprise move to an IT environment that supports compliance, while delivering overall improvement of the infrastructure. By partnering with leading data archiving vendors like EMC, including its LEGATO™ Software division, and Symantec, Dell provides best-of-breed solutions. Email management is a key component of any compliance initiative, and Dell has teamed with Symantec to introduce Secure Exchange, a secure email archiving solution with anti-spam and anti-virus features.

"A majority of companies are concerned about having inadequate email archiving, a key component of any compliance system," says Maureen McCann, director of enterprise solutions marketing for Dell.  "The Dell Symantec Secure Exchange solution provides optimized content discovery and archiving, greatly simplifying their ability to respond to regulatory compliance requirements."

Dell’s service offerings can help with your storage and compliance projects. Services include storage design and planning, as well as assessment, design and implementation services for storage consolidation and backup and recovery. And Dell has recently introduced Operations Performance Benchmarking services which allow customers to routinely compare critical IT performance metrics to historical results.

Contact Dell for expert advice on how to implement a data archiving system that meets the needs of your enterprise.

LINKS:

Dell, Symantec Go on Offense Against Out-of-Control Email : http://www.dell.com/content/top ics/global.aspx/corp/pressoffice/ en/2006/2006_09_20_rr_001?c=us&l=en&s=corp