Untitled Document
www.expresscomputeronline.com WEEKLY INSIGHT FOR TECHNOLOGY PROFESSIONALS
21 February 2005  
Untitled Document
Sections

Market
Management
Technology
Technology Life

Columns

Between The Bytes

Services
Subscribe/Renew
Archives
Search
Contact Us
Network Sites
Network Magazine India
Exp. Hotelier & Caterer
Exp. Travel & Tourism
feBusiness Traveller
Exp. Pharma Pulse
Exp. Healthcare Mgmt.
Exp. Textile
Group Sites
ExpressIndia
Indian Express
Financial Express
Home - Technology - Article

Vendor Accent

Rethinking storage management in a SOX world

Companies need to put in place policies and technical capabilities for data protection over extended periods of time to comply with regulations, says Emil Kobylarz

The implications of the Sarbanes-Oxley Act (SOX) have already impacted many companies, including those that are not American-owned. SOX was introduced in the US to counter an increase in high-profile corporate crime. US-based multinationals with operations in Asia as well as Asian companies planning to list in the US have to comply with its strict rules for data protection ensuring that data is reliably captured and stored, and readily available for retrieval.

Data protection laws must be updated to keep up with advances in technology and the consequent explosion of digital data. Almost all the information processed today is in digital format, and growing at 70 percent. The number of e-mail messages is expected to increase to almost 40 billion a day by 2005. In 1995, it took an entire year for the same number of messages to be sent.

Data is an organisation’s most valuable asset—whether it is active data that is critical to business continuity or inactive data, which has to be preserved for disaster recovery or legal purposes.

Companies are finding fast-growing data volumes to be quite a challenge, and compliance only increases the pressure on their storage management resources. While companies are already backing up and archiving data for sound business reasons, they need to put in place policies and technical capabilities for data protection over extended periods of time to comply with regulations.

Universally, there are three broad factors that influence compliance and the corresponding data backup, data recovery and archival practices. These are the regulations in effect (usually as a result of public policy issues), the risk of litigation (which means more attention to electronic data storage or protection) and internal requirements of an enterprise for data storage with a view to improving efficiencies.

Compliance issues can be categorised around four parameters—data integrity, data retention, data accessibility and ‘auditability’. Data integrity means that enterprises must have a verifiable, intact copy of data that has been created or modified on a particular day and is available as and when needed. In addition, data integrity needs to be maintained throughout the data lifecycle.

Data retention periods vary depending upon the needs of a particular enterprise or the clauses in regulations, and it can range from a limited period to ‘forever’. No matter what the duration data needs to be retained for, some common factors exist. These are the format it needs to be stored in, the media, migration and secure destruction of data once the need for it ceases.

Data must be available at once or within what may be considered a reasonable period of time. It must be discoverable and recoverable whenever needed. This may not be as easy as it sounds, for instance, storing and viewing huge quantities of e-mail messages is anything but a trivial task.

Creating backups, recovery and archiving auditable data requires that policy and processes be maintained to achieve these aims. This policy and its attendant processes have to be adhered to and a mechanism to check it is necessary.

Backup protects against disaster, data loss, damage or deletion of a primary online copy, and provides a version history of files so that prior work can be recovered. A single copy of data is not adequate. Multiple copies of files can be backed up on to inexpensive media such as tape, allowing for short-term data protection, multiple recovery versions and even long-term archival. As part of data protection and preservation strategy, offsite storage of media in the backup rotation cycle is essential. This ensures that if a site experiences physical damages such as fire or water damage, archived copies are available offsite.

Companies with successful backup procedures have tested and refined them over time. Some best practices include specifying that all data–on laptops, PCs and in the data centre–must be backed up and that backup should be taken frequently. For example, mission-critical applications may require several backups during the day while most applications get by with a daily backup. A full backup can be done once a week.

Rotating among multiple sets of tapes to protect against a bad piece of media, having multiple backup copies and circulating a copy offsite will greatly increase reliability.

While backup consists of active and inactive data, archival consists of inactive data that needs to be retained for use in the future or for regulatory reasons.

Regulations mandate that certain data be kept unaltered for an extended period of time. Long-term archival forms a legal record. To maintain data integrity and reliability for compliance, companies must ensure the following:

  • Prevent the alteration and deletion of information by enforcing access controls and logs.
  • Keep a secure audit trail of changes and deletions.
  • Store data on non-rewritable, non-erasable storage media.
  • Make data easily and readily accessible.
  • Establish a data migration plan.

Data migration is a set of organised tasks designed to achieve the periodic transfer of digital material from one hardware and software configuration to another, or from one generation of computer technology to a subsequent one to enable access in the future. It is also important to determine the various types of electronic data to be retained and migrated over time.

As with backup, long-term archives need to be stored in a secure, environmentally-controlled facility, and in an offsite location. Archival management procedures should be in place to periodically inspect archived media for obvious damage or contamination.

One of the ideal solutions for long-term archival today is a new generation tape drive with WORM (Write-Once-Read-Many) capability. This offers a longer shelf life, higher capacity and durability, and costs two-thirds less than a hard disk drive per gigabyte. Another key advantage is that this new generation of tape drives is backward-read compatible.

Finally, data protection and compliance is about people and processes, not just technology. Over and above the right infrastructure, managements should put in place plans and procedures on handling corporate data, to reduce the risk of human error and prevent crime. Compliance is important but the realities of modern business life also make data protection more crucial than ever.

The author is the MD for Asia Pacific, Quantum Corporation. He can be reached at emil.kobylarz@quantum.com

 


Untitled Document

UNSUBSCRIBE HERE
Untitled Document
© Copyright 2001: Indian Express Newspapers (Bombay) Limited (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Bombay) Limited. Site managed by BPD.