Picking up where Part 1 of our focus on the storage industry's "Compliance Effect" left off, part 2 examines how compliance issues will likely evolve over the next five years, addresses what organizations can do now to get the ball rolling to be ready for future data retention rules, and reveals which current and emerging storage technologies might make satisfying regulatory requirements easier in the future.
With the onset of the data retention requirements recently handed down by the federal government, storage industry professionals are taking the first steps in a rather daunting process of significantly changing how information is managed and retained. And, as with any new requirements, the issues that storage professionals are now facing will likely change and evolve over the next five years and possibly make the storage administrator’s job even more complicated.
Wayne Lam, vice president of professional services at FalconStor, says that backup windows will be squeezed tighter than ever and that storage administrators will more and more have to look for storage solutions that can meet both everyday needs and the requirements of federal regulations. In order to help ease the burden that many storage administrators face, Lam says that they will need to implement the following:
- Solutions that lower TCO so that cost-effective disks can be used
- Solutions that include instant (full, incremental, and differential) point-in-time snapshot-based backup disks for immediate, easy recovery of individual files and records, and/or entire volumes via granular rollback
- Accelerated backups with little or no impact on application servers to eliminate the need for a backup window
- Transactional integrity and point-in-time consistency when backing up databases and message stores with application-specific snapshots
According to Mehran Hadipour, vice president of marketing at Kashya, Inc., all major storage networking vendors (Brocade, Cisco, and McDATA) are deploying intelligent switches with sophisticated applications running on the storage network that provide data retention services for the heterogeneous storage on the network. “These solutions will reduce the cost of data protection and enable deployment of a single flexible solution for enterprise data,” says Hadipour.
Getting Ready for Future Data Retention Rules
Although it may seem like a pretty dreary picture, there are things that storage administrators can do now to get the ball rolling in preparing for future data retention rules. Lou Harvey, technical business architect at Maranti Networks, says that one of the most important things is ensuring that the infrastructure is able to support the regulatory requirements.
“The key is proactive assessment of data flows in conjunction with all the business layers within a company, using ISO 9000-based methods and procedures,” says Harvey. “This will allow discovery, assessment, and documentation of the current challenges, and will allow a managed process and re-engineering of the baseline business processes through retention requirements by data class and business role.”
Harvey also points out that storage administrators can work on standardizing the retention and management of the document repository services. And, he says, storage administrators must begin to invest in networked retention and management infrastructures that support acquisition, retention, and automated destruction processes to meet and support these baseline business processes. And finally, administrators can use intelligent architecture policies that are enforced within an application-aware storage network infrastructure.
Making Life Easier
Another issue facing storage administrators is defining what current and emerging storage technologies will make satisfying regulatory requirements easier in the future. Jon Toor, director of product marketing at OnStor, says that today a large part of the regulatory issue is simply understanding the requirements themselves.
“Once that gets sorted out, attention will return to the more traditional IT concerns, such as which vendors offer solutions that are reliable, manageable, and affordable,” says Toor. He adds that when buyers are addressing the above three-mentioned concerns, they need to look at the attributes that each offers when evaluating compliance storage solutions:
Reliability: Data replication will be a key element of compliance, and that replication must be reliable and efficient. “Data will inevitably be replicated to both offsite locations and to local low-cost disk storage, and SAN-based replication — as opposed to LAN-based — will be the preferred technique,” says Toor. He also points out that moving data at the SAN level is a direct one-for-one copy technique that is inherently simpler and more efficient than LAN-based methods that impose significantly more overhead.
Manageable: Toor says that demands for compliance are not always going to result in IT headcount increases, so a useful solution must be easily managed. “If a solution requires a whole new management software suite, or requires a raft of professional services to manage, it may not be the right choice for most companies,” says Toor. He says that the ideal solution should integrate with existing software to minimize disruption, yet offer unique integration where appropriate.
Affordable: Although disk-based retention could significantly boost the overall cost of storage, Toor maintains it doesn’t have to. It’s simply a question of how it is implemented. “Single-vendor mirroring solutions have been costly in the past, but new low-cost SATA-based SAN arrays and simplified data management will cut the cost of data replication,” says Toor. He concludes by pointing out that these solutions will be so cost effective that data management cost reductions and productivity gains resulting from increased data availability may far outweigh the cost of the solution itself.
Even though all of these new compliance issues and regulations will probably make data retention just one more big headache in the ever-growing list of other big headaches that storage administrators face every day, the fact is organizations across the globe have been meeting compliance issues in one way or the other for quite some time — and have seemingly made it through the maze of confusion. My guess is that we can – and will – do the same.