IBM takes the sting out of compliance

Posted on March 17, 2004

RssImageAltText

By Heidi Biggar

When it comes to regulatory compliance, no two users are alike, nor is their data. These differences can make it difficult for organizations to implement effective regulatory compliance processes, let alone build flexible IT infrastructures to support these policies and the various types of data involved.

With the recent introduction of the Data Retention 450 system, IBM hopes to take some of the sting out of the process by building an integrated system that it claims makes it easier for users to address a growing list of regulations (e.g., HIPAA, Sarbanes-Oxley, SEC 17a, etc.) and compliance issues, as well as other non-regulated data requirements.

While IBM's system is designed for any type of "retention-managed data"--a term Big Blue uses to refer to any data that needs to be kept for an extended period of time in a non-erasable and non-rewritable format--it is not limited to regulated-data types.

"We're giving users a new approach to compliance," claims Alan Stuart, IBM's chief strategist for compliance and data retention. "We didn't just design a storage box with certain speeds and feeds; we applied technology to a business problem."

"As a practical matter, the effective use of [any vendor's product] requires a top-down understanding that starts with a review of business practices and then transcends into applications, primary files, and 'feeder' files," says Jack Scott, a partner at The Evaluator Group consulting firm.

IBM's Stuart says users need to first establish business processes (i.e., determine what types of records they have, which ones they need to save, why they need to save them, how long they need to be saved, and what should happen to them when they are no longer needed) and then enact policies for data retention, data management (e.g., moving data among storage tiers), and data deletion.

Integrated Tivoli Storage Manager (TSM) for Data Retention software--an extension of TSM--provides this policy management capability in the Data Retention 450 system, as well as other data-retention features. TSM for Data Retention was initially announced last fall as part of a broader compliance announcement.

Highlights of the TSM for Data Retention software include events-based record management/retention; a new "deletion hold" function that prevents certain files from being deleted regardless of the established policy; hierarchical storage management (HSM)-like support among storage tiers; and new device support for DVD-ROM and, in particular, write-once read-many (WORM) tape.

Rather than tracking data chronologically, TSM for Data Retention keeps data online until a specific event occurs (e.g., a piece of data reaches a certain age, a customer financial account is closed, etc.). The minimum/maximum retention periods and post-retention dates are established by the user.

"We recognize that there are differences among data types, and we realize that users are going to need to keep data for long periods of time," says Stuart. The idea is to move retention-managed data types off primary disk and onto the 450 and to supplement that with tertiary storage (e.g., tape) as needed, he explains.

The 450 integrates IBM eSeries servers, FastT disk arrays, and TSM for Data Retention software. However, the components are also available separately for users that want to assemble their own systems and mix in other server and storage platforms. IBM is reportedly working on other versions of the product that will support other software applications. Currently, the 450 can be used in conjunction with IBM DB2 Content Manager for Data Retention Compliance software in content-management applications

The Data Retention 450 has a starting capacity of 3.5TB and scales to 56TB. The system is priced from $144,000.


Comment and Contribute
(Maximum characters: 1200). You have
characters left.