This will also add value to the information owned by the organization. Furthermore, it can evolve to meet future business objectives and reduce the TCO as well.

In recent years, compliance has become a hot topic in business because of some high-profile cases where large corporations were fined for their failure to keep proper records. New legislation and concerns about compliance have put data storage at the top of the business agenda. But rather than adding an extra expense, this creates an opportunity to drive best practices in data protection and improve the methods used for back-up, recovery and archive.

Even though compliance is primarily a technological issue, the problem can't be solved just by buying a product. Compliance is not a technology decision but a combination of processes and procedures, incorporated into an efficient foundation of back-up, recovery and archive. This means every enterprise must draw up a plan for its storage of data, then execute this plan in a variety of different business functions, so everyone has the same rulebook. If the plan is executed well, it will also add value to the information owned by the organization. 

If companies can get their storage strategies right, they not only insure themselves against prosecution, but also establish a technology foundation on which to build compliance. This helps them move toward future data management capabilities, such as information lifecycle management, in line with their corporate business objectives.

Storage strategies should not isolate compliance as a separate issue but incorporate compliance as the central requirement. Developing the strategies should also create an opportunity for line-of-business managers to partner with IT departments, sharing knowledge and working towards mutual goals.  

Importance of data
Data is getting imperative by the day and is an inherent part of every organization. Business is increasingly dependent on data and digital storage devices. Fast, easy access to live and historical data is essential to business success, adding value and reducing costs.

More than 90% of the information generated by business today is in digital format and 70% is never printed. Because digital devices are so intelligent and easy to use, people produce much more data, thus creating new problems for storage. 

According to IDC, the number of business emails sent every day will be over 60 billion by 2006, with 60% stored in messaging systems. Apart from information overload, the chief problem is that data is usually stored on a wide range of different devices in different locations. This makes it much harder to manage and also tends to lower productivity. 

Data protection
To ensure compliance and manage their data, companies need strategies for data protection, which take account of three key areas. These are: existing regulations for the storing of records, litigation risks and internal operational use of the data. 

Besides obeying the law, it is also important to ensure efficient back-up, recovery and archive to meet basic business objectives like cost reduction, risk management, productivity improvement and operational efficiency. It's also imperative to make sure all records are centrally managed. Otherwise, end-users have too much responsibility and may delete data by accident or by design. 

To make the plan work, every user should therefore be trained. Data protection should focus on administrative, technical and physical criteria-for digital as well as other documents. 

Compliance requirements for digital data can also be classified in four categories: integrity, retention, accessibility and auditability. And the systems used for back-up recovery and archive provide the foundation for meeting these four main
requirements.

Organizations need to maintain an available, verifiable and intact copy of data. A solid framework of automated backup infrastructure, procedures, verification and offsite vaulting is needed to ensure data integrity, even in the event of physical or logical destruction.

Classify your data
Proper classification of data throughout its lifecycle is imperative. Regulations may govern how long data needs to be retained and these requirements ought to be part of the classification criteria. These requirements will, in turn, mandate that data be stored in the most appropriate format and media, and migrated prudently.

Data accessibility requirements vary depending on their type, when they were instituted and regulations.  Organizations need to be able to securely find and access data for discovery, so it's vital to establish recovery time objectives for different classes of data and assign the data to the appropriate, most cost-effective storage device. Maintaining a well-ordered index and search capability also helps recover the data.

Beyond managing data, organizations must ensure their policies are working. A secure, controlled audit trail should be maintained to track data creation, changes and deletion as well as access, permission and structural changes.

An efficient foundation of back-up, recovery and archive combines appropriate technology and operational best practices. If the business gains control of its storage environment, it can achieve compliance and evolve to meet future business objectives. By using a flexible, evolutionary approach to data protection, it is also possible to cut the cost of ownership and increase confidence in the integrity of the stored data.

Sunny John is Country Manager of Quantum India

Page(s)   1