Archive Data Management - How compliant is your solution? Part 1 of 2
-
Upload
ipexpo-online -
Category
Technology
-
view
213 -
download
0
Transcript of Archive Data Management - How compliant is your solution? Part 1 of 2
2
• Many organisations today are faced with compliance regulations that impact their ability to store data effectively. This combined with data growth causes major headaches for the IT department who are being tasked with reducing costs whilst maintaining a compliant solution.
ADM Compliance
3
• Many organisations today are faced with compliance regulations that impact their ability to store data effectively. This combined with data growth causes major headaches for the IT department who are being tasked with reducing costs whilst maintaining a compliant solution.
• Whilst most of these organisations opt for archiving solutions to classify and store data in a compliant form, there are many implementations where the actual data is stored on non-compliant devices
ADM Compliance
Hyper Information GrowthVariety, Volume and VelocityCapture, Collection, RetentionPreservation
The Information Challenges: Market is evolving
Hyper Information GrowthVariety, Volume and VelocityCapture, Collection, RetentionPreservation
Regulatory/Industry Compliance– Basel II, SOX, Euro-SOX, J-SOX– FRCP– PCI-DSS
The Information Challenges: Market is evolving
Hyper Information GrowthVariety, Volume and VelocityCapture, Collection, RetentionPreservation
Regulatory/Industry Compliance– Basel II, SOX, Euro-SOX, J-SOX– FRCP– PCI-DSS
New applications– Social Networking– On Demand applications – Cloud
The Information Challenges: Market is evolving
Hyper Information GrowthVariety, Volume and VelocityCapture, Collection, RetentionPreservation
Regulatory/Industry Compliance– Basel II, SOX, Euro-SOX, J-SOX– FRCP– PCI-DSS
New applications– Social Networking– On Demand applications – Cloud
Data multiplier effect– Backup, D/R, Test, Dev
The Information Challenges: Market is evolving
Hyper Information GrowthVariety, Volume and VelocityCapture, Collection, RetentionPreservation
Regulatory/Industry Compliance– Basel II, SOX, Euro-SOX, J-SOX– FRCP– PCI-DSS
New applications– Social Networking– On Demand applications – Cloud
Data multiplier effect– Backup, D/R, Test, Dev
Mergers and acquisitions
The Information Challenges: Market is evolving
10
Inability to produce critical information under punitive scenarios and deadlines
Runaway storage and infrastructure costs, with power, space andbudget challenges
Valued information is buried beneath too much unnecessary information(over-retained, duplicated, irrelevant)
No information visibility:to unlock what, why, where in a trusted accurate manner
The keep everything forever model has failed
Information Chaos Creates Many Challenges
11
Unnecessary InformationOver-RetainedIrrelevantDuplicated
Necessary InformationValuedHigh RiskCompliant
How much of your information is over-retained, irrelevant or duplicated?Three month study conducted by University of California confirmed that
90% of the data was never accessed after being stored on diskAnother 6.5% of the data was accessed only once
Why would you want to archive any information that is not necessary to keep?
Value of information: Information Life cycle
ApplicationDevelop / Test
InformationCreation / Use
InformationArchive / Retain
Freq
uenc
y of
Acc
ess
and
Use
Time
Born DigitalOver 90% of information is born digital … and the rest should become digital
ExpirationRoughly 95% has a retention policy …very little should be kept forever
Information Has a Lifespan… The Business Value of Information Changes Over Time
1. Can you identify what needs to be archived?
2. How do you make archive management and infrastructure choices?
3. Have you evaluated the level of compliance required throughout?
4. Is your information secure when shared or at rest?
5. Is your infrastructure optimized based on your retention?
6. Are you concerned with being able to do timely legal search (e-Discovery)?
7. Can you backup and recover your servers fast and reliably enough?
8. How are you addressing these requirements today?
What are your risks?
14
Compliance Initiative
Payment Card Industry Data Security Standard (PCI DSS)
• Protect stored cardholder data (#3)• Develop and maintain secure systems and
applications (#6)• Restrict access to cardholder data by business
need-to-know (#7)
15
Compliance Initiative
California Senate Bill 1386 (now California Civil Code 1798)
• SB 1386 requires organizations that lose private information of California residents to report the loss to affected individuals
16
Compliance Initiative
Sarbanes-Oxley Act (SOX) Section 404• Requires corporate management to take
responsibility for establishing and maintaining an adequate internal control structure and procedures for financial reporting
• Requires management to assess and report the effectiveness of the internal control structure and procedures for financial reporting
17
Compliance Initiative
EU Data Protection Act
• Appropriate technical measures must be taken against unlawful processing of Personal data and against accidental loss .. Including controlling access to information
0% 10% 20% 30% 40% 50% 60%
Limited or no abilityto classify data
Tape media costs &management
Meeting e-discoverydemands
Meeting compliancerequirements
Management
All data protection challenges Primary data protection challenges
Current Retention & Compliance process and technology challenges (ESG 2010)
Market trends stressing the IT environment
WW Digital Archive Capacity consists predominantly of file-based content (ESG)
12%
12%
76%
DatabaseeMailFile
Market trends stressing the IT environment
201 0 201 1 201 2 201 3 201 4 201 5
0
25 ,000
50 ,000
75 ,000
100 ,00 0
125 ,00 0
150 ,00 0
175 ,00 0
200 ,00 0
225 ,00 0
250 ,00 0
Pe
tab
yte
s
External Disk, 77K PBs62% CAGR
Tape, 61K PBs44% CAGR
Cloud, 30K PBs123% CAGR
Internal Disk, 57K PBs51% CAGR
WW File-based Archive Capacity will grow by 55% to 226,716 Petabytes by 2015, and, mostly stored on external disk (ESG)
Market trends stressing the IT environment
Regulatory climate is still a major catalyst• Legal / discovery requirements and audits drive accessibility• More industries will be impacted
Files still dominate• File location will change (social media, SharePoint.)• The database bet: retirement• Watch e-mail usage: will it be replaced?
Market trends stressing the IT environment
22
Services
Security & Access
Search
e-Discovery
Legal Holds
Archive
ILM System
Records Management
Disposition
Structured
Example Data Archiving Framework
Repositories
Policy Managem
ent
Compression / Encryption
Storage (Legal/SOX)WORM/SANHigher Cost
Storage (Business)VDisk, NAS, Tape, Vtape
Low Cost
Semi-StructuredApplications Unstructured
Arch
ive
Retri
eve
Arch
ive
Retri
eve
Arch
ive
Retri
eve
Arch
ive
Retri
eve
23
Services
Security & Access
Search
e-Discovery
Legal Holds
Archive
ILM System
Records Management
Disposition
Repositories
Policy Managem
ent
Compression / Encryption
Storage (Legal/SOX)WORM/SANHigher Cost
Storage (Business)VDisk, NAS, Tape, Vtape
Low Cost
StructuredSemi-Structured
Applications
Arch
ive
Retri
eve
Arch
ive
Retri
eve
Arch
ive
Retri
eve
Arch
ive
Retri
eve
Example Data Archiving Framework
Unstructured
24
CEO
CFOFinance
(High ROI)
CFOFinance
(High ROI)
VP Finance(COSO / Risk)0
VP Finance(COSO / Risk)0
Director(SOX, Basel II, etc)
Director(SOX, Basel II, etc)
CIOIT
(Support Biz Growth)
CIOIT
(Support Biz Growth)
VP IT(CobiT … Add Value)
VP IT(CobiT … Add Value)
Director IT(Storage)
Director IT(Storage)
Director IT(Messaging)Director IT
(Messaging)
COOOperations
(Support LOB Strategy)
COOOperations
(Support LOB Strategy)
VP LOB(Application Owner)
VP LOB(Application Owner)
Director LOB(Support Processes)
Director LOB(Support Processes)
Director LOB(Application Owner)
Director LOB(Application Owner)
Sr. Architect(Infrastructure Strategy)
Sr. Architect(Infrastructure Strategy)
Director LOB(Support Processes)
Director LOB(Support Processes)
Director LOB(Support Processes)
Director LOB(Support Processes)
CLOLegal
(Protect Enterprise)
CLOLegal
(Protect Enterprise)
General Counsel(Litigation Strategy
& Support)
General Counsel(Litigation Strategy
& Support)
Litigation Support(eDiscovery& Contracts)
Litigation Support(eDiscovery& Contracts)
Records Mgt(Holds, Retention, Physical)
Records Mgt(Holds, Retention, Physical)
Director IT(ECM Services)
Director IT(ECM Services)
Director(ERP)
Director(ERP)
Strategic Decision
“Implementing vertical or point solutions will greatly increase system complexity and cost and reduce our ability to execute in a timely manner as resources will be diluted across the various point solutions.”
CTOOperations
(Support IT Strategy)
CTOOperations
(Support IT Strategy)
Departmental decisions can also create silos
$ $ $$$