Compliance has made the case for efficient storage solutions. Use them to deliver long-term business benefits, says Ian Cook.
The retention of data has become one of the most pressing issues facing business today. From SOX to Basel II, new laws and international regulations are making companies address the way they manage data from conception to disposal. Compliance has propelled storage from back-office obscurity and brought newly raised budgets, the likes of which would have previously been unimaginable for a storage architecture.
However, companies were already beginning to realise that data was one of their greatest assets and could deliver real business benefits if managed effectively. The risk now is that the pressures of compliance will distract companies from realising the full business potential of their data, forcing them instead to focus on auditing and protecting it.
Yet this need not be the case. Before starting any project, IT storage solution providers can work with customers to help them understand their storage needs based on the business and legal requirements for their data. By taking time to identify which data is important to an organisation, and understand how to manage, share and protect it, forward-thinking companies can manage data from its point of creation right through to its archiving and retrieval. This Information Lifecycle Management (ILM) can deliver real business value and help to achieve the best practice that underpins much of today's compliance regulations.
All data is not equal. The first step is to use ILM to assess which data is really important, determined by its usefulness to the business and its associated risk. What grades of data are stored within an organisation and who needs to see it are the basic building blocks of a successful ILM project. Similarly, taking time to understand the priorities different parts of the business place on different data, and the process and reporting capabilities that help them use this data effectively, is essential. Everything else will stand or fall based on how complete the original data capture is, and decisions based on high-quality information will have better foundations than those based on poor or incomplete information.
Only once data has been categorised as to its business value and risk, how it needs to be accessed, and by whom, should consideration be given to the type of storage solution. The new Basel II accord requires financial services companies to store a vast amount of customer data so they can reduce the amount of capital set aside to cover risks. Access to this after the transaction is completed will seldom be required, but compliance dictates that companies manage and protect this data in an appropriate way. In contrast, timely access to customer correspondence, audio recordings of customer complaints and access to a company's transactional database can improve both the quality and speed of customer service, and even reduce customer service costs.
So enabling a business to access data at a speed and cost that reflects its value is a compelling business argument, and getting the ratio right is intrinsically linked to storage optimisation.
As storage becomes more sophisticated, it is possible to architect a consolidated physical or virtualised storage network to combine existing storage infrastructure with best-fit technology. So while it may make sense to store primary, high-value data on disk, it can be up to 50 times cheaper to store tertiary data on tape.
Architecting a storage infrastructure in this way ensures data storage costs grow in proportion to the relevant “active” data in a company's disk drives and not because of the total volume that needs to be stored. Cleaning and de-duplicating a company's existing storage can also yield significant re-use of space and further reduce the overall cost of an holistic ILM strategy. Optimisation of this nature ensures that a company increases its ROI on assets. It also guarantees a reduction in the cost of storage compliance on an ongoing basis, while enabling timely access to essential information.
Keeping data is one thing. Keeping it safe is another. An information audit in the early stages of an ILM project will not only help to assess the best types of storage to implement, it will also ensure safeguards are put in place to protect the data that falls under the corporate governance banner. SOX, for example, requires companies to file an internal control statement with its annual report that includes “an assessment… of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.” Identifying this data in the early stages of an ILM implementation, and establishing reporting and auditing capabilities to demonstrate that storage management policies and processes are compliant, will ensure that systems and procedures are reliable and that data is protected as it needs to be.
Undertaking an early assessment of an organisation's storage needs is, of course, only the starting point. If carried out thoroughly, it will provide a solid found-ation on which to build an holistic storage environment – one better able to respond to users because the data is understood, better able to provide a competitive edge because data will be organised, and better placed to adhere to regulations because information is managed from conception to disposal. Addressing the fundamental issues of business efficiency and competitiveness as it does, it is little wonder that storage has become the boardroom topic of the day; the only question is why it hasn't happened sooner.