Compliant data storage systems take care and effort to implement, but have surprising business benefits, says Stephen Watson.

Many companies are taking a long look at how compliant they really are with data legislation. They may face apparently contradictory requirements, for example on the one hand ensuring that data is safe from prying eyes, while on the other making sure data can be readily retrieved to comply with legislation such as the Data Protection Act. Compliance, therefore, touches on all areas of computer systems - and wherever there is data, there must be storage.

Data storage can help compliance through media that provide absolute, verifiable proof of its provenance. A prime example of these are write-once, read-many (WORM) technologies, which do not allow data to be altered. This is a direct mapping of the media onto legislation such as Sarbanes-Oxley. High-speed, high-capacity storage such as Ultrium linear tape open (LTO) uses tape cartridges to offer smaller companies easy routes to compliance (see page 47). Some more advanced solutions have compliance embodied into their operating systems, as they provide complete audit trails back through data in each format all the way to the original item on a hard drive.

However, the organisation - or rather the workforce - needs to be compliant as much as the technology. Consider the situation of staff who are away from the office, and may not log onto the system from their laptops for a couple of days. When they eventually do log on, they may be requested to back up data or update their anti-virus definitions, and the temptation to cancel this is strong. Employees are not part of the system while they're away and therefore outside the compliance environment, but the moment they plug back in they re-enter this environment and immediately become a threat to it. Technical solutions to this could include blocking users until they comply, but this dictatorial approach could at best irritate people and at worst prevent them from working quickly in urgent situations. So compliance needs to be part of the organisation's mindset for any technical approach to work.

But there's more to it than obeying rules. A compliant system is also a high-performing one yielding numerous business benefits. Like the world around us, the compliance environment benefits from recycling and the reusing of data, so make the most of the storage hardware you already have and the data you've already archived. Remember that marketing campaign you ran several years ago that would be perfect today? Instead of reinventing the whole thing from scratch, wouldn't it be great if you could just pull out that information from the archives and be up to speed really quickly, using the same tactics, the same plans, even the same people if possible. That way, you could save time, effort and money, and could get to market faster.

Compliance can also work in your favour if you are challenged to provide an item of data as proof in a court of law. Compliant media solutions will yield original data, and compliant hardware/ software solutions will support this with unalterable time stamps. Without the right kind of storage in place, there could be much nail-biting and panic-stricken searching. This is bad enough, but during all this time, publicity could be growing that your organisation is vulnerable, and other customers could start beating a path to your door with similar claims. The power to be able to rebut these quickly can be crucial.

Compliant systems also come in handy for disaster recovery and business continuity. If the oil depot next to your office blows up, insurance companies will cover the cost of your hardware, but they will not compensate you for the archived data you have lost, as this is simply unquantifiable. Yet this information could be priceless for your business - if you lose details of your customers, clients or creditors, you could be in serious trouble.

And if you want to take the step from disaster recovery through to business continuity - that is, seamless failover potentially without anyone even noticing there's a problem - you need to consider at what point your operational data becomes archive data, and start thinking about how much and what kind of data you could cope with losing, and how much you can afford to spend. If you have covered all bases with regards to compliance, it is more than likely you've already considered these issues.

More than anything else, a compliant system allows your company to play. You suddenly find that, with your storage both secure and responsive, you're able not just to streamline business processes and save money but, more importantly, you're free to innovate. You can respond to opportunities and get to market much more quickly. Instead of keeping one eye on the past and another on the present, you can shift your perspective and monitor the present while looking ahead.

Fast-moving world

So compliance can provide a platform for future growth. But what does this future hold? As people increasingly work away from central locations, either out of choice or because of restrictive costs of travel, they will want to store information locally in case they are unable to connect to the central system. They will want this storage to have larger capacity, yet fit in their pockets, while being secure and cost-effective. This may be more convenient for staff working remotely, but it means more data requiring more backup while users are outside the immediate scope of the compliant system.

And storage is getting faster. In fact, we have now reached the significant point where storage speeds have outpaced processing, with systems incapable of searching five billion email objects in less than three seconds. So systems may start to be classed in terms of storage speed rather than processing power. This is an acknowledgement that the bottleneck has shifted and will influence purchasing strategies that include storage as part of compliance considerations.

Another change could be that data will increasingly be seen as a utility, to be plugged into just like electricity, water or telephones. We already have many companies delivering software using application service technology (ASP), in which programs are run and data stored on a company's servers and delivered to the client, almost as a return to the era of dumb terminals and mainframe systems. But as people find travel increasingly expensive or difficult, or inconvenient, they will expect to be able to plug into their storage wherever they are.

This could bring about a fundamental shift in how we regard storage, in that it will be virtual, accessible anywhere and owned by dedicated storage utility companies. We could even see entire companies outsourcing their storage needs, along with the rest of their IT infrastructure.

As specialisations split and companies become virtual, it will be a challenge for compliance strategies to encompass this virtualisation. Questions will be raised over responsibilities for storage and data protection, over who is liable to prosecution in which circumstances, and upon whom the responsibility lies to provide proof. In an age where companies won't exist in their current form, where storage is distributed and utilised, compliance may face some tricky challenges.

- Stephen Watson is SWD product marketing manager at HP UK.