In 2004, It's Comply or Die

The rule of thumb for storing business records in this dawn of strict government regulations: When in doubt, leave it... in. (Hey! Theres no poetry in compliance.)

That was the message of a former Securities Exchange Commission (SEC) chairman and a storage networking research analyst today during a Webcast, sponsored by Veritas Software Corp. (Nasdaq: VRTS), on the challenges of compliance. When keeping business records to comply with federal regulation, never assume anything is unimportant. That goes for email, instant messages, and text pages -- which all can be considered business transactions and even evidence for investigators under new laws.

“If you have the slightest question about it, store it,” says former SEC chairman Arthur Levitt.

So while negligent CEOs and directors at companies like Enron caused the mess that brought about regulations mandated by the Sarbanes-Oxley Act (SBO), the Patriot Act, the Graham-Leach-Bleley Act, and other new laws, much of the burden of compliance will fall to IT. Specifically, storage administrators.

These regulations set new requirements for companies to comply with, regarding their essential business data. The laws govern the process and methods organizations use to create, store, retain, and access records. It all adds up to storing more information longer, and with greater risks for failing to do so.Even members of the financial establishment who advocate the strict new guidelines wonder if the process will overwhelm businesses.

“This is a new regulatory environment you’re all playing in,” Levitt cautioned in the Webcast. “We have an obligation not only to store vital corporate data but to ensure it is retrievable and auditable. I don’t think anyone would minimize the enormity of the task.”

Levitt points out that the SOA requires companies next year to make annual reports available in one-third less time than allowed by current laws. The window to prepare quarterly reports will shrink to 35 days (down from 45), and companies must disclose how they gathered their data.

Not only must data be gathered more quickly and with more accountability. There will be much more of it as well. A report by The Enterprise Storage Group Inc. forecasts a 64 percent compound annual growth rate in the volume of compliant records over the next four years. Financial services, healthcare, life sciences, and government industries will generate much of that growth.

“Compliance is not optional,” growls Peter Gerr, an ESG research analyst who co-authored the study. “We’re just seeing the beginning of what is a big ripple effect. IT and business professionals must ensure hardware systems and software are flexible, scaleable, and minimally disruptive to current business processes.”Gerr says he spoke to IT and business professionals for four months while researching his report, and he found that few are prepared for the job ahead:

“We are really ill prepared for the level of data protection and storage requirements necessary for the level of growth" of data. Companies are especially unprepared in the area of records management.

“What we’re seeing is, records management isn’t a mainstream practice," Gerr grumbles. "I think content management and document management vendors have an important role to play because they understand records management and workflow.”

Given all this, it's no wonder nearly every software vendor in networking storage is pushing compliance products. Ask us: We have the emails, IMs, and text pages to prove it.

— Dave Raffo, Senior Editor, Byte and Switch