IBM Debuts Compliance-In-A-Box Device

IBM on Thursday unveiled a compliance-in-a-box device targeting businesses and government agencies that need to preserve data required by the growing number of new laws and regulations.

The TotalStorage Data Retention 450 bundles hardware -- a server and associated storage -- and data retention software in a single, secure rack cabinet, said IBM. It is aimed at companies that must comply with laws such as Sarbanes-Oxley, the Health Insurance Portability and Accountability Act (HIPAA), and the SEC's Regulation 17a-4, all of which force organizations to better account for their data and prove that it's not been altered.

Powered by an IBM eServer p615 using one or two Power 4+ processors and running the AIX operating system, the all-in-one device can be equipped with a wide variety of storage devices -- more than 600, according to IBM -- including less expensive tape storage hardware. It can be configured with as little as 3.5 terabytes of storage capacity or as much as 56 terabytes in one or two FAStT600 servers.

The heart of the Data Retention 450 is its data policy and retention software, Tivoli Storage Manager for Data Retention. Tivoli can verify that data is written correctly, ensure that no modifications are made to the information once it's stored -- a critical requirement of compliance laws and regulations -- and uses policies to automatically store data for the required amount of time or until a defined event occurs. During an audit, for instance, Tivoli will refuse to allow deletion of data for an indefinite period -- even if other policies say it can be dumped -- and release it only when the investigation or litigation ends.

IBM isn't the only vendor fighting for market share in the compliance space. In fact, analysts see the Data Retention 450 as a direct response on EMC's similar Centera Compliance Edition, which debuted in April 2003."IBM's not doing this in a vacuum," said Jack Scott, an analyst and managing partner with the Evaluator Group, a Colorado-based research firm that specializes in storage. "IBM's putting this together due to EMC's recent acquisitions -- primarily Documentum -- and the noise it's making in the compliance area."

But he gives the nod to IBM, even though it's coming to the compliance device party later rather than sooner. "I think IBM has a slight margin over EMC here," said Scott.

"The hardware of the 450 is sort of ho-hum," he said, "but the real story is the Tivoli Storage Manager."

He gives the Data Retention 450 the thumbs up, he added, because of the robustness of the Tivoli software specifically, and in more general terms, the broad range of content and storage management in IBM's portfolio.

"One of the things that used to frustrate me while looking at IBM in this area is that it has the resources and lots of products, but no one attempted to bring them together. I'm delighted to finally see IBM bringing all this together."IBM's Theresa O'Neil, the director of market strategies for the company's storage platforms, stressed other advantages of the 450 over the competition, including the ability of compliance officers and IT staff to set event-based retention policies that don't hinge exclusively on a set length of time.

"Most compliance solutions retain data based on time...three years or 30 days or whatever... but there is a lot of activity that will go beyond those kinds of terms," she said. An example might be a mortgage firm holding a note for a 30-year loan. Simply setting the retention period to 30 years won't cut it, O'Neil said, because the loan may be paid off before its end, and so the data could be dispensed with.

Data compliance is a hot topic among enterprise storage pros, in large part because of several approaching deadlines. Sarbanes-Oxley, for instance, has a pending June 2004, deadline, while final compliance with HIPPA's security standards looms in 2005.

Prices for the Data Retention 450 will start at $141,600. The device will ship in March.