Users Self-Destruct on Governance

NEW YORK -- C3EXPO -- Cultural challenges still stand in the way of a firm's attempts to manage its data for compliance purposes, warned Steve Adler, program director of IBM's data governance business. (See IDC: 'Users, Do Your Homework' and CA's Clarke: SOX Driving IM.) But Adler, delivering the keynote here today, suggested that ILM could help firms meet this challenge.

"What often gets in the way when we try to govern data?" he asked attendees. "It's the organization itself."

Underlining this point, Adler explained that the business and IT sides of an organization often see data differently. Business execs, he said, see data as "the raw material of revenue generation." But on the IT side, users typically see data purely in terms of cost. "Its that darn stuff that we have got to maintain."

In order to get past these issues, Adler urged users to undertake a "data governance" project "to find out what people recognize, understand, and know."

The Sarbanes Oxley (SOX) Act, passed in response to the scandals at Enron, WorldCom, et al, requires company managers to attest that they have established and maintain internal control over their company’s financial reporting. (See Gartner: Sarbanes Struggle Continues and SEC Extends Sarbanes Compliance.)But SOX is not the only regulation giving CIOs an ulcer. Other pressures include the Health Insurance Portability and Accountability Act (HIPAA) and the Basel regulations in Europe. (See Duke Speeds Info Access and Dental Society Picks AmeriVault.)

The key to handling data effectively, according to Adler, is end user buy-in. "It's getting everybody to take responsibility for governing data efficiently," he said. Adler explained that this is not just the domain of security and compliance officers, but everyone within an organization.

An application engineer from a local government body, who asked not to be named, agreed that this is a major issue, although he said that his employer is tackling the issue head on. "They have already let each employee know their responsibility," he told Byte and Switch. "Every time you log on, there's a message letting you know that the PC is owned by the local governmental body."

The organization has also implemented stringent security policies, according to the engineer, which limit staff access to data. "Whatever the person's job is, data entry or reviewing the data, there's a certain security level associated with it," he said.

Certainly, compliance is high on the agenda for CIOs and their IT managers, with regulations, particularly SOX, expected to boost storage spending this year. (See Users Splash Cash on SOX, Compliance Takes IT Bite, and AMR Sees $6B in SOX Spending.)Adler sees ILM playing a key role in any compliance effort. "I think it's going to be increasingly important." He explained that users need to consider both the availability and the value of their data when shifting it across different storage tiers.

Although the exec was unwilling to give specific examples of this, one member of the audience suggested that data associated with quarterly financial reports, for example, could be moved across different storage tiers for compliance purposes. "You could have really valuable data that's accessed very infrequently," said Adler. "You have to make that judgment."

The major vendors are lavishing attention on ILM. Last week EMC added more flesh to the bones of its own offerings in this space. (See EMC Intros IIM.) Other users, such as Intel, have already voiced concern about classifying existing data so that it can be built into an ILM strategy. (See Intel Faces ILM Challenge and Users Cite ILM Shortfalls.)

That said, there are also examples of firms that have successfully reaped the benefits of ILM, although, up until now, the technology has been more closely associated with storage consolidation than regulatory compliance. (See Quicken Loans Advances With EMC and Warner Bros..)

— James Rogers, Senior Editor, Byte and Switch