The Complexities of Storage Compliance

Time to create a strategy and framework for enterprise data

Kurt Hildebrand

We live in a hyper-connected world filled with business executives who are hyper-sensitive about data security. As they should be.

The healthcare and retail industries seem to be the most at risk. Since 2009, 29.3 million patient healthcare records have been compromised. With the growth of healthcare systems surging in 2014, so will breaches of data and patient privacy, according to industry reports. In retail, with a national chain’s 2013 holiday cyber-security failure still fresh in consumer’s minds, a major arts and crafts supplier confirmed that there was a security breach within some of its U.S. credit card processing systems between May 2013 and January 2014. That breach may have compromised about 2.6 million credit cards.

Security liabilities are magnified by government regulations around privacy. There are thousands of state and federal regulations that mandate how companies should handle stored electronic records, many of which target general accounting and communications practices, such as the Sarbanes-Oxley Act or Securities and Exchange Commission rules. In addition, liability concerns always linger around electronic discovery – the process in which stored data is sought, located, secured, and searched as evidence in a civil or criminal case.

All of this means that the way companies manage data across the storage infrastructure must include defined processes and an over-arching information governance policy.

According to the Data Governance Institute, organizations need a formal data governance framework when 1) Organizations grow too large and IT systems are so complex that traditional management isn’t able to address data-related cross-functional activities, and 2) when regulations, compliance, or contractual requirements strain the IT team’s data architects. Chances are, your organization falls into one or both of these categories. Whether data is housed in the cloud or onsite behind the firewall of the enterprise, IT governance is about control: User policies, management of data across end-user devices – including mobile devices, security to protect privacy, visibility into data to comply with regulatory and e-discovery requirements, which includes the ability to search records and have an audit trail of activities.

Given the explosion of enterprise data generated by both structured and unstructured data, such as big data, and the proliferation of mobile devices in the workplace, it is time for hyper-connected corporations to appeal to their hyper-sensitive business leaders and reevaluate the current enterprise storage architecture, best practices, and policies for holding on to and accessing data.

Start with an overall assessment that includes an inventory of current storage systems and a capacity analysis and measurement of storage usage. Look at the type of data that is stored and then calculate the total cost of ownership. Once a baseline is established, start looking at the rules of engagement to ensure data is secure and the enterprise is ready to comply with whatever future regulatory rule may come along.

Justifying a storage refresh? Get SMART! Learn how next generation technologies can create a cost effective model with unrivaled flexibility. Get S.M.A.R.T. today.