The need to invest in technology to help alleviate the burden imposed by regulators, requiring organisations to demonstrate both data integrity and business efficiency, has led some industry commentators to predict a wave of increased spending on compliance- related projects.
Indeed, analysts at market watcher IDC reckon that such investments – in software, hardware and services – will total $1.1 billion globally in 2005, climbing to over $2 billion in 2009 at a compound annual growth rate of 22%.
"A significant amount of risk and material weakness exists within IT systems," said Julie Marobella, senior research analyst at IDC. "As a result, there is an increased onus on IT departments to audit, monitor and report on all systems. This increased need will drive organisations to invest in technologies and services that help to ensure sustainability of compliance-related processes, mitigate risk and manage ongoing costs."
Widespread reports of IT directors being given greater leeway to spend on technology as evermore stringent business regulations have been imposed has encouraged vendors to offer many existing products as compliance ‘solutions'.
But any notion of a solution is something of a stretch. When it comes to storing and managing data, being compliant means imposing certain standards across the organisation.
And, frequently, different pieces of legislation demand different standards of storage and security around different data sets. There is no single solution to achieve this; instead organisations need to introduce standards of data and records management that can apply to a whole range of circumstances, say analysts at research group Gartner.
The confusion does not just lie in conflicting rules. "Many organisations are spending too much on IT-related compliance work because they haven't clearly defined the scope of what's necessary," says Carol Rozwell, an analyst with industry adviser Gartner.
Rozwell advocates IT taking a role in ensuring data integrity, but cautions that introducing point solutions for specific pieces of regulation risks adding unnecessary costs to the IT budget.
One approach to managing data to meet compliance needs has been the concept of information lifecycle management. At its heart, this model relies on storing data on media that is most appropriate to its organisational value. Vital customer data that is likely to be used frequently resides most naturally on high-end storage devices.
As the data becomes older and accessed less regularly, it can be migrated to lower cost tape. However, when organisations need to rely on accessing that data in the future, they need to make choices about the reliability of that tape during high-volume, high-speed backup and archiving.
Such an approach to data management can involve numerous vendors, from the storage hardware providers such as EMC, IBM and Hitachi Data Systems, to storage tape manufacturers like StorageTek and Fujifilm and storage software companies such as Computer Associates and Symantec.
There is also a central role for auditors in assessing both compliance requirements and the degree to which an organisation satisfies relevant rules. But the key is to establish solid relationship: "Companies need to ask the consultants how [their organisation] can comply while consistently moving forward and changing their operations," says Christine Ross, principal analyst at Forrester Research.
As that underscores, meeting regulations is not a one off event.