Regulatory response

The need to invest in technology to help alleviate the burden imposed by regulators, requiring organisations to demonstrate both data integrity and business efficiency, has led some industry commentators to predict a wave of increased spending on compliance- related projects.

Indeed, analysts at market watcher IDC reckon that such investments – in software, hardware and services – will total $1.1 billion globally in 2005, climbing to over $2 billion in 2009 at a compound annual growth rate of 22%.

 
 

Compliance best practice

  • Adopt an enterprise risk management framework
  • Manage and measure compliance
  • Consolidate and integrate compliance tools
  • Get data integration across enterprise architecture
  • Establish a chief risk officer

    Source: Forrester Research

     

  •  

    "A significant amount of risk and material weakness exists within IT systems," said Julie Marobella, senior research analyst at IDC. "As a result, there is an increased onus on IT departments to audit, monitor and report on all systems. This increased need will drive organisations to invest in technologies and services that help to ensure sustainability of compliance-related processes, mitigate risk and manage ongoing costs."

    Compliant solutions?

    Widespread reports of IT directors being given greater leeway to spend on technology as evermore stringent business regulations have been imposed has encouraged vendors to offer many existing products as compliance ‘solutions'.

    But any notion of a solution is something of a stretch. When it comes to storing and managing data, being compliant means imposing certain standards across the organisation.

    And, frequently, different pieces of legislation demand different standards of storage and security around different data sets. There is no single solution to achieve this; instead organisations need to introduce standards of data and records management that can apply to a whole range of circumstances, say analysts at research group Gartner.

    The confusion does not just lie in conflicting rules. "Many organisations are spending too much on IT-related compliance work because they haven't clearly defined the scope of what's necessary," says Carol Rozwell, an analyst with industry adviser Gartner.

    Rozwell advocates IT taking a role in ensuring data integrity, but cautions that introducing point solutions for specific pieces of regulation risks adding unnecessary costs to the IT budget.

     

    About this research

    Information Age research is undertaken via questionnaire at its web site, www.infoconomy.com. Although the research may be sponsored by a supplier of IT goods and services, whose staff may provide specialist subject help to the Information Age team, the questions and the analysis remain under independent editorial control. This research on ‘Compliance pressures' was sponsored by Fujifilm, a leader in tape data storage.

     

     
     

    One approach to managing data to meet compliance needs has been the concept of information lifecycle management. At its heart, this model relies on storing data on media that is most appropriate to its organisational value. Vital customer data that is likely to be used frequently resides most naturally on high-end storage devices.

    As the data becomes older and accessed less regularly, it can be migrated to lower cost tape. However, when organisations need to rely on accessing that data in the future, they need to make choices about the reliability of that tape during high-volume, high-speed backup and archiving.

    Such an approach to data management can involve numerous vendors, from the storage hardware providers such as EMC, IBM and Hitachi Data Systems, to storage tape manufacturers like StorageTek and Fujifilm and storage software companies such as Computer Associates and Symantec.

    There is also a central role for auditors in assessing both compliance requirements and the degree to which an organisation satisfies relevant rules. But the key is to establish solid relationship: "Companies need to ask the consultants how [their organisation] can comply while consistently moving forward and changing their operations," says Christine Ross, principal analyst at Forrester Research.

    As that underscores, meeting regulations is not a one off event.

    Avatar photo

    Ben Rossi

    Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

    Related Topics