Yes, You can Mix Business and Compliance Archival Data Stores
Sarbanes-Oxley, FRCP amendments, the FTC Red Flag Rules and the Payment Card Industry's Data Security Standard (PCI DSS) are just some of the many federal, state and local regulations with which businesses may need to comply. This does not even begin to factor in the need to satisfy the many internal governance policies and procedures with which they need to adhere to. Then even if they somehow manage to satisfy all of these compliance requirements, they still have pools of data that do not fall under any compliance or regulatory requirements, at least not at the beginning of the data's lifecycle.
There are a variety of reasons why businesses archive non-compliance data. Some of these include reductions in primary storage capacity and cost, decreasing the length of backup jobs by moving data out of the backup stream, optimizing the performance of production email stores and satisfying internal file and email retention policies. These business reasons generally vary from company to company depending on what they are trying to achieve with their archival environment.
The data stores that fall on the compliance side of the archival fence are usually determined by a specific regulation or an internal policy or rule as set or interpreted by their legal, HR or the quality & validation areas. Organizations are continually telling their IT departments about their business needs and that they must have archival systems in place that can support these new and continually evolving regulations. This places a huge burden on the IT organization because not only do they need to determine the best archival system to meet their business needs, they also must attempt to achieve an attractive ROI and TCO.
Most, if not all, archival environments start with some need, be it either compliance or non-compliance. However, forward-thinking IT managers need to remember that no matter which side of this fence they start out on, to satisfy both types of needs is critical to the future success of the environment overall. Even though in the beginning of a project there may not be a specific need for one or the other, having the flexibility to manage both is paramount. As an example, assume someone starts out just archiving normal business data, then some time passes and the company needs to comply with a new regulation or meet some unforeseen litigation requirement. It would be handy to push a button or flip a switch and have that data instantaneously become compliant.
Archival systems should also remain as flexible as possible in two important ways. The archival system should have open access so any client (Windows or UNIX) can access the data at any time using a standard, NAS protocol such as CIFS or NFS. But equally important, they also should have the ability to mix compliance archival data and normal business standard archival data in the same system at the same time.
Permabit's Enterprise Archive is the only such system that provides the flexible functionality of an online archival system while removing many of the obstacles that optical and tape environments present. Through its usage of standard disk drives for the archive, the system offers the following:
- It supports Read/Write and WORM volumes in the same system at the same time. Other systems may support one or the other but often can not support both types of archival data stores concurrently. Though some other systems do offer bolt-on functionality (at an additional cost) to deliver WORM, this approach is susceptible to the behind-the-scenes mounting of LUNs and/or file systems which can then access locked down data and modify it.
- It can convert a normal Read/Write volume to a WORM volume on the fly and in real-time. This provides a business with the flexibility to react quickly to litigation events or audits when the data was not originally locked down into a WORM volume.
- It provides robust retention mechanisms that can lock down data based on specific requirements such as file or folder type, the users or groups writing the data or it can even lock down an entire volume.
Few, if any, companies possess archival data that falls neatly under just the category of "business" or "compliance" data. It is far more likely that companies possess data that falls under both classifications so they need archival systems that can also satisfy both of these requirements. With the available features and functions found in Permabit Enterprise Archive, a company can feel secure that regardless of how they choose to begin archiving and what data they choose to archive, the system will support whatever their current and future needs are without the need to introduce a bolt-on solution at a later date for an additional cost.