A research firm specializing in covering the data storage industry said there are definite upsides to all of the red tape and heightened concerns behind accounting and other regulations in the market -- about $6 billion worth of upsides.
The Milford, Mass.-based Enterprise Storage Group has conducted a study on the impact compliance has on information management and has determined that the market to exploit it could be worth as much as $6 billion for compliance-related storage products and services over the next 4 years.
This burgeoning market can be attributed in part to the exposure of corporate fraud that has shaken the core of the financial industry in the last few years. The cases of WorldCom, Enron and Arthur Andersen come immediately to mind and, while there have been new financial reporting rules aimed at deterring corporate fraud -- Sarbanes-Oxley, compliance also extends to the healthcare industry in the form of HIPAA (The Health Insurance Portability and Accountability Act) rules.
Enterprise Storage Group Senior Analyst Peter Gerr said myriad factors entered into the equation that led his research team to come up with the $6 billion figure. But two that stand out are the increasing abundance of information at a time when the digital age is replacing hard copy, or manual information dissemination, and the duration of how long that information must be saved under regulatory compliance from the U.S. government. This is called information lifecycle management.
"There are myriad ways to meet compliance regulations, but a common thread is through technological requirements," Gerr told internetnews.com. "This doesn't apply to just the storage systems guys, but to other IT vendors as well. What's happening is more data is being created and it needs to be managed. For example, when you consider HIPAA compliance, it calls for patient info to be kept from birth to age 21 -- plus two years after their death. That means the hospitals can't throw it away and this requires some measure of storage, whether it be disk-based, tape or optical."
Gerr said hospitals may choose to move data from disk storage to less costly tape or optical systems, but the fact remains that there needs to be enough storage capacity in place -- in the case of numerous patient records probably terabytes of data -- to allow this. Still, Gerr estimated that compliant records stored on disks will increase at a compound annual growth rate of 172 percent between 2003 and 2006. In general, the worldwide capacity of compliant records will increase at a compound annual growth rate of 64 percent between 2003 and 2006, he said.
In researching this report, titled, "Compliance: The effect on information management and the storage industry," Gerr talked to a number of storage vendors and was surprised to see how few actually were familiar with compliance laws, some of which go back to 1934.
"Whether you're talking about information from 1934 or 2004, it still has to be stored digitally. 10 years ago in the pharmaceutical industry, people scribbled in notebooks, but now it's become increasingly computerized," Gerr said.
This leads to another point about the faulty connection between compliance regulations and IT. Gerr said that because compliance is not what one would call a traditional IT sale, a storage vendor representative could walk into a doctor's office and a doctor would never have heard of say, Veritas or Network Appliance, or even EMC.
However, he said, EMC is now well positioned because it has taken charge of meeting compliance needs of medical and financial fields. The Hopkinton, Mass business has what Gerr called an ecosystem of partners. In one example, EMC has teamed with GE Medical and can walk into a doctor's office with a representative from that outfit, and the doctor will know GE Medical. This goes along way toward helping a storage vendor like EMC connect with folks bound by compliance rules.
To be sure, EMC has already addressed compliance storage needs. In April the firm launched a version of its Centera system with features tailored for compliance.
"EMC has done an exceptional job understanding regulations, and in spending time and energy to meet those regulations," Gerr said. "They have gone to market in a unique way by partnering with ISVs and application vendors who really control the sale to the compliance side. From a technology standpoint, they are not necessarily far ahead of other vendors, but from a time-to-market perspective they are and it makes it more difficult for Network Appliance, Hitachi Data Systems and StorageTek to follow on their heels."
Another interesting nugget, Gerr said, is that companies who adhere to compliance are by and large technology-agnostic: they aren't devoted to one particular technology so long as it meets regulatory approval. Gerr said the vendors who can bring compliant-tailored products and services to market fastest will succeed the most.
Sarbanes-Oxley addresses a different field altogether than HIPAA, but it is no less important as accounting scandals rocked the foundations of many businesses in the last few years. AMR Research said in a report early this month that public companies will spend up to $2.5 billion to comply with the Sarbanes-Oxley Act of 2002. The act requires executives and auditors to document and certify the effectiveness of internal controls and procedures related to financial reporting.
If that seems like a lot, it is. But it's just one of perhaps some 15,000 regulations Gerr said must be respected.