Compliance Threatened by Archiving Failures

A new study shows that many IT managers are not archiving data properly, which could mean they are failing to meet compliance regulations. And that could be costly to the business.
An IT manager knows he needs to archive his company's email communications, but he's working with a tight staff and an even tighter budget. Thinking he's found a great work-around, he lets his weekly data backups take care of the job.

The problem is his data isn't properly archived, so five years from now when lawyers need a specific email from late in 2005, he won't have any good way to get to it... or even to know exactly where it is.

And according to a new study, he's not alone.

A solid percentage of IT managers don't understand archiving so many of them are failing to do it properly, potentially compromising business compliance, according to a study commissioned by BridgeHead Software, a Woburn, Mass.-based storage management company.

Failing to comply with federal regulations, such as the Health Insurance Portability & Accountability Act (HIPAA) and Sarbanes-Oxley, leaves companies open to huge fines that could cripple a business financially.

''Seventy-eight percent of administrators say they archive data,'' says Patrick Dowling, a vice president with Bridgehead Software. ''But 29 percent say they archive manually and that tells us there's no automated, reliable and documented process. Another 35 percent said they archive but they use their backup software. That's a major tell-tale sign that the market has to do some education. People don't understand the issue.''

The study also shows that 23 percent of respondents say they do not archive data at all. Those who don't archive say retrieving a file from just three months ago becomes a crap shoot. Twenty percent say they don't know how long it would take to retrieve it. Ten percent say it would take more than a day, while 2 percent say it would take more than a week. And 6 percent admit they wouldn't be able to find it.

And why archive when a large percentage of administrators say their companies are 'unaffected' by the high-profile regulations that have filled the headlines and stretched the budgets of many IT shops.

Dowling told Datamation that 42 percent of respondents said there was 'no need' for compliance processes. That comes, according to Bridgehead, despite the fact that Sarbanes-Oxley affects half of U.S. companies and HIPAA regulations affect about a quarter.

''Someone somewhere is going to get sued or charged and the federal government will start to punish folks not in compliance,'' says Dowling. ''And there will be a realization that to be compliant you need to do more than you've been doing.''

But the study shows that those who are archiving aren't that focused on compliance issues either.

Only 15 percent of those polled said they were archiving because of regulatory compliance issues, reports Dowling. Another 10 percent are driven by corporate governance, 29 percent are trying to manage booming data growth and 40 percent say they archive because of disaster recovery and business continuity issues.

The trouble is that backing up data and archiving data are two separate things -- with different processes and different goals. Backing up data is designed to solve a recovery problem. Archiving is a management program for files over a very long period of time, typically across multiple media.

''Backups simply are not good enough to meet archiving requirements,'' says Dowling. ''People assume that part of [archiving] is putting data on tape, so backup technology must be good for that. But it's not. Backup is optimized for something different... They have not created a manageable environment for getting to data if they don't have advanced media management and if it's not organized to be viewed and managed across a long period of time.''






0 Comments (click to add your comment)
Comment and Contribute

 


(Maximum characters: 1200). You have characters left.