An IT manager knows he needs to archive his company’s email
communications, but he’s working with a tight staff and an even tighter
budget. Thinking he’s found a great work-around, he lets his weekly data
backups take care of the job.
The problem is his data isn’t properly archived, so five years from now
when lawyers need a specific email from late in 2005, he won’t have any
good way to get to it… or even to know exactly where it is.
And according to a new study, he’s not alone.
A solid percentage of IT managers don’t understand archiving so many of
them are failing to do it properly, potentially compromising business
compliance, according to a study commissioned by BridgeHead Software, a
Woburn, Mass.-based storage management company.
Failing to comply with federal regulations, such as the Health Insurance
Portability & Accountability Act (HIPAA) and Sarbanes-Oxley, leaves
companies open to huge fines that could cripple a business financially.
”Seventy-eight percent of administrators say they archive data,” says
Patrick Dowling, a vice president with Bridgehead Software. ”But 29
percent say they archive manually and that tells us there’s no automated,
reliable and documented process. Another 35 percent said they archive but
they use their backup software. That’s a major tell-tale sign that the
market has to do some education. People don’t understand the issue.”
The study also shows that 23 percent of respondents say they do not
archive data at all. Those who don’t archive say retrieving a file from
just three months ago becomes a crap shoot. Twenty percent say they don’t
know how long it would take to retrieve it. Ten percent say it would take
more than a day, while 2 percent say it would take more than a week. And
6 percent admit they wouldn’t be able to find it.
And why archive when a large percentage of administrators say their
companies are ‘unaffected’ by the high-profile regulations that have
filled the headlines and stretched the budgets of many IT shops.
Dowling told Datamation that 42 percent of respondents said there
was ‘no need’ for compliance processes. That comes, according to
Bridgehead, despite the fact that Sarbanes-Oxley affects half of U.S.
companies and HIPAA regulations affect about a quarter.
”Someone somewhere is going to get sued or charged and the federal
government will start to punish folks not in compliance,” says Dowling.
”And there will be a realization that to be compliant you need to do
more than you’ve been doing.”
But the study shows that those who are archiving aren’t that focused on
compliance issues either.
Only 15 percent of those polled said they were archiving because of
regulatory compliance issues, reports Dowling. Another 10 percent are
driven by corporate governance, 29 percent are trying to manage booming
data growth and 40 percent say they archive because of disaster recovery
and business continuity issues.
The trouble is that backing up data and archiving data are two separate
things — with different processes and different goals. Backing up data
is designed to solve a recovery problem. Archiving is a management
program for files over a very long period of time, typically across
multiple media.
”Backups simply are not good enough to meet archiving requirements,”
says Dowling. ”People assume that part of [archiving] is putting data on
tape, so backup technology must be good for that. But it’s not. Backup is
optimized for something different… They have not created a manageable
environment for getting to data if they don’t have advanced media
management and if it’s not organized to be viewed and managed across a
long period of time.”