Wednesday, September 22, 2021

Compliance Threatened by Archiving Failures

An IT manager knows he needs to archive his company’s email

communications, but he’s working with a tight staff and an even tighter

budget. Thinking he’s found a great work-around, he lets his weekly data

backups take care of the job.

The problem is his data isn’t properly archived, so five years from now

when lawyers need a specific email from late in 2005, he won’t have any

good way to get to it… or even to know exactly where it is.

And according to a new study, he’s not alone.

A solid percentage of IT managers don’t understand archiving so many of

them are failing to do it properly, potentially compromising business

compliance, according to a study commissioned by BridgeHead Software, a

Woburn, Mass.-based storage management company.

Failing to comply with federal regulations, such as the Health Insurance

Portability & Accountability Act (HIPAA) and Sarbanes-Oxley, leaves

companies open to huge fines that could cripple a business financially.

”Seventy-eight percent of administrators say they archive data,” says

Patrick Dowling, a vice president with Bridgehead Software. ”But 29

percent say they archive manually and that tells us there’s no automated,

reliable and documented process. Another 35 percent said they archive but

they use their backup software. That’s a major tell-tale sign that the

market has to do some education. People don’t understand the issue.”

The study also shows that 23 percent of respondents say they do not

archive data at all. Those who don’t archive say retrieving a file from

just three months ago becomes a crap shoot. Twenty percent say they don’t

know how long it would take to retrieve it. Ten percent say it would take

more than a day, while 2 percent say it would take more than a week. And

6 percent admit they wouldn’t be able to find it.

And why archive when a large percentage of administrators say their

companies are ‘unaffected’ by the high-profile regulations that have

filled the headlines and stretched the budgets of many IT shops.

Dowling told Datamation that 42 percent of respondents said there

was ‘no need’ for compliance processes. That comes, according to

Bridgehead, despite the fact that Sarbanes-Oxley affects half of U.S.

companies and HIPAA regulations affect about a quarter.

”Someone somewhere is going to get sued or charged and the federal

government will start to punish folks not in compliance,” says Dowling.

”And there will be a realization that to be compliant you need to do

more than you’ve been doing.”

But the study shows that those who are archiving aren’t that focused on

compliance issues either.

Only 15 percent of those polled said they were archiving because of

regulatory compliance issues, reports Dowling. Another 10 percent are

driven by corporate governance, 29 percent are trying to manage booming

data growth and 40 percent say they archive because of disaster recovery

and business continuity issues.

The trouble is that backing up data and archiving data are two separate

things — with different processes and different goals. Backing up data

is designed to solve a recovery problem. Archiving is a management

program for files over a very long period of time, typically across

multiple media.

”Backups simply are not good enough to meet archiving requirements,”

says Dowling. ”People assume that part of [archiving] is putting data on

tape, so backup technology must be good for that. But it’s not. Backup is

optimized for something different… They have not created a manageable

environment for getting to data if they don’t have advanced media

management and if it’s not organized to be viewed and managed across a

long period of time.”

Similar articles

Latest Articles