A research firm specializing in covering the data storage industry said
there are definite upsides to all of the red tape and heightened concerns
behind accounting and other regulations in the market — about $6 billion
worth of upsides.
The Milford, Mass.-based Enterprise Storage Group
has conducted a study on the impact compliance has on information management
and has determined that the market to exploit it could be worth as much as
$6 billion for compliance-related storage products and services over the
next 4 years.
This burgeoning market can be attributed in part to the exposure of
corporate fraud that has shaken the core of the financial industry in the
last few years. The cases of WorldCom, Enron and Arthur Andersen come
immediately to mind and, while there have been new financial reporting rules
aimed at deterring corporate fraud — Sarbanes-Oxley, compliance also
extends to the healthcare industry in the form of HIPAA (The Health
Insurance Portability and Accountability Act) rules.
Enterprise Storage Group Senior Analyst Peter Gerr said myriad factors
entered into the equation that led his research team to come up with the $6
billion figure. But two that stand out are the increasing abundance of
information at a time when the digital age is replacing hard copy, or manual
information dissemination, and the duration of how long that information
must be saved under regulatory compliance from the U.S. government. This is
called information lifecycle management.
“There are myriad ways to meet compliance regulations, but a common thread
is through technological requirements,” Gerr told internetnews.com.
“This doesn’t apply to just the storage systems guys, but to other IT
vendors as well. What’s happening is more data is being created and it needs
to be managed. For example, when you consider HIPAA compliance, it calls for
patient info to be kept from birth to age 21 — plus two years after their
death. That means the hospitals can’t throw it away and this requires some
measure of storage, whether it be disk-based, tape or optical.”
Gerr said hospitals may choose to move data from disk storage to less costly
tape or optical systems, but the fact remains that there needs to be enough
storage capacity in place — in the case of numerous patient records
probably terabytes of data — to allow this. Still, Gerr estimated that
compliant records stored on disks will increase at a compound annual growth
rate of 172 percent between 2003 and 2006. In general, the worldwide
capacity of compliant records will increase at a compound annual growth rate
of 64 percent between 2003 and 2006, he said.
In researching this report, titled, “Compliance: The effect on information
management and the storage industry,” Gerr talked to a number of storage
vendors and was surprised to see how few actually were familiar with
compliance laws, some of which go back to 1934.
“Whether you’re talking about information from 1934 or 2004, it still has to
be stored digitally. 10 years ago in the pharmaceutical industry, people
scribbled in notebooks, but now it’s become increasingly computerized,” Gerr
This leads to another point about the faulty connection between compliance
regulations and IT. Gerr said that because compliance is not what one would
call a traditional IT sale, a storage vendor representative could walk into
a doctor’s office and a doctor would never have heard of say, Veritas or
Network Appliance, or even EMC.
However, he said, EMC is now well positioned because it has taken charge of
meeting compliance needs of medical and financial fields. The Hopkinton,
Mass business has what Gerr called an ecosystem of partners. In one example,
EMC has teamed with GE Medical and can walk into a doctor’s office with a
representative from that outfit, and the doctor will know GE Medical. This
goes along way toward helping a storage vendor like EMC connect with folks
bound by compliance rules.
To be sure, EMC has already addressed compliance storage needs. In April the
a version of its Centera system with features tailored for compliance.
“EMC has done an exceptional job understanding regulations, and in spending
time and energy to meet those regulations,” Gerr said. “They have gone to
market in a unique way by partnering with ISVs and application vendors who
really control the sale to the compliance side. From a technology
standpoint, they are not necessarily far ahead of other vendors, but from a
time-to-market perspective they are and it makes it more difficult for
Network Appliance, Hitachi Data Systems and StorageTek to follow on their
Another interesting nugget, Gerr said, is that companies who adhere to
compliance are by and large technology-agnostic: they aren’t devoted to one
particular technology so long as it meets regulatory approval. Gerr said the
vendors who can bring compliant-tailored products and services to market
fastest will succeed the most.
Sarbanes-Oxley addresses a different field altogether than HIPAA, but it is
no less important as accounting scandals rocked the foundations of many
businesses in the last few years. AMR Research said in a report early this
month that public companies will spend up to $2.5 billion to comply with the
Sarbanes-Oxley Act of 2002. The act requires executives and auditors to
document and certify the effectiveness of internal controls and procedures
related to financial reporting.
If that seems like a lot, it is. But it’s just one of perhaps some 15,000
regulations Gerr said must be respected.