RealTime IT News

Obama, Dems Could Mean New Compliance Regs

Capitol hill

Just as accounting scandals earlier this decade led to new regulations like Sarbanes-Oxley , last year's global financial meltdown coupled with Democratic control of the White House and Congress seems like a recipe for a host of new compliance regulations — and thus more business for storage vendors and more work for storage administrators.

But the changes won't stop with an Obama presidency and the 111th Congress. The leaders of the Group of 20 industrial and emerging countries (G-20) have been meeting to consider global regulations aimed at raising bank capital standards and regulating hedge funds, with European leaders at the forefront of the new financial market regulation.

While it might be years before all this results in any kind of international consensus, another round of regulation is almost certainly at hand.

"It is extremely likely that we will see more regulation in the financial markets as a result of the current economic crisis," said Brian Babineau, an analyst with Enterprise Strategy Group. "In addition, a Democratic president with a Democratic legislation is likely to increase regulation on other industries, including healthcare. The interesting thing to watch will be what rules are put into place when the government bails out other industries like the automotive sector."

Regulations to improve corporate governance and transparency will likely be at the forefront of regulatory efforts, which will have consequences for data storage and management.

"An increased focus on governance usually means that companies will have to create more business records and save them for extended periods of time," Babineau said. "Because much of today's business records are created electronically, this should drive storage demands."

A few years ago, for example, legislation such as Sarbanes-Oxley (SOX) and SEC Rule 17a-4 raised the importance of information storage in auditing, as organizations were forced to save more data for longer periods of time. SEC Rule 17a-4, in particular, included a non-eraseability and non-rewriteability requirements for storing business records. This opened the door to disk-based storage, moving archival storage beyond optical or tape systems.

"While many view 17a-4 as a financial services industry-specific rule with limited influence outside of Wall Street, the reality is that this regulation instantiated disk as suitable medium for the strictest record retention regulations," Babineau said. "As such, companies began altering archiving strategies from ones that centered on backup software and tape or optical devices to ones that incorporated purpose-built archive software and disk systems. Compliance officers, records managers, internal auditors, corporate counsel and other business constituents joined IT in making these investment decisions, and storage was now on their radar screen."

Audit logging could be targeted

SOX and other regulations like FRCP stimulated interest in the archive and nearline disk market and exposed tape media's shortcomings for meeting search and audit requests.

[cob:Special_Report]"Generally, additional regulation mandates that organizations have to demonstrate their ability to reproduce transactional records within a specified timeframe when requested," said Brian Kelly, an executive at Ernst and Young Global Ltd. "After the failure of some major organizations to respond to such audit requests, an overhaul of the archival process was mandatory."

This led storage vendors to introduce disk-based nearline storage products as well as regulatory compliance-specific products such as EMC (NYSE: EMC) Centera Compliance Edition. That effectively began the trend toward a tiered hierarchy, with disk occupying at least tier one and two, with tape relegated to either tier three or off-site archiving.

"A new storage tier was introduced, and even within the nearline category, different storage technologies are delivering different [service-level agreement ] to respond the relevant regulation," Kelly said. "Additionally, advanced search tools were introduced to limit manual intervention in responding to any audit request."

He points out one further area where current storage solutions tend to fall short, or which organizations generally do not do enough: logging.

"I have encountered many situations where logging is either not enabled or is limited and overwrites itself in a very short period of time," Kelly said. "This makes troubleshooting and investigation very difficult ... if not impossible."

Page 2: Compliance tax?