Storage vendors such as EMCand Hitachi Data Systemshave been pounding the tables of late, proclaiming that they have
the answer to the compliance bugbear that many corporations have been faced
with in the past couple of years with the passage — or pending passage —
of federal regulations that require documents to be saved for a definitive
period of time.
While many of these vendors are treating compliance with software solutions
under broader information lifecycle management (ILM) strategies, IBM
is taking a different tack. The company already had enough
of the technology pieces in place to create such solutions, but officially
put them to use at a time when concern over meeting regulations has perhaps
reached its pinnacle; with so many new rules in place, enterprises want to
steer clear of fines for non-compliance.
To wit, the Armonk, N.Y. systems vendor Wednesday drew the curtain on a
number of products and services targeted at helping corporate customers
manage their data in accordance with federal regulations from such bodies as
the Securities and Exchange Commission (SEC).
VeriSigngot in on the act, too, unveiling a security framework that can be tailored to support the Health Insurance Portability and Accountability Act of 1996 (HIPAA) for healthcare and life sciences companies.
Steve McLaurin, partner and certified information systems auditor of IBM’s
Business Consulting Services, said IBM has an advantage over rival vendors
because the company acquired a great deal of auditing mindshare when it
successfully acquired
consulting powerhouse PricewaterhouseCoopers last year. IBM is working with
such partners as iLumin, IXOS, KVS, Northrop Grumman, NuGenesis,
SearchSpace, Siemens and VeriSign in its compliance endeavor.
McLaurin said new services include:
- IBM Anti-Money Laundering Service — IBM and Searchspace have developed
a hosted utility solution to satisfy requirements of the USA Patriot Act of
2001, which holds that companies put a program in place to prevent and
detect money laundering
- IBM Email Archive and Records Management Service — IBM will help
provide financial services companies with a real-time archiving and records
management utility service for e-mail and instant messages to help customers
satisfy meet NASD and SEC regulations, including SEC Rules 17a-3, 17 a-4,
NYSE 342, 440, NASD Conduct Rule 3010/ 3110
- IBM DB2 Content Manager for Data Retention Compliance — software that
combines IBM DB2 Content Manager, DB2 Records Manager and DB2 CommonStore
and services with third-party software from iLumin to help companies meet
SEC and NASD regulations
- IBM Lotus Workplace for Business Controls and Reporting — software to
help manage information within companies in their efforts to comply with
compliance requirements, such as Sarbanes-Oxley, Sect. 404
Stan Lepeak, vice president of Professional Services Strategies at research
firm Meta Group, said no other vendor has as well rounded a portfolio for
compliance solutions as IBM at this point, noting that the company has taken
advantage of its PwC assets to package new services based on existing
infrastructure.
IBM Business Consulting Services (BCS) has also released a survey regarding
compliance in which the surveyors found that only one in ten surveyed CFOs
and financial executives view their internal controls as compliant with
Section 404 of the Sarbanes-Oxley Act today, which is eight months before
the compliance deadline. Lepeak said he believed the survey was accurate and
shows that IBM has been scrutinizing the effort as opposed to just throwing
solutions together from its vast pool of resources.
Meanwhile, across the country, Mountain View, Calif.-based service provider VeriSign Wednesday pledged to help companies articulate their management strategies with regard to new healthcare regulations such as HIPAA.
Based on VeriSign’s Intelligence and Control Services, VeriSign will design an information security program consisting of network security, application security, commerce security, and authentication services.
The goal is to grant more control to the customer so they can adapt to future regulations through simple configuration changes, rather than reconfiguring their entire network.
“Today’s healthcare companies face a difficult challenge. They must meet a series of rolling regulatory deadlines, train their people on these new rules, ensure that their partners, such as insurance firms, providers and hospitals, are also compliant — and they must do all this with shrinking resources,” said Ben Golub, senior vice president, VeriSign Security Services. “[We aim] to make the compliance process easier for healthcare providers.”
Other new IBM solutions for compliance include: - IBM Tivoli Storage Manager for Data Retention — expanded policy-based
data retention capabilities in this software provide non-rewriteable,
non-erasable storage controls to prevent deletion or alteration of data
stored using IBM Tivoli Storage Manager before the policy-based retention
criterion is satisfied - IBM TotalStorage FAStT EXP100 Storage Expansion Unit — a storage disk
expansion enclosure that utilizes Serial Advanced Technology Attachment
(SATA) disk drives - IBM TotalStorage Enterprise Tape Drive 3592 tape media and drives —
IBM will create a Write Once Read Many (WORM) media technology for the 3592
tape drive. With it, data on the cartridges can’t be overwritten. - IBM Asset Disposition Data Disposal — Disk Wipe Services to ensure
that proprietary information — financial or medical records — is not left
on disk drives
IBM counts ChartOne, i3 Archive, National Account Service Company, JPMorgan
Chase and Viewpointe Archive Services as customers it helps to meet
government requirements with regard to data management and retention.