Big Blue, VeriSign Ask: Do You Comply?

Storage vendors such as EMC and Hitachi Data Systems have been pounding the tables of late, proclaiming that they have
the answer to the compliance bugbear that many corporations have been faced
with in the past couple of years with the passage — or pending passage —
of federal regulations that require documents to be saved for a definitive
period of time.

While many of these vendors are treating compliance with software solutions
under broader information lifecycle management (ILM) strategies, IBM
is taking a different tack. The company already had enough
of the technology pieces in place to create such solutions, but officially
put them to use at a time when concern over meeting regulations has perhaps
reached its pinnacle; with so many new rules in place, enterprises want to
steer clear of fines for non-compliance.

To wit, the Armonk, N.Y. systems vendor Wednesday drew the curtain on a
number of products and services targeted at helping corporate customers
manage their data in accordance with federal regulations from such bodies as
the Securities and Exchange Commission (SEC).

VeriSign got in on the act, too, unveiling a security framework that can be tailored to support the Health Insurance Portability and Accountability Act of 1996 (HIPAA) for healthcare and life sciences companies.

Steve McLaurin, partner and certified information systems auditor of IBM’s
Business Consulting Services, said IBM has an advantage over rival vendors
because the company acquired a great deal of auditing mindshare when it
successfully acquired
consulting powerhouse PricewaterhouseCoopers last year. IBM is working with
such partners as iLumin, IXOS, KVS, Northrop Grumman, NuGenesis,
SearchSpace, Siemens and VeriSign in its compliance endeavor.

McLaurin said new services include:

  • IBM Anti-Money Laundering Service — IBM and Searchspace have developed
    a hosted utility solution to satisfy requirements of the USA Patriot Act of
    2001, which holds that companies put a program in place to prevent and
    detect money laundering

  • IBM Email Archive and Records Management Service — IBM will help
    provide financial services companies with a real-time archiving and records
    management utility service for e-mail and instant messages to help customers
    satisfy meet NASD and SEC regulations, including SEC Rules 17a-3, 17 a-4,
    NYSE 342, 440, NASD Conduct Rule 3010/ 3110

  • IBM DB2 Content Manager for Data Retention Compliance — software that
    combines IBM DB2 Content Manager, DB2 Records Manager and DB2 CommonStore
    and services with third-party software from iLumin to help companies meet
    SEC and NASD regulations

  • IBM Lotus Workplace for Business Controls and Reporting — software to
    help manage information within companies in their efforts to comply with
    compliance requirements, such as Sarbanes-Oxley, Sect. 404

Stan Lepeak, vice president of Professional Services Strategies at research
firm Meta Group, said no other vendor has as well rounded a portfolio for
compliance solutions as IBM at this point, noting that the company has taken
advantage of its PwC assets to package new services based on existing

IBM Business Consulting Services (BCS) has also released a survey regarding
compliance in which the surveyors found that only one in ten surveyed CFOs
and financial executives view their internal controls as compliant with
Section 404 of the Sarbanes-Oxley Act today, which is eight months before
the compliance deadline. Lepeak said he believed the survey was accurate and
shows that IBM has been scrutinizing the effort as opposed to just throwing
solutions together from its vast pool of resources.

Meanwhile, across the country, Mountain View, Calif.-based service provider VeriSign Wednesday pledged to help companies articulate their management strategies with regard to new healthcare regulations such as HIPAA.

Based on VeriSign’s Intelligence and Control Services, VeriSign will design an information security program consisting of network security, application security, commerce security, and authentication services.

The goal is to grant more control to the customer so they can adapt to future regulations through simple configuration changes, rather than reconfiguring their entire network.

“Today’s healthcare companies face a difficult challenge. They must meet a series of rolling regulatory deadlines, train their people on these new rules, ensure that their partners, such as insurance firms, providers and hospitals, are also compliant — and they must do all this with shrinking resources,” said Ben Golub, senior vice president, VeriSign Security Services. “[We aim] to make the compliance process easier for healthcare providers.”

Other new IBM solutions for compliance include:

  • IBM Tivoli Storage Manager for Data Retention — expanded policy-based
    data retention capabilities in this software provide non-rewriteable,
    non-erasable storage controls to prevent deletion or alteration of data
    stored using IBM Tivoli Storage Manager before the policy-based retention
    criterion is satisfied

  • IBM TotalStorage FAStT EXP100 Storage Expansion Unit — a storage disk
    expansion enclosure that utilizes Serial Advanced Technology Attachment
    (SATA) disk drives

  • IBM TotalStorage Enterprise Tape Drive 3592 tape media and drives —
    IBM will create a Write Once Read Many (WORM) media technology for the 3592
    tape drive. With it, data on the cartridges can’t be overwritten.

  • IBM Asset Disposition Data Disposal — Disk Wipe Services to ensure
    that proprietary information — financial or medical records — is not left
    on disk drives

    IBM counts ChartOne, i3 Archive, National Account Service Company, JPMorgan
    Chase and Viewpointe Archive Services as customers it helps to meet
    government requirements with regard to data management and retention.

  • News Around the Web