archive data management - how compliant is your solution? part 1 of 2

25
Archive Data Management - How compliant is your solution? Presented by Jim Chadbourne ADM Compliance

Upload: ipexpo-online

Post on 18-Aug-2015

213 views

Category:

Technology


0 download

TRANSCRIPT

Archive Data Management - How compliant is your solution?

Presented byJim Chadbourne

ADM Compliance

2

• Many organisations today are faced with compliance regulations that impact their ability to store data effectively. This combined with data growth causes major headaches for the IT department who are being tasked with reducing costs whilst maintaining a compliant solution.

ADM Compliance

3

• Many organisations today are faced with compliance regulations that impact their ability to store data effectively. This combined with data growth causes major headaches for the IT department who are being tasked with reducing costs whilst maintaining a compliant solution.

• Whilst most of these organisations opt for archiving solutions to classify and store data in a compliant form, there are many implementations where the actual data is stored on non-compliant devices

ADM Compliance

The Information Challenges: Market is evolving

Hyper Information GrowthVariety, Volume and VelocityCapture, Collection, RetentionPreservation

The Information Challenges: Market is evolving

Hyper Information GrowthVariety, Volume and VelocityCapture, Collection, RetentionPreservation

Regulatory/Industry Compliance– Basel II, SOX, Euro-SOX, J-SOX– FRCP– PCI-DSS

The Information Challenges: Market is evolving

Hyper Information GrowthVariety, Volume and VelocityCapture, Collection, RetentionPreservation

Regulatory/Industry Compliance– Basel II, SOX, Euro-SOX, J-SOX– FRCP– PCI-DSS

New applications– Social Networking– On Demand applications – Cloud

The Information Challenges: Market is evolving

Hyper Information GrowthVariety, Volume and VelocityCapture, Collection, RetentionPreservation

Regulatory/Industry Compliance– Basel II, SOX, Euro-SOX, J-SOX– FRCP– PCI-DSS

New applications– Social Networking– On Demand applications – Cloud

Data multiplier effect– Backup, D/R, Test, Dev

The Information Challenges: Market is evolving

Hyper Information GrowthVariety, Volume and VelocityCapture, Collection, RetentionPreservation

Regulatory/Industry Compliance– Basel II, SOX, Euro-SOX, J-SOX– FRCP– PCI-DSS

New applications– Social Networking– On Demand applications – Cloud

Data multiplier effect– Backup, D/R, Test, Dev

Mergers and acquisitions

The Information Challenges: Market is evolving

10

Inability to produce critical information under punitive scenarios and deadlines

Runaway storage and infrastructure costs, with power, space andbudget challenges

Valued information is buried beneath too much unnecessary information(over-retained, duplicated, irrelevant)

No information visibility:to unlock what, why, where in a trusted accurate manner

The keep everything forever model has failed

Information Chaos Creates Many Challenges

11

Unnecessary InformationOver-RetainedIrrelevantDuplicated

Necessary InformationValuedHigh RiskCompliant

How much of your information is over-retained, irrelevant or duplicated?Three month study conducted by University of California confirmed that

90% of the data was never accessed after being stored on diskAnother 6.5% of the data was accessed only once

Why would you want to archive any information that is not necessary to keep?

Value of information: Information Life cycle

ApplicationDevelop / Test

InformationCreation / Use

InformationArchive / Retain

Freq

uenc

y of

Acc

ess

and

Use

Time

Born DigitalOver 90% of information is born digital … and the rest should become digital

ExpirationRoughly 95% has a retention policy …very little should be kept forever

Information Has a Lifespan… The Business Value of Information Changes Over Time

1. Can you identify what needs to be archived?

2. How do you make archive management and infrastructure choices?

3. Have you evaluated the level of compliance required throughout?

4. Is your information secure when shared or at rest?

5. Is your infrastructure optimized based on your retention?

6. Are you concerned with being able to do timely legal search (e-Discovery)?

7. Can you backup and recover your servers fast and reliably enough?

8. How are you addressing these requirements today?

What are your risks?

14

Compliance Initiative

Payment Card Industry Data Security Standard (PCI DSS)

• Protect stored cardholder data (#3)• Develop and maintain secure systems and

applications (#6)• Restrict access to cardholder data by business

need-to-know (#7)

15

Compliance Initiative

California Senate Bill 1386 (now California Civil Code 1798)

• SB 1386 requires organizations that lose private information of California residents to report the loss to affected individuals

16

Compliance Initiative

Sarbanes-Oxley Act (SOX) Section 404• Requires corporate management to take

responsibility for establishing and maintaining an adequate internal control structure and procedures for financial reporting

• Requires management to assess and report the effectiveness of the internal control structure and procedures for financial reporting

17

Compliance Initiative

EU Data Protection Act

• Appropriate technical measures must be taken against unlawful processing of Personal data and against accidental loss .. Including controlling access to information

0% 10% 20% 30% 40% 50% 60%

Limited or no abilityto classify data

Tape media costs &management

Meeting e-discoverydemands

Meeting compliancerequirements

Management

All data protection challenges Primary data protection challenges

Current Retention & Compliance process and technology challenges (ESG 2010)

Market trends stressing the IT environment

WW Digital Archive Capacity consists predominantly of file-based content (ESG)

12%

12%

76%

DatabaseeMailFile

Market trends stressing the IT environment

201 0 201 1 201 2 201 3 201 4 201 5

0

25 ,000

50 ,000

75 ,000

100 ,00 0

125 ,00 0

150 ,00 0

175 ,00 0

200 ,00 0

225 ,00 0

250 ,00 0

Pe

tab

yte

s

External Disk, 77K PBs62% CAGR

Tape, 61K PBs44% CAGR

Cloud, 30K PBs123% CAGR

Internal Disk, 57K PBs51% CAGR

WW File-based Archive Capacity will grow by 55% to 226,716 Petabytes by 2015, and, mostly stored on external disk (ESG)

Market trends stressing the IT environment

Regulatory climate is still a major catalyst• Legal / discovery requirements and audits drive accessibility• More industries will be impacted

Files still dominate• File location will change (social media, SharePoint.)• The database bet: retirement• Watch e-mail usage: will it be replaced?

Market trends stressing the IT environment

22

Services

Security & Access

Search

e-Discovery

Legal Holds

Archive

ILM System

Records Management

Disposition

Structured

Example Data Archiving Framework

Repositories

Policy Managem

ent

Compression / Encryption

Storage (Legal/SOX)WORM/SANHigher Cost

Storage (Business)VDisk, NAS, Tape, Vtape

Low Cost

Semi-StructuredApplications Unstructured

Arch

ive

Retri

eve

Arch

ive

Retri

eve

Arch

ive

Retri

eve

Arch

ive

Retri

eve

23

Services

Security & Access

Search

e-Discovery

Legal Holds

Archive

ILM System

Records Management

Disposition

Repositories

Policy Managem

ent

Compression / Encryption

Storage (Legal/SOX)WORM/SANHigher Cost

Storage (Business)VDisk, NAS, Tape, Vtape

Low Cost

StructuredSemi-Structured

Applications

Arch

ive

Retri

eve

Arch

ive

Retri

eve

Arch

ive

Retri

eve

Arch

ive

Retri

eve

Example Data Archiving Framework

Unstructured

24

CEO

CFOFinance

(High ROI)

CFOFinance

(High ROI)

VP Finance(COSO / Risk)0

VP Finance(COSO / Risk)0

Director(SOX, Basel II, etc)

Director(SOX, Basel II, etc)

CIOIT

(Support Biz Growth)

CIOIT

(Support Biz Growth)

VP IT(CobiT … Add Value)

VP IT(CobiT … Add Value)

Director IT(Storage)

Director IT(Storage)

Director IT(Messaging)Director IT

(Messaging)

COOOperations

(Support LOB Strategy)

COOOperations

(Support LOB Strategy)

VP LOB(Application Owner)

VP LOB(Application Owner)

Director LOB(Support Processes)

Director LOB(Support Processes)

Director LOB(Application Owner)

Director LOB(Application Owner)

Sr. Architect(Infrastructure Strategy)

Sr. Architect(Infrastructure Strategy)

Director LOB(Support Processes)

Director LOB(Support Processes)

Director LOB(Support Processes)

Director LOB(Support Processes)

CLOLegal

(Protect Enterprise)

CLOLegal

(Protect Enterprise)

General Counsel(Litigation Strategy

& Support)

General Counsel(Litigation Strategy

& Support)

Litigation Support(eDiscovery& Contracts)

Litigation Support(eDiscovery& Contracts)

Records Mgt(Holds, Retention, Physical)

Records Mgt(Holds, Retention, Physical)

Director IT(ECM Services)

Director IT(ECM Services)

Director(ERP)

Director(ERP)

Strategic Decision

“Implementing vertical or point solutions will greatly increase system complexity and cost and reduce our ability to execute in a timely manner as resources will be diluted across the various point solutions.”

CTOOperations

(Support IT Strategy)

CTOOperations

(Support IT Strategy)

Departmental decisions can also create silos

$ $ $$$

25

Introduction to IBM Information Archive