Blog

Compliance data needs special treatment

Written By:
Published:
Content Copyright © 2007 Bloor. All Rights Reserved.

Those trying to implement solutions to improve the value and utilisation of the data received, as they work towards a goal of full information lifecycle management (ILM), will know that regulatory compliance is a pain, yet unavoidable.

One reason is that some of the information that needs to be retained on at least near-line storage in order to be compliant, may otherwise be archived. A second is that it may need to be kept in a different format from how it was received—or how it is best kept for the business itself—so some conversion work is needed. Third is that it has, in any case, to be identified as needed for compliance in the first place, and this may be hard to do.

However, the biggest threat to sensitive corporate data—including data needed for compliance—comes from insider attacks. These are particularly difficult to spot because the person carrying out the attack may well be an employee with security clearance that allows them to access the sensitive data.

Compliance with regulations set by governments is becoming an ever bigger issue and the most important aspect is being able to ‘prove’ that your company is not only retaining the appropriate sensitive data, but also that it has not been improperly accessed. Enterprises may find that, while they have a ‘theoretical’ set of compliance policies that meet the tick-boxes, when a real live court case arises, their ability to produce the right information is found wanting. So the need for compliance is one factor driving more stringent data security.

One product that concentrates on compliance archiving and the security aspects of this is Solix’s Enterprise Data Management Suite, within which is its ARCHIVEjinni version 4.0, which supports compliance.

The software uses its own central metadata repository supporting many applications and data types; being modular it can enable some functions but suppress others where the enterprise already has a solution. It provides support for both standard packages and custom-built applications, with pre-populated support for popular applications and a drag and drop configurator for rapid set-up for others.

The software is heavily oriented towards databases; among the more popular formats are Oracle EBS, PSFT and JDE, IBM’s DB2, Microsoft SQL Server and the Java DB connector (JDBC). It also has spin-off features such as DB partitioning and report archiving with search.

But perhaps the most interesting aspect is its policy-based data security. Features include data security masks to hide sensitive data based on enterprise policy and logging of data mark-up and structure changes in both the production and archive locations. Policies can also segregate duties while automation of the process improves efficiency. Solix’s software includes a secure test and development environment along with data archiving.

However, what this also illustrates for me is the enormous problem companies have in even considering how to go about properly handling all their incoming data. Regulatory compliance is only one aspect. All storage must be managed for the benefit of the organisation. I am waiting to hear of even one which has fully implemented a set of integrated and over-arching information management policies for identifying and acting on true information levels of value and risk.