Regulatory Compliance and Unstructured Data

Unstructured, quickly changing, application-created files are where some of the biggest challenges of regulatory compliance lie. Vendors are starting to address that difficulty.

David Chernicoff

September 23, 2004

3 Min Read
ITPro Today logo in a gray background | ITPro Today

Ask the IT folks in charge of storage management about the types of data they're responsible for backing up and securing, and they usually reply that it's either database or email data. Although these are certainly the most common types of data that IT pros back up--and the types that put the highest demands on the IT department--such data typically consumes only about 50 percent of the storage in most corporate networks.

The other half of the data stored on most networks is what's referred to as "unstructured data"--application-created files such as spreadsheets, word processing documents, and PowerPoint presentations. Although much of this data resides on individual users' personal computers, some corporate policy typically calls for using network storage and backup to house and protect this unstructured data, which is usually an important part of the business process.

What most storage managers don't think about, however, is the potential necessity of protecting all that unstructured data in a fashion that's acceptable to an external regulator. With the advent of a variety of laws that protect consumer privacy and information, corporations might well be required to treat the data in these application files confidentially.

For example, patient information is covered by the Health Insurance Portability and Accountability Act (HIPAA), even if it's data used in a spreadsheet that only monitors hospital-supply consumption. Financial services also have some very stringent requirements that call for data to be stored--and easily available--for fairly long periods of time. For example, Securities and Exchange Commission (SEC) Rule 17a-4 requires records to be stored for 6 years, the first 2 years of which must be in "an easily accessible place."

Traditional tape-based backup and disaster recovery methodologies don't really address the constantly changing nature of unstructured data. Although daily email backup can easily protect all the email traffic on a server, unstructured data often changes much more quickly--not only in content, but also in location--as files are passed among users. A spreadsheet that was on Server A on Monday might be on Server B on Tuesday and Server C on Wednesday. Although your users might not need all those versions of the spreadsheet to be retained, regulations might mandate their retention.

Network Appliance (NetApp) wants to be the first vendor to provide an integrated technology that combines regulatory compliance features with standard backup and disaster recovery and makes locking down unstructured data simpler. NetApp's new LockVault software is designed to work on the company's disk storage servers to provide disk-to-disk backups. The basic idea is to provide a single technology that not only backs up the necessary data, but also meets the stringent regulatory requirements of many industries. LockVault does this by copying every block of data that was written since the last incremental backup and preventing it from being edited or deleted until a specified expiration date has been reached. To assure that the data is accurate for compliance needs, the product includes the NetApp Compliance Journal, which provides an unalterable audit trail for every secure backup.

NetApp believes that this approach provides further justification of disk-to-disk backup, giving users more detailed control and information about their stored data and a more cost-effective methodology than traditional enterprise-class tape backup solutions. LockVault integrates with NetApp's existing backup solutions and includes support for write once, read many (WORM) as well as direct disk-to-disk backup.

Regulatory compliance is becoming the 800-pound gorilla of IT operations, and anything that simplifies meeting these often complex and arcane requirements is worth an IT pro's evaluation.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like