Data protection rules and regulations - what does compliance mean and how do you achieve it? (page 2 of 2)

For example accounting or financial data will need to be treated differently to personal information about customers, which in turn will need to be treated differently from email etc.

An important part of achieving compliance is to understand what data exists where. In many Windows environments this is very difficult as data of different types can exist on many servers in many different locations.

VERITAS' StorageCentral can help by allowing an organisation to centrally report on all their file-based data across their entire Windows infrastructure. An organisation can report on file types, location, age, where they reside and far more. It also helps in identifying data that may not be getting backed up within the guidelines of a particular regulatory mandate.

This information enables an organisation to apply policies on how they treat the differing types of data and to organise that data more logically to make achieving compliance easier.

Protecting the Data
The next stage is to ensure that all the data identified by StorageCentral and data existing in databases such as SQL and Exchange gets backed up.

VERITAS Backup Exec and its agents and options can ensure that all the data is getting backed up with sufficient frequency and that there are enough copies of data for long term archiving.

Another important part of protecting the data for regulatory purposes is ensuring that all data is protected. This includes data outside the data centre in remote offices and on user's desktop and laptop machines.

Remote office data can be protected centrally through VERITAS Storage Replicator by replicating all the file based data back to headquarters so that it can be centrally backed up by Backup Exec.

Backup Exec's Desktop and Laptop Option ensures that end user's changed data is automatically copied to shared folders on the network which are in turn backed up by Backup Exec.

Long term compliance
One of the biggest challenges for long term compliance is to ensure that data is kept for a sufficient length of time, can be easily found and readily accessed when needed. This needs to apply to both file and email data.

The other challenge here is to do this cost effectively. If you look at the amount of data that needs to be retained long term, to keep it all on a high performance primary data store would be a very expensive answer. This is where the concept of the Data Lifecycle can help.

When data is created it has a lifecycle, i.e. a period of time that it has to exist before in can be destroyed. This is often driven by regulatory data protection mandates.

During its lifetime this data will generally have changing value. For example, the data created when an online order for goods or services is placed is more valuable prior to the order being fulfilled than once the order has gone out and payment has been received from the customer. Once at this stage that data's value is less and it is not likely to be accessed again frequently, yet it still needs to be retained.

Using this concept it makes sense to move less valuable, less frequently accessed data to cheaper nearline storage, rather than keep it on the primary data store. This is a more efficient and cost effective approach.

However, compliance means that this data still needs to be easily retrievable and accessible. The same applies to email and messenger data.

VERITAS' recent acquisition of KVS, the market leading email archiving company, has helped here. Their Enterprise Vault product allows the creation of policies for archiving of email, file system and SharePoint Portal data. There is also the capability for indexing and fast retrieval to help with compliance.

Where StorageCentral has discovered Microsoft PST files it can also handle the archiving of these.

In summary, compliance can't be ignored but by understanding the organisational impact of the different rules and regulations an organisation now has the tools at its disposal to help make achieving.