In the past a sound storage policy meant that systems and critical data could be recovered quickly and easily. Mains concerns were cost and speed of the system. Little thought needed to be given to the security of the storage solution. But that's changing.
Federal regulations like HIPAA, NASD 3010&3110 and SEC Rule 17a-4 that directly address the storage of personal information and email communications require that companies take a closer look at the security of their storage infrastructure. Though some of the regulations, like 17a-4, have been around for years, they're being enforced more strictly due to scandals where email communications really mattered, as it did in the case of Enron.
Vendors, seeing an opportunity, have come out with a new segment, CAS (content-addressed storage) and a variety of tools and offerings to help companies comply with the requirements. Which is good news.
But before you go to a vendor to purchase, read through the regulations that affect your company's market segment and go to the vendor with a list of your own requirements. And then shop around. While regulations do affect what and how information needs to be stored, the most basic rule of storage thumb, still holds true: 'don't spend more to protect less.'
Posted by Diana at June 9, 2003 09:14 AM