The Business Case for Storage Networks
environments. Regulatory trends and recent legislation dictate the lengthening of
email retention policies, which in turn increases the TCO for storage.
Finally, a surge in demand for business process management (BPM) software
and ERP software add-ons designed to simplify the process of compliance with
complex regulations indicates businesses are coming to terms with compliance
with new legislation.
The Impact of Legislation on IT
Several new regulations and acts of legislation will likely increase the
corporate data growth rate and will most assuredly change the way companies
manage storage resources.
As the following examples indicate, the standard operating procedures of
business are changing, and the impact of these changes on ﬁnancial services and
healthcare business systems will be signiﬁcant, particularly on downstream
functions of the storage value chain (offsite data storage, storage-related
professional services, and so on).
Regulation Fair Disclosure
When the bull market of the late 1990s was capped off with the NASDAQ
crash and the deﬂation of the Internet bubble, a sobering and humbling string of
corporate scandals surfaced just in time to keep the bad news ﬂowing. With the
passage of Regulation Fair Disclosure in 2000, the SEC instituted, at least on
paper, the ﬁrst in a long series of efforts designed to limit the ability of the ﬁrm
and its management to run amok.
In this particular case, “Reg. FD,” as it came to be known, outlined a process
for limiting publicly traded companies’ exposure to the likelihood of insider
training. Although Reg. FD forced companies to make the same quality of data
available to both analysts and the public simultaneously, authorities did not seek
to actively prosecute violators until mid-2001 when cease-and-desist actions were
levied against several companies for both intentional and unintentional violations
of the regulation. Of course, these actions were obscured a short time later by the
activities surrounding the MCI-WorldCom and Enron scandals.
Chapter 1: Industry Landscape: Storage Costs and Consumption
To provide stringent guidelines for corporate governance and in direct
response to the debacles at MCI-WorldCom and Enron, the United States
Congress passed the Sarbanes-Oxley Act in the summer of 2002. In addition to
requiring senior corporate ofﬁcers to certify ﬁnancial reports (section 302),
blocking personal loans to executive personnel (section 402), and forcing the
documentation of internal processes and controls (section 404), the Sarbanes-
Oxley Act has potentially far-reaching ramiﬁcations to the way companies
One section of the law—section 409—has the potential to cause signiﬁcant
disruption in current data management policies. In particular, section 409 requires
enabling real-time disclosure of pertinent ﬁnancial data. The impact of this
legislation on businesses is such that requirements for storage capacity are likely
to increase. Interest in content-addressed storage (CAS) has already increased
primarily because of its capability to provide easy access to archived data based
on key words and content-speciﬁc retention requirements. Compliance with
Sarbanes-Oxley will increase sales of networked storage and CAS devices in the
Health Insurance Portability and Accountability Act of 1996
In addition to Sarbanes-Oxley, the Health Insurance Portability and
Accountability Act of 1996 (HIPAA), which serves to make available to every
patient in the United States his or her own medical records (“Protected Health
Information”), creates a standard interface for the transfer of medical data to
ensure privacy and security. HIPAA also establishes measures of accountability in
the healthcare industry. Not only does HIPAA complicate backup and retention
procedures, however, but it also increases storage consumption rates. As the
compliance dates approach, and even the smallest healthcare ofﬁces are required
to demonstrate some disaster contingency capabilities, storage sales will increase.