EnterprisingCIO - unleash tech potential | Enterprising Club

Manish: The criticality of conformance to compliance can be best understood if we have a look at some of the corporate disasters that were witnessed recently. The most recent one being in India, SEBI has initiated adjudication proceedings against 20 companies for non-compliance with Clause 49 (which deals with corporate governance) norms under their listing agreement with the stock exchanges. Additionally, we can also quote examples of financial malfeasance like Enron, WorldCom, Tyco Global and Computer Associates, each of which have been highly publicized corporate disasters due to fraudulent accounting practices.

Moreover, increasing globalization of businesses, cyber crimes and data theft scandals (Indian IT and BPO industry) and increasing terror attacks have also compelled organizations to introduce measures/policies to protect their business data.

Compliance has witnessed its transition from just being a buzzword that the whole world was talking about, into becoming an imperative survival issue for the corporate world today. Fines, penalties, legal hassles and worst of all; loss of reputation for non-compliance are driving companies to pay heed to this issue on a serious note. Almost all the corporate regulatory bodies, both in India and abroad have been emphasizing to introduce mechanisms which will force the business houses to commit to better corporate governance. Compliance rules could originate from various sources including government regulations, corporate governance requirements, and internal company policies, among others.

Almost all the Indian companies doing business with NASDAQ listed companies fall under the purview of SOX (Sarbanes Oxley Act). BPO companies in India are legally obliged to abide by the regulations that their clients follow-Sarbanes Oxley Act, Gramm Leach Bliley act, EU Data Protection Act, HIPAA etc. Specific regulations in India mandate how companies need to manage and store their information assets. These include- The IT ACT, The Indian Evidence ACT and SEBI Clause 49. In the banking vertical, one of the most important regulatory compliance is Basel II (RBI has specified that all banks have to confirm to the Basel II guidelines). Similarly, a pharmaceutical manufacturer has to comply with 21 CFR Part 11. In addition, there are broad-based compliance standards that apply to organizations irrespective of the industry vertical.

Manish: EMC had understood that as organizations in India prepare themselves to compete in the global economy, they will have to focus on building intelligent information infrastructures to extract maximum business value for their information assets, improve service levels, position their organizations for growth and change, comply with national and international regulations for data archival, data protection etc, protect key information assets and attain newer watermarks of efficiency, security and productivity. Organizations need to ensure that the required people process and technology are in place to enable compliance. Fines, penalties, legal hassles and worst of all; loss of reputation for non-compliance are driving companies to pay heed to this issue on a serious note.

Conformance to compliance will drive the next wave of IT investment by enterprises in India. In today’s Compliance scenario, Information storage, management and protection has become the most pressing issue which businesses across verticals like Telecom, BFSI, BPO/ITES, Healthcare and even the Government has to deal with. Compliance is also dependent on the type of organization. For example, a pharmaceutical manufacturer will be required to comply with 21 CFR Part 11, a financial services organization will need to comply with Basel II or a healthcare organization may need to comply with HIPAA regulations. In addition, there are broad-based compliance standards that apply to organizations irrespective of the industry vertical. Thus regulatory compliance requirements cover all industry verticals, irrespective of their operations portfolio. Industry spending on compliance is forecasted to increase across all verticals- BFSI/IT-ITES, Telecom, retail etc, in near future.

Though there are no India specific figures available, however, according to an IDC Survey, the worldwide information management for compliance market will cross the $20 billion mark in 2009 growing at a compound annual growth rate of 22 percent through the 2005-2009 forecast period.

Manish: Compliance regulations require information resources to be validated and verified; information becomes business critical and thus a critical component of the risk management strategy for businesses. Therefore, Companies need to invest in technology that ensures that the information is well protected and is made available within stipulated time whenever required. In this era of information economy, information is becoming mission critical day by day and storing, managing, protecting and optimizing information assets can add that streak of competitive advantage to businesses and at the same time, help organizations conform to various regulatory issues.

Digital information is booming at an explosive rate. The recently conducted study by IDC, The Expanding Digital Universe: A Forecast of Worldwide Information Growth Through 2010: puts forth that information that is created or captured and replicated in digital form amounted to 161** exabytes in 2006 and is forecasted to touch 988 exabytes mark by 2010, representing a CAGR of 57 percent. Moreover, organizations – including businesses of all sizes, agencies, governments, and associations – will be responsible for the security, privacy, reliability and compliance of at least 85% of the information, 30 percent of information today is potentially subject to security applications and 20 percent is subject to compliance regulations. And keeping in mind the volume and the growth of information, having a proper coherent policy framework can easily be ascertained.

Compliance is a broad topic and covers not just retention; again one of the popular perceptions in the industry. Compliance also encompasses factors like ability to retrieve data within the Recovery Point Objectives (RPOs) and Recovery Time Objectives (RTOs), ability to secure data against unauthorized access, the ease of portability of data in line with the technology changes and protection against accidental /fraudulent modifications.

Manish: EMC has specific solutions for compliance which enables organizations to address their most pressing compliance challenges while also improving business results by effectively managing information at every point in its lifecycle – from creation to final disposition.

EMC’s information lifecycle management (ILM) approach to compliance delivers specific offerings that enable organizations to achieve compliance as an integral part of a well managed information infrastructure. By approaching compliance as a part of Information Lifecycle Management (ILM) strategy - the discipline of managing data lifecycle to meet financial, competitive and regulatory goals - Organizations can build an information infrastructure and deploy best practices that enable information integrity, confidentiality and accessibility at every stage of information lifecycle. As a result, organizations can enhance their ability to comply with a broad range of information requirements, while also gaining operational, business, and financial benefits beyond compliance.

EMC Legato EmailXtender is a centralized data storage and retrieval system that makes enterprise e-mail easier to administer and use. It automatically moves data off the e-mail message server and into the storage system, capturing and indexing all incoming and outgoing e-mails.

EMC\'s EmailXtender product family delivers archiving and supervision of email and instant messages. Unlike products departmentally focused or limited to a single platform, EmailXtender is a highly scalable solution supporting all major messaging environments, including Microsoft Exchange and Lotus Notes/Domino.

EMC EmailXtender Archive Edition helps reduce storage costs and increase message server performance in Microsoft Exchange and Lotus Notes/Domino environments by automatically migrating email messages and attachments into a centralized message archive. With its patented single-instance storage technology, EmailXtender Archive Edition removes duplicate messages and then compresses messages for a compact message archive. Archiving keeps messaging server sizes small, which improves performance and reduces backup times. The archiving is completely transparent to users.

When EMC Legato EmailXtender is combined with EMC’s tiered networked storage, organizations can achieve increased operational efficiencies for day-to-day e-mail management and version upgrades and migrations using cost-effective storage platforms such as EMC Celerra network attached storage (NAS) or EMC CLARiiON CX with ATA. For fixed content archiving, corporate governance and regulated storage environments, EMC Centera, the world’s first content addressed storage (CAS) system, provides unique self-healing and authentication features

EMC also has EMC Proven Solution for E-mail Archiving, uniting leading e-mail archiving functionality from its Legato Software division with the industry’s most comprehensive lineup of tiered storage platforms. The solution addresses the business and regulatory requirements for e-mail compliance

EMC Proven Solution provides a unique three-tiered value proposition for customers. The e-mail archiving expertise of EMC Software and the tiered storage expertise, assessment and implementation of EMC combine in one solution for accelerated results. EMC Proven Solutions reduce customer risk and ensure faster deployment. Organizations can address their most pressing business challenges while lowering costs and improving service levels throughout the information lifecycle with EMC Proven Solutions.

Manish: There are no specific figures on the size of the email archiving marketing India. However the recently conducted study by IDC, The Expanding Digital Universe: A Forecast of Worldwide Information Growth Through 2010: puts forth that the number of e-mails sent grew three times faster than the number of people e-mailing; in 2006 just the e-mail traffic from one person to another – i.e., excluding spam – accounted for 6 exabytes and the volume is increasing continuously.

As we know, e-mails can be produced as legal evidence in the court of law, as per ‘The Evidence Act’. Compliance regulations require e-mails to be archived. Therefore, Companies need to invest in technology that e-mails are well protected, authenticated and are made available within stipulated time whenever and wherever required. Non conformance to compliance can lead to several legal hassles including penalties and also loss of reputation.