Five Initial Steps to Take to Meet the Governance, Risk and Compliance Obligations Brought on by Today's Big Data File Stores

The accelerating increase in the amount of unstructured Electronically Stored Information (ESI) is leaving IT organizations struggling with how to store and manage all of this new information. Aside from needing to provide the underlying storage infrastructure to host this amount of data, companies are also faced with the task of properly managing their Big Data file stores to meet both existing and emerging governance, risk and compliance (GRC) obligations. To do so, there are five initial steps they can take now to get their organization  in front of these demands.

According to a 2010 report by IDC, the amount of information created, captured or replicated has exceeded available storage for the first time since 2007. The size of the digital universe this year will be tenfold what it was just five years earlier. According to this same IDC report, the volume of unstructured ESI is expected to grow at over 60% CAGR (Compounded Annual Growth Rate).

Forrester Research adds some teeth to this. As reported in an article that appeared on Forbes website last week:

• The average organization will grow their data by 50 percent in the coming year
• Overall corporate data will grow by a staggering 94 percent
• Database systems will grow by 97 percent
• Server backups for disaster recovery and continuity will expand by 89 percent

Overseeing the expansion of storage space and ensuring that the data is protected has become a minor part of the overall task of Big Data file storage and management. Business stakeholders and the Information Technology (IT) organizations from enterprises of all sizes and across all industries must now comply with a growing list of GRC regulations or face potentially fatal financial penalties to the enterprise. 

The most obvious laws to which they are subject include:

• Sarbanes-Oxley (SOX)
• Health Insurance Portability and Accountability Act (HIPAA)
• Gramm-Leach-Bliley (GLBA)
• Federal Information Security Management Act (FISMA)
• Consumer Information Protection Laws
• Federal Rules of Civil Procedure (FRCP)

Further, the list of new regulations is growing. The passage of The Patient Protection and Affordable Care Act (PPACA) will result in the US Government adding 159 new agencies, programs, and bureaucracies to assist with the compliance of over 12,000 pages of new regulations. Over the past ten years, in response to the threat of international terrorism, the US Department of Homeland Security (DHS) has added hundreds of new regulations. Finally, cyber terrorism, including acts of deliberate, large-scale disruption of enterprise computer networks, is now a reality that all businesses must face.

In the face of this, Big Data file storage and management vendors, along with the associated industry consultants, have developed a list of hardware and software requirements and associated value propositions to help enterprise buyers decide which Big Data file storage and management platforms to purchase.

Yet before they buy, there are five steps that buyers should first take to ensure they are prepared to meet the GRC obligations brought on by today's Big Data file stores:

• Internal Collaboration: File management and GRC requirements affect business stakeholders from the boardroom to IT to the manufacturing floor and loading dock to the accounting office. The development of cross functional workgroups and the promotion of internal collaboration between functional experts is the key to successfully identifying, understanding and addressing all of the requirements and issues involved in Big Data file management across the entire enterprise.

• Network Architecture Planning:  Over the past 25 years, enterprise architectures grew with little or no planning resulting in wasteful redundancy and little or no access to all the enterprise data as may be required to comply by today's GRC requirements. The advent of the Internet and now cloud computing has exposed these decades of poorly planned networks resulting in them become more of enterprise liability than an asset. The time is now for IT to hit the restart button and explore new options such as virtualization, hybrid cloud architectures and the use of cloud service providers (CSPs) that enable them to better leverage, manage and optimize their existing infrastructure.

• Security:  The introduction and proliferation of portable storage devices, Wireless Internet, mobile computing devices, enterprise Software-as-as-Service (SaaS) applications, cloud storage, blogs and social media such as Facebook, LinkedIn and Twitter, data theft and cyber attacks are a real issue for which many (and arguably most) companies do not have a good answer. Now is the time for IT to take a serious look at their internal file access policies and move quickly to address any existing shortcomings.

• Data Retention Policy Development and Implementation: Sarbanes-Oxley (SOX), the Health Insurance Portability and Accountability Act (HIPAA) and the Federal Rules of Civil Procedure (FRCP) all have very specific data retention guidelines for what types of ESI data an enterprise has to keep and how long to keep it. Enterprises must investigate and document these requirements, development data retention policies and acquire the appropriate software to ensure compliance.

• Technology Vendors and Consulting Partners: Business stakeholders and IT management may be overwhelmed with the task of addressing the issues of successfully meeting the GRC obligations of big file storage and management. If this is the case, reach out to the hardware and software vendor community and ask how their solutions support these issues. If required, engage the services of vendor independent consulting partners to act as trusted advisors to assist in the successful navigation of the required cultural transitions and the acquisition of the best technology platforms.

The accelerating increase in the amount of unstructured Electronically Stored Information (ESI) has put IT on the defensive as it grapples with how to store and manage all of this new information. The traditional approach of simply "buying more," overseeing the expansion of available capacity and then ensuring that the appropriate backups are completed are woefully inadequate as these tasks are about to take a back seat to the much larger issues that Big Data file management creates.

Business stakeholders and IT need to act now to bring their infrastructure under control so they can them get in front of the growing list of existing and emerging GRC regulations to which they are subject. By following these five steps outlined above, enterprises will put themselves in a position so that when they purchase a product, they will have a good grasp of what their true enterprise challenges are and increase their likelihood of bringing in a product that addresses them.