This year, it's likely that IT managers would trade in all their holiday gifts to get the compliance grinches, I mean regulators, off their backs.
Compliance regulations such as the Health Insurance Portability and Accountability Act (HIPAA) for patient records and the Sarbanes-Oxley Act of 2002 (SOX) for financial records changed the way companies managed their data in 2004. Regulated companies spent a lot of time and money figuring out what data it had and what it needed to keep.
This led to confusion and anxiety because compliance language is not IT specific and better suited for lawyers and auditors. Many IT departments were left scratching their aching heads over compliance -- simply doing their best to manage, protect and archive their data.
But on the bright side, the effort to get compliant did help many IT departments put their shops in order and, in some cases, helped business and IT communicate better.
Here's a rundown of the top compliance-related news stories of the year.
Compliance -- a budget-buster in storage
The road to getting compliant was rocky in 2004 as users grew more and more impatient with vague and complicated rules, and were often confused about what products to buy.
In a SearchStorage.com poll in April, 51% of respondents said that "indecipherable rules and regulations" was their main compliance issue.
On the Nov. 15, deadline for SOX, companies were still uncertain if they were prepared, and were a little miffed at how much money they had to spend on compliance.
Vendors did their best to capitalize on this confusion throughout the year, introducing new compliance-related products for managing data.
Here are some of the big compliance-related storage acquisitions and product announcements that took place this year:
Compliance puts focus on entire security network
SOX and HIPAA also had security managers under the gun in 2004 as they focused their efforts on protecting company records. As with storage, security managers were left befuddled by regulations that were vague and not IT specific, and spent most of the year determining what the violations were -- and how to avoid them.
Click here for the lowdown on the security implications of SOX.
HIPAA was also a cause for stress and late nights for security managers. A common complaint at health care organizations was the lack of communication between IT and business. Experts say that this resulted in too much of the HIPAA responsibility being placed on IT departments.
But overloaded IT departments equates to dollar signs for vendors. Because of compliance, managing the entire network -- rather than just fighting off threats -- became more of a priority in security. As a result, security vendors that offer command and control services, such as identity management, security event management and vulnerability assessments, experienced the most growth this year.
Many companies were unconvinced that they could handle compliance tasks on their own and enlisted outside help from security companies. This was a trend in storage as well, with companies outsourcing the management and archiving of their e-mail.
Compliance brings business and IT together
But compliance didn't always breed contention between IT and business in 2004. It often did the opposite. Compliance regulations affected IT, records management and upper level executives, and nothing brings people together better than a common problem.
Compliance also gave IT a chance to shine. For the first time, the CEO's job and reputation depended on how well IT executed.
Here's a list of stories on the IT/business relationship as it relates to compliance:
An ongoing challenge
Companies are just getting used to compliance, so the learning curve for IT departments will continue in 2005. But for all the time, effort and money spent on compliance this year, it may have finally given IT what it has been craving for a long time -- respect.
But IT will have to keep earning that respect because, unlike Y2K, compliance will not disappear after New Year's Eve.