News Stay informed about the latest enterprise technology news and product updates.

Compliance: Fear and loathing in 2004

IT departments struggled with vague rules, lurking auditors and eager vendors on the road to becoming compliant. Too bad this is just the beginning.

This year, it's likely that IT managers would trade in all their holiday gifts to get the compliance grinches, I mean regulators, off their backs.

Compliance regulations such as the Health Insurance Portability and Accountability Act (HIPAA) for patient records and the Sarbanes-Oxley Act of 2002 (SOX) for financial records changed the way companies managed their data in 2004. Regulated companies spent a lot of time and money figuring out what data it had and what it needed to keep.

This led to confusion and anxiety because compliance language is not IT specific and better suited for lawyers and auditors. Many IT departments were left scratching their aching heads over compliance -- simply doing their best to manage, protect and archive their data.

But on the bright side, the effort to get compliant did help many IT departments put their shops in order and, in some cases, helped business and IT communicate better.

Here's a rundown of the top compliance-related news stories of the year.

Compliance -- a budget-buster in storage

The road to getting compliant was rocky in 2004 as users grew more and more impatient with vague and complicated rules, and were often confused about what products to buy.

In a poll in April, 51% of respondents said that "indecipherable rules and regulations" was their main compliance issue.

On the Nov. 15, deadline for SOX, companies were still uncertain if they were prepared, and were a little miffed at how much money they had to spend on compliance.

Vendors did their best to capitalize on this confusion throughout the year, introducing new compliance-related products for managing data.

Here are some of the big compliance-related storage acquisitions and product announcements that took place this year:

  • IBM introduced the all-in-one system TotalStorage Data Retention 450.
  • Hewlett-Packard Co. followed suit with archiving appliance Reference Information Storage System (RISS).
  • EMC Corp. and Sun Microsystems Inc. enhanced their hardware and software products for compliance.
  • Iron Mountain bought digital archiving company Connected Corp.
  • Veritas Software Corp. acquired e-mail archiving firm KVault Software Ltd. and discontinued its own Data Lifecycle Manager product.
  • AT&T became an e-mail outsourcer, joining other outsourcers such as Zantaz, Iron Mountain and BT Syntegra.
  • Compliance puts focus on entire security network

    SOX and HIPAA also had security managers under the gun in 2004 as they focused their efforts on protecting company records. As with storage, security managers were left befuddled by regulations that were vague and not IT specific, and spent most of the year determining what the violations were -- and how to avoid them.

    Click here for the lowdown on the security implications of SOX.

    HIPAA was also a cause for stress and late nights for security managers. A common complaint at health care organizations was the lack of communication between IT and business. Experts say that this resulted in too much of the HIPAA responsibility being placed on IT departments.

    But overloaded IT departments equates to dollar signs for vendors. Because of compliance, managing the entire network -- rather than just fighting off threats -- became more of a priority in security. As a result, security vendors that offer command and control services, such as identity management, security event management and vulnerability assessments, experienced the most growth this year.

    Many companies were unconvinced that they could handle compliance tasks on their own and enlisted outside help from security companies. This was a trend in storage as well, with companies outsourcing the management and archiving of their e-mail.

    Compliance brings business and IT together

    But compliance didn't always breed contention between IT and business in 2004. It often did the opposite. Compliance regulations affected IT, records management and upper level executives, and nothing brings people together better than a common problem.

    Compliance also gave IT a chance to shine. For the first time, the CEO's job and reputation depended on how well IT executed.

    Here's a list of stories on the IT/business relationship as it relates to compliance:

  • Survey shows SOX bringing IT, business together
  • CIOs, others bond over SOX
  • SOX auditor talks CIO accountability, red flags
  • Companies cry 'uncle' as compliance deadlines near
  • SOX Wars: CIOs share ideas, fears on Sarbanes-Oxley compliance

  • An ongoing challenge

    Companies are just getting used to compliance, so the learning curve for IT departments will continue in 2005. But for all the time, effort and money spent on compliance this year, it may have finally given IT what it has been craving for a long time -- respect.

    But IT will have to keep earning that respect because, unlike Y2K, compliance will not disappear after New Year's Eve.

    Dig Deeper on Oracle support services

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.