Post-SOX storage headache leaves firms dizzy

Stricter regulations such as the Sarbanes-Oxley Act and Basel II have left businesses unsure as to how they should be storing data and exactly what they should be keeping.

More than half (52 per cent) of the European IT directors surveyed by research firm Vanson Bourne are unsure of the effect compliance will have on their data storage strategy.

Just over a quarter (27 per cent) of respondents, predominantly in the tightly regulated financial services sector, agree that compliance is forcing the data storage issue.

Gary Smith, CEO and president of Ciena, which commissioned the study, attributed some of the uncertainty to the European focus of the survey, given many companies are not yet bound be new legislation, though any with a US listing certainly need to be on top of the SOX issue already.

“Legislation is a key factor propelling the deployment of data storage solutions for business continuity and disaster recovery applications in the US. However, it is not surprising that IT directors in Europe differ in opinion on the importance of this issue," said Smith in a statement.

Analyst house Gartner expects compliance-specific IT spend within large enterprises to hit around $2.5m per company, with storage and security likely to account for large slices of that particular pie. With a lot of basic compliance spend back in 2004, IDC expects total storage spend globally to increase a modest five per cent to $27.3bn.

Speaking to silicon.com before the SOX deadline hit on 15 November 2004 one storage solutions vendor said the greatest confusion existed over what to keep and what not to keep.

Mark Ellis, CA's director of storage and information management, said many companies will be tempted to keep everything and at least by doing so know they've kept the right things

But Ellis likened such a reaction to a "rabbit caught in the headlights".

"Legal compliance is not about what you need to keep, it's about knowing what you can delete," said Ellis.

Ciena's Smith echoed this need for "IT directors, as well as executive management, to be educated about data retention" to steer their businesses through the common pitfalls of either doing too much or too little.