Compliance has become one of those pain points that many of today's CTOs must think about, and it is only going to get worse as 2010 progresses. Proposed Federal changes to how the banking, financial, automotive and medical sectors operate will surely lead to increased regulation around compliance. CTOs will need to react quickly once legislation changes how the game is played.
Compliance can be a complex process with auditing and validation being the most misunderstood and most convoluted part of the process. As many CTOs already know, compliance leads to auditing, which leads to accounting for every single data item that transverses the enterprise. The most complicated data element to audit tends to be anything related to communications, such as e-mail, instant messaging sessions, VoIP calls and video conferencing. Most have discovered these simple facts during a data discovery process, which is probably the worst time to discover failure to meet a compliance standard.
A good example of a product that provides a series of appliances and services to tackle these issues is Datacove from Tangent. Designed to help CTOs keep track of what was once impossible to track, electronic communications, the Datacove appliances index all those types of communications, including e-mail, instant messaging and VoIP. The trick here is that Datacove makes it easy to search for that information and generate discovery reports, as well as managing an archive process to reduce storage requirements and eventually retire data that is beyond the required retention dates.
Perhaps the biggest challenge when it comes to managing regulatory risk comes in the form of complexity. That complexity is unlikely to go away, and it is more than likely to increase. New technologies ranging from removable media, such as USB Key drives to social networking will affect compliance. Further complicating the issue is that most regulatory controls lag behind the pace of technology and are vague at best when it comes to the latest in IT solutions.
While most would like to envision compliance as a single encompassing solution, the truth of the matter is that it will take several technologies working in concert to meet the latest regulatory needs. CTOs will have to look at data leakage prevention, traditional security, auditing, business continuity and a few other technology areas to meet the requirements of compliance.
Arguably, the first place to start is with communications technology-knowing the when's, where's and content payload of messages is one of the biggest concerns when it comes to compliance, especially if e-discovery becomes part of the equation.