Compliance Management: All Roads Lead to the Data Center 2005 SHARE…

Compliance Management:
All Roads Lead to the Data Center
2005 SHARE Compliance Issues Survey Executive Summary

In recent years, there has been a bevy of new reporting requirements thrust upon businesses.
By some estimates, there are now more than 150 laws and regulations from federal, state,
international, and industry oversight bodies that impose some set of requirements on IT infra-
structures.

SHARE, in cooperation with its 2005 Alliance Vendors, recently surveyed 111 executives and
managers to assess the impact of compliance mandates on data center operations. SHARE's
2005 Alliance Vendors include American Power Conversion, Computer Associates, EMC
Corporation, Innovation Data Processing, Isogon: An IBM Company, ISPW BenchMark
Technologies Ltd., Luminex Software, Inc., Mainstar Software Corporation, and Siemon. The
survey was conducted by Unisphere Media, publishers of Database Trends & Applications and
SHARE's Data Center newsletter.



  Significant findings include the following:

Few organizations and their IT operations are being left untouched by
compliance mandates. The SHARE survey finds that 77% of participating enterprises
report that the recent spate of regulations has changed their development priorities. Not sur-
prisingly, the leading law affecting operations, cited by 56%, is the Sarbanes-Oxley Act. The
Health Insurance Portability and Accountability Act (HIPAA) is the second-leading law, cited
by 37%. 27% report they needed to respond to local and regional mandates to address com-
pliance. And 25% of respondents are impacted by requirements around the Federal
Information Security Management Act (FISMA).

Compliance efforts are translating into increased security, workflow
checks, and storage management. More than two out of three executives and man-
agers, 68%, report they have changed aspects of their data center management processes to
adapt to compliance measures. One out of four report this change process has been "signifi-
cant." The greatest change, the survey finds, has been in security measures, as reported by
59% of the responding executives and managers. 49% have changed their process workflows
to incorporate more levels of approval and increased documentation. Storage management is
another area respondents have been closely re-examining as part of their compliance strate-
gies. More than four out of ten enterprises, 41%, have added additional backup and recovery
capabilities to ensure the reliability of their systems.

Storage management has been the key area reshaped by compliance
mandates, the survey finds. The leading change in technology processes has been
around archive and purge solutions, cited by four out of ten respondents. About one out of
four IT executives and managers, 24%, are also examining hierarchical storage management
or tiered storage, in which data is staged from online disk to off-line tape.
Working with, and gaining the support of other business units across
the enterprise give executives and managers their greatest headaches
in meeting compliance mandates. The greatest challenges, as reported by survey
respondents, are organizational in nature. More than a third, 36%, report they have experi-
enced issues in securing funding for the new systems required to meet compliance mandates.
Another 34% say compliance is driving changes to their business processes, a task that often
falls beyond the scope of IT departments.

It's likely that companies have redirected funds originally earmarked
for other IT projects to satisfy compliance needs. It appears that much of the
compliance spending that is taking place within IT departments is off budget. A majority of
IT respondents, 65%, report they either have not received additional funding to help meet
mandates, or are uncertain if they did. However, most respondents still were forced to allocate
additional spending on hardware, software, or services. Almost three out of five had to
increase their IT spending to get new compliance-enabled systems in place (61% increased
headcount and 59% increased systems spending). It's likely, then, that this money came out of
IT budgets, putting other projects on hold.

For the most part, compliance budgets are relatively low. A majority of
companies in the survey, 51%, report spending no more than $250,000 for their compliance
efforts - essentially, the cost of two to three full-time staffers and additional support. However,
many companies have had to go out and purchase new systems and services to keep their com-
pliance management efforts on track, the survey shows.

For many organizations, compliance efforts have delivered additional
value in improving their operations. Close to half of the companies participating
in this survey, 49%, report that they expect to see a benefit from their efforts beyond simply
meeting the letter of the law. 22% percent of executives and managers report that their com-
pliance efforts have led to greater simplification and less redundancy in their data and appli-
cations. Another 21% report they are seeing better business intelligence/analytical capabilities.
Another 17% of respondents report that compliance has caused them to work more closely
with other departments, such as finance.

The organizations that are leveraging their compliance spending to
improve overall IT operations are more likely to have compliance
efforts led by IT executives and managers. The survey found those with larger
budgets and higher levels of spending are more inclined to view compliance as the opportu-
nity to fix other aspects of their operations. 49% of respondents represented "minimum com-
pliance" sites (those that do not see any benefits other than meeting the letter of the law) and
another 49% were "activists" (those that see benefit beyond compliance). To a large degree,
the Activists were more likely to be dealing with Sarbanes-Oxley, which has far more invasive
regulations that touch almost every aspect of corporate operations.
                                                                                                      Compliance
                                                                                                      Management:
To meet the challenges of compliance, enterprises are more closely re-examining and re-aligning       All Roads
their IT infrastructures with business processes, policies and rules. This SHARE survey finds that    Lead to the
                                                                                                      Data Center
compliance management has become more than just another "IT project." Rather, compliance is           is sponsored
evolving to a comprehensive and ongoing effort to transform business operations. Beyond meeting       by SHARE and
                                                                                                      produced by
the letter of the law, organizations are finding that compliance management efforts are delivering    Unisphere
benefits to businesses in the form of market, regulatory, and organizational changes.                 Media, LLC.