Upload
doanthuy
View
214
Download
1
Embed Size (px)
Citation preview
1
Governance, Risk & Compliance – ManagementCommitment; Building a GRC Aware Culture.
• Taveesak Saengthong, Thailand Country Manager, Hitachi Data Systems
© 2007 Hitachi Data Systems
Governance, Risk & Compliance - Management Commitment; Building a GRC Aware Culture
Taveesak SaengthongCountry ManagerHitachi Data Systems
3
Agenda
• GRC Challenges • GRC Enabler by Archiving • Lesson learn from world-class Archiving deployment
4
The Rise of Un-structured Data
• Office Files
– Documents, Spreadsheets, Presentations, Forms, Graphic Files
• Web Pages and Application Files
• Fee based content
– Movies, Music, IPTV, Games, Gambling, Education, Software downloads
• Social networking and content sharing
– On line dating, Networking, Work Spaces, Podcasts, and web casts
• Mapping
• Surveillance and Security camera images
• Medical Imaging
• Call Centre – Voice Transcription
• Check Processing
5
Retention Timeframes Are Getting Longer
Source: ESG
Retention timeframes by industry
Processing food
Manufacturing drugs
Manufacturing biologics
Life Science/Pharmaceutical
Records in original form
Medical records <18
Full life patient care
Health care HIPAA
Financial statements
Member registration
Trading account records
Financial services 17a-4
OSHA
Sarbanes - Oxley
Records
Records Original correspondence 4 years after financial audit
30 years from end of audit
End of account + 6 years
End-of-life of enterprise
3 years
Length of patient’s life + 2 years
From birth to 21 years
5 year minimum for all records
2 years after commercial release
3 years after distribution
5 years after manufacturing of product
1 2 3 4 5 10 15 20 25 50
6
Total Digital Archive Capacity, by Content Type – Worldwide (TB)
30,000,000
20052006 2007 2008 2009
2010
25,000,000
20,000,000
15,000,000
10,000,000
5,000,000
0
The Changing Forms of Data
Database
Unstructured
8
Seeing Red: The Business Challenge
Feb ’05 Bank of America incident: lost backup tapes - 1.2 million federal employees credit cards affected
June ’05 Morgan Stanley incident:misplaced backup tapes containing critical email records; plaintiff seeking $2.7B in damages and govt. investigating non-compliance
April ‘05 watershed case of Zubulake vs. UBS Warburg - Federal jury mandated that UBS pay $29.2 million in damages
Significance: Placed burden of producing electronic evidence on companies issued with discovery
Result: Companies must proactively prepare for electronic discovery
9
Recent enforcement fines for electronic records and email
• October 4: NASD fined Oppenheimer & Co $800,000– “failures to respond to regulatory requests for information; failures to report
timely and accurately, thousands for municipal securities transactions; and failure to retain business-related internal email”
• Sept 19: NASD fines three companies of MetLife $5,000,000– “for providing inaccurate and misleading information to NASD, allowing late
trading of mutual funds, failing to produce emails in a timely fashion”
• Sept 13; NYSE fines Wachovia Corp $800,000– “failing to provide for the review and/or retention of certain email
communications…”
• March 2006: NASD fines Diversified Investors $2,200,000
“Experts” lining up to sell consulting and solutions
10
Email Server Document Management General Accounting Web Applications
Optical JukeboxTape Library NAS RAID Array
A Typical Enterprise Archive Environment Independent Silos
SMTP CIFS NFS HTTP
Data creation
applications
Lack of Scalability
No Search Across
Disparate Storage
Systems
Search #1 Search #2 Search #3 Search #4
11
Home Grown Application
MedicalImaging
Content Archive Platform:How it Works
• Supports multiple applications & content types
• Embedded full-text indexing and search
• High-performance, scalable, and secure storage
File System(HDPS)
Document management
Email Server (HDPS )
Discovery Module
12
P
21May212036
May
Active, Object-Based Archiving
AuthenticationPolicy-based object management guarantees archived data is authentic, available and secureGuards against corruption/ tamperingUser selectable hash algorithms include SHA-1, 256, 384 or 512; MD5 and RIPEMD-160
0 1 1 0 0 1 1 0 0 1 0 11 1 1 0 1 1 0 1 1 1 0 00 0 1 1 0 0 0 1 0 0 0 1
A
X X X X X X X X X X X XX X X X X X X X X X X XX X X X X X X X X X X X
RetentionPrevents file deletion before retention period expiresCan be set explicitly or inheritedDeferred retention optionCan set a Retention Hold on any file
ProtectionSelf-configuring and self-healing with automated policy enforcement, failover and ongoing integrity checksEnsures specified number of replica copies are maintained to tolerate simultaneous points of failureCan be set to maintain 2 to 4 internal copies depending on value of data
ShreddingEnsures no trace of file is recoverable from disk after deletionComplies withUS DoD 5520-M spec.
ReplicationObject based: Bi-directional, one to many, many to oneFiles, metadata and policiesReplicate data to alternative locations
Duplicate EliminationFind and inspect duplicatesRemove duplicates, maintains integrity
At-rest Data EncryptionProtects content from being recovered from stolen media using patented “Secret Sharing” technologyTransparently encrypts all content, metadata, and search indexImplements a distributed key management solution
13
DiscoveryOptional Advanced Search Capability
Navigators provide drill down by key terms, file type, and retention
View additional file system and archive metadata
Search Result Set
Support for: • 370 File Formats• 77 Languages • Full-text, metadata
and system data indexing
Set/Release Retention Hold
Export Results
14
Case Study : National Archives & Record Service, Korea
• NARS is Central Records Management office of Korea Govt.– Policy making for Records Management in Govt Agencies– Manage valuable records of the nation and preserve them for future generation– http://www.archives.go.kr/
• Achievement (as of 2007)– Spread Organization : 41 Government Agencies– Quantitative Achievement:
• Capturing 281,410,000 records • on-line records of 10TB
– Qualitative Achievement :• Securing authenticity of electronic records• Maximizing access of records
15
ArC
IngestionData production applications process and send satellite images to ArC via HTTP
Processing Cluster70 applications augmenting original data
with additional analysis and metadata
Access via HTTP Gateway
Archivas data preservation
Access via NFS Gateway
AccessResearch community
Decision Criteria of NASA :
• Open file system interface
• Ease of scalability
• Data ingestion performance
72TB solution (36TB protected)The environment:
• 72TB archive
• ArC archives data from Aura's Ozone Monitoring Instrument (OMI), which monitors the ozone and other chemical components in the Earth’s atmosphere.
Case Study : NASA’s scientific data
ArC gives me lots of flexibility in how I configure my storage. I can drop the cluster in and scale it to large amounts of storage.”
– Curt TilmesNASA Goddard Space Flight Center
“
16
ArC
IngestionCellomics Imaging & Processing application
Access NFS Gateway
AccessResearchers
Decision Criteria :• Open gateways - ease of
integration• Ability to support multiple
applications• Scalability to very large
capacities
The environment:
• 12TB archive, growing to 62TB
• Generating very large files from two applications –Cellomics and Perkin Elmer “Hoygens” microscopy
24TB solution (12TB protected)
Case Study: MIT - Computational & Systems Biology (CSBi)
Archivas data preservation
IngestionPerkin ElmerMicroscope Imaging
Just ordered: 100TB expansion (50TB protected)
CIFS
ArC Tools
17
ArC
IngestionRadiology applications send medical images (CT-SCANS, PET-SCANS, MRIs) to ArC via SMB
Access SMB Gateway
AccessDoctors and RemoteHospitals
Decision Criteria :
• HIPAA regulatory compliance
AuthenticationRetentionSecurity
• Multiple application support using standard interfaces
• Competitive price
The environment:
• 5TB archive
• CTRC sees approx. 450 outpatients a day
• Generating very large files from a number of imaging modalities
• 100% per year archive growth rate anticipated5TB solution (2.5TB protected)
Our doctors are always tracking the size of tumors. A patient could generate between 125 and 500 Mbytes of data, and we have about 15TB of data online…With ArC nobody will be able to change a record and we’ll on the fly be able to print a record out as needed... (EMC) Centera was more costly and didn’t do what we needed.”
– Mike Luter, CTO Cancer Therapy Research Ctr.
“
Case Study: Cancer Therapy Research Center (CTRC)
Archivas data preservation