Jul 11 ’11

Is Tape Your Best Solution for Compliance on the Mainframe?

by Andres Rivera-Cabal in Mainframe Executive

Reputation-damaging corporate scandals, such as the Enron case in 2001, have highlighted the need for stronger compliance and regulations for publicly listed companies. Compliance regulations—such as Sarbanes-Oxley, the Health Information Portability and Accountability Act (HIPAA), and the Gramm-Leach-Bliley Act—were created to ensure that financial, customer, and patient information is safeguarded and available for long periods of time.

With the continuing exponential increase of information, regulatory compliance is a big challenge for companies already seeking to reduce costs. These companies need reliable and affordable methods.

IT staff are challenged to manage the expanding tape storage hierarchy with existing resources and head count, and ensure efficient utilization and media optimization while showing consistent value to the business. Tape storage management operations have evolved by automating critical monitoring and analysis encompassing tapes, robotics, virtual tape systems, and tape management systems.

Unifying and optimizing tape management practices can reduce costs and complexity, improve support, and yield a powerful, easy-to-use solution. Users should then be able to select the “best” tape technology for their environment—without restrictions or vendor lock-in.

Tape technology remains the least expensive, most reliable option available for storing large amounts of data for long periods and an integral part of any compliance strategy, but there are several things you must first consider for compliance initiatives. Some examples include the need to reduce security threats and save money.

Here are a few points to consider to help you achieve compliance objectives and protect your information while reducing the demand for management resources.

Cost-effective data storage for long-term archiving. Using tape reduces the cost of data storage by approximately 30 to 40 percent over physical disk. Even with the newest disk technologies, the cost per gigabyte on a tape cartridge is still significantly less than keeping the information on disk. Since 2002, vast improvements in tape technology have appeared, including:

These advancements have helped ensure information is available and secure in case an audit is necessary for compliance purposes. Compliance regulations such as HIPAA dictate that information must be kept for at least 10 years, so tape will continue to be relevant to keep information secure and safe in case of an audit.

Storage media savings via tape media virtualization. In a typical tape environment, tape space utilization is well under 100 percent, which means you aren’t making full use of available space on tape and will need more media as data increases over time. More tapes require more resources to manage and maintain. Virtual tape technology dramatically reduces the number of tapes needed by letting you send backups to existing DASD devices as virtual tape volumes and then stack multiple virtual volumes to a single physical tape drive. This process achieves nearly 100 percent utilization of your physical tapes and significantly reduces the number of tapes being managed, transported and stored, delivering a big reduction in Total Cost of Ownership (TCO) and increasing the Return on Investment (ROI).

Virtual tape technology can be hardware or software-based, but software virtual tape solutions provide all the benefits of a virtual tape hardware solution while letting you minimize your energy footprint to save space, cooling, and electrical expenses.

Tape encryption. When moving tapes to remote locations for storage or disaster recovery purposes, it’s important to ensure the information can’t be accessed if a tape is lost or stolen. Tape encryption is among the most reliable solutions to keep information secure continuously and maintain more rigid compliance standards.

To keep critical information secure, companies usually send a copy of their physical tapes to a remote location using secure transportation services. Or, in the case of virtual tapes, information is sent using channel extenders or via TCP/IP. This can create vulnerability if physical tapes are lost or misplaced, and information passing through the network can be intercepted by unauthorized personnel. In these cases, it’s critical to keep information secure even if it falls in the wrong hands. Encrypting the information contained in the physical or virtual tapes is an extremely important step to comply with current regulations and prevent information from being extracted and misused. Many companies have lost customer information because tapes were lost, so it’s vital to have an encryption policy to ensure the information can’t be accessed by anyone outside the company.

By implementing an automated encryption key policy, IT organizations can reduce the risk of application outages and data inaccessibility due to missing or corrupted encryption keys; such a policy can ensure protection and availability of keys and digital certificates as well as fast recovery of encrypted data.

IT organizations should implement an automated key management system that consolidates and centralizes key management—including all change, tracking, backup, and recovery processes—across multiple vendors and z/OS tape encryption hardware. They also should consider implementing emerging software technologies that provide automated pre-generation of encryption keys. A key management system should also protect against the early expiration of keys.

Storage Resource Management (SRM) integration. Storage administrators face a big challenge in using multiple tools to manage their virtual tape environments. This occurs because they rely on multiple vendors; every one of them has a different approach, so administrators must switch from one application to another to configure or fix a possible problem while using virtual tapes.

SRM tools can simplify management of tape or virtual tape deployments by automating and centralizing administration; this can help maximize existing resources and achieve higher utilization and optimization of the virtual and physical media. Using SRM tools lets administrators configure tasks and find problems no matter what software they have; the tools can simplify the process and help them achieve compliance with less effort.

Tape hardware can be a significant consumer of power, cooling, and floor space. Cartridge robot devices can store thousands of cartridges for quick access. SRM technology should be used to manage these robots—tracking usage and automatically ejecting infrequently used cartridges.

You should also use SRM to track scratch tape availability and free-cell counts to provide history and forecasting information. You can use SRM to minimize the number of cartridge robot devices installed and delay purchase of additional robots as long as possible.

Software solutions that can integrate with other products facilitate compliance, helping companies simplify operations, and maximize their control of rules and regulations. Administrators can be proactive, minimize possible breaches, and keep information secure continuously.

Benefits

Tight product integration of virtual tape, encryption and automation transparency with SRM can help businesses contain costs, unify tape storage operations, increase operational effectiveness, and maximize the use and life of the client’s storage investments. Figure 1 shows potential benefits.

 

Summary

Implementing a tape storage environment with virtual tapes, encryption, and SRM automation delivers peace of mind; it lowers risks and potential exposure to data and financial loss by keeping critical corporate information secure, accessible, and manageable. The company can prove compliance with federal regulations while addressing business continuity and disaster recovery.

Tape will continue to play a key role in the data center. IT staff can continue to reduce tape storage costs even in an era of expensive devices by more efficiently using tape media. IT organizations also can take steps to prevent interruption of business operations. Fast access to data on tapes is critical and so is standardization of tape management tools. Moreover, ever-changing IT environments make it essential to implement tools that are flexible and scalable to an organization’s specific needs. Data loss is unacceptable. Efficient utilization and management of new tape technologies and capacities can deliver peace of mind and greater business value. By better managing and automating key tape-related processes, IT organizations can mitigate risk, reduce TCO, fulfill compliance requirements, and optimize security.

Andres Rivera-Cabal is principal product manager for CA Technologies mainframe storage solutions. In this role, he frequently speaks at both internal (customer) and external events about CA Technologies mainframe storage strategy, vision, and market trends. He previously served as director of Product Management for the data availability products at CA Technologies.

Email: andres.riveracabal@ca.com