New laws on data and its regulation may be a headache for businesses, but it has made storage the hot IT topic of 2004.

Legislation such as Sarbanes-Oxley, which requires businesses to comply with tough rules on storage and the reuse of data, have concentrated minds.

Some 37 per cent of IT directors rank regulatory issues as a key driver for storage investment, a jump from 31 per cent in six months.

"It's the biggest increase in terms of business drivers for storage," said Hitachi Data Systems business operations director Mark Ellery of the statistic revealed in its latest Storage Index report.

"There are about 18 different compliance acts affecting UK companies, which cause a lot of confusion," he added.

"But post-Enron and WorldCom, the board-level pressure that you need to take compliance seriously is giving storage strategies a kick up the backside."

The pressure on users to choose the best storage strategy to meet compliance issues is huge, as data sources, including email and instant messaging, escalate.

"Research by the University of California shows that more information will be generated in the next three years than in the entire history of humankind," said Paul Talbut, chairman of the independent Storage Networking Industry Association (SNIA) Europe.

"However, it is not enough for firms just to retain data. Users must keep data for a certain number of years and in some cases must produce it within 24 hours. Storage solutions must focus on how data is kept, protected, shared and retrieved. It can't just be kept in a vault."

Burying data in a vault can't breathe life into compliance, but IP-based storage can, according to Talbut.

"Sometimes data must travel long distances, for example from London to New York, to meet the compliance obligations of Sarbanes-Oxley. IP-based storage gives users a solution that can stretch across the globe," he explained.

Data lifecycle management, where automated processes manage data, is also tailor-made for addressing compliance issues. "It gives the right storage value to the type of data," said Ellery.

Talbut added: "If an email is three years old, what is the point of having it available on the fastest, most expensive disk? Storage should be matched to business needs.

"Not all data is created equal. The big breakthrough is the development of Serial ATA (Advanced Technology Architecture).

"The disk interface technology allows users to buy 'good enough' storage for less critical information, driving down the cost of data retention."

However, Talbut believes that data lifecycle management relies on having networked storage. "Managing data through its lifecycle requires a high degree of consolidation and centralised management which can't be provided by direct attached storage," he explained.

Paul Trowbridge, regional marketing manager for storage area network (San) specialist Brocade, said: "Without a flexible infrastructure, it becomes cost-prohibitive to meet regulatory requirements.

"Sectors such as financial services, which have extreme levels of regulatory conformity, nearly all have Sans."

The sector is learning the cost of failing to meet strict compliance obligations, after Abbey was fined £2.3m by the Financial Services Authority for breaching money-laundering rules.

Insurance services firm Thomas Miller is confident it will not suffer similar penalties. After revamping its storage, the firm has ensured it can meet a legal requirement to quickly retrieve emails that have been retained for seven years.

Expanding volumes of emails "were eating up disk space", according to Richard Lewin, IT services manager at Thomas Miller.

"Some people had more than 30,000 emails in their mailboxes and it was raising compliance issues, as they can't just be deleted," he said.

The company investigated several options, including native archiving on its Lotus Notes environment. "But that would have cost a lot of effort from administrators and users," said Lewin.

Messaging consultancy Integritis recommended Legato Software's EmailXtender to automate email management and set rules to archive any email older than a year.

Less email is now kept in mailboxes on the mail server, cutting storage costs and reducing back-up times, but critically every email is trapped, stored and indexed.

"We now have a record even if an employee deletes an email, which gives us an additional layer of security and compliance," said Lewin.

Identifying business needs is crucial if businesses want storage to play a successful role in managing compliance issues.

Law firm J Keith Park & Co focused on reliability. Strict regulations require that case files are kept for 12 years, with access to them on request at any time.

On discovering that mission-critical data was being lost, the firm replaced its crumbling storage system with Adaptec external storage to protect case data through built-in redundancy and fail-over features.

It proved itself when IT technical director Lorraine Dotchin returned from holiday to find that a hard drive in the main array had failed.

"If clients aren't served properly due to mismanaged data, we can be held liable," she explained. "One of the spare drives took over and kicked the dead drive off the list. No data was lost."

Deciding what data to retain and when to delete it is problematic with legislation, such as the Data Protection Act, which requires data 'not to be kept longer than necessary'.

"Companies are becoming acutely aware of the increasing and sometimes conflicting pressures on data retention," said Steve Mackey, sales director for intelligent storage supplier ADIC.

Despite the complexity, research by ADIC reveals that businesses are making headway.

"Seventy-seven per cent of users at Storage Expo last year were aware of regulations on keeping emails and 64 per cent have plans in place for effective archiving," said Mackey.

They are right to get on with it. "If they do nothing, within two years, the information they are trying to manage will be out of control," warned Talbut.

Seven steps to best practice

www.snia.org