Claiming that only 1 in 10 enterprises is ready for Sarbanes-Oxley, IBM launched new services, tweaked existing software and announced impending enhancements to its storage products in a broad initiative aimed at companies trying to comply with a host of federal regulations.

The new services and products are designed to help corporations comply with regulations out of the SEC, the Sarbanes-Oxley Act, the antiterrorism U.S. Patriot Act, and the Health Insurance Portability and Accountability Act.

“Companies really still don't have the information they need to decide what records to keep, what not to keep,” said Alan Stuart, a senior strategist with IBM's storage software division. “They're struggling with all these different acts.”

IBM will bundle one or more of the new compliance products, said Stuart, or sell them separately, depending on what the customer wants. “They can have it all, or they can pick and choose,” he said, touting IBM's open architecture, which will let companies link existing compliance applications to IBM's products and services.

IBM's approach – pushing a broad set of compliance-related products – deserves attention, said analysts. Vendors which offer single-purpose solutions to compliance are a dime a dozen, but IBM's holistic strategy is smarter.

“IBM certainly has the most toys for the compliance game,” said Stan Lepeak, analyst and vice president with research firm META Group. “But what's more important is that it's encouraging users to look at a comprehensive rather than a point-based solution.”

Several new services were among the compliance offerings that IBM announced Wednesday. IBM E-mail Archive and Records Management Service, for instance, is a hosted service initially targeting the financial service market, but which can be used by any company to automate the capture, archiving, and retrieval of inbound and outbound e-mail and instant messages. Powered by ZANTAZ, the real- time archiving service will store messages for months or even years – depending on the customer's compliance needs – and separates personal from business messages to lighten the retention load. The on demand-style hosting service will charge customers only for the e-mail storage capacity they use.

IBM and Searchspace have joined forces to launch IBM Anti-Money Laundering Service, another hosted service to help companies toe the line of the U.S. Patriot Act, which requires firms to put a program in place to detect and prevent money laundering schemes by terrorists and run-of-the-mill criminals. It can also be run inside an enterprise, and tied with IBM's DB2

IBM's also tweaked some of its management software to better handle compliance requirements, said Stuart. Both DB2 Content Manager and the Tivoli Storage Manager have been enhanced, and now come in versions with the Data Retention Compliance label.

Tivoli Storage Manager for Data Retention Compliance, for example, now offers event-based retention rules that companies can apply to insure records are kept for the required length of time, as well as deletion hold tools to make sure records that must be preserved – perhaps because a federal or internal investigation mandates that they not be erased – are preserved. Other new solutions in the compliance arena announced Wednesday by IBM include a data wiping service for retired hardware, and by April 2004, support for Write Once Read Many (WORM) tape media in its TotalStorage Enterprise Tape Drive 3592.

Although only regulations from the SEC demand that records be kept on non- changeable media such as WORM, Stuart said that many of IBM's customers are looking at the format as additional insurance against claims of regulatory violations. “WORM tape costs a fraction of non-erasable disk space,” he said.

IBM will continue to push the compliance envelope, concluded Stuart, with more products and services over the coming months. Sometime in 2004 it will introduce a platform based on the pSeries processor and the Tivoli Storage Manager that makes use of serial ATA disk storage systems for archiving important documents.

IBM better move fast, said META Group's Lepeak, before the sales window for compliance closes. Sarbanes-Oxley, the primary driver for enterprise compliance, has a deadline just eight months away. “This quarter and the next will be the big ones for compliance,” he said. “But by the second quarter of 2004, it will be too late.” He expects a lull from that point until sometime after the mid-year deadline, when companies will make a secondary push into compliance in order to try to squeeze some additional value – in business process and cost management – from what they've already deployed.

But while he applauded IBM's tactic of bundling outsourced services, storage and content management into a compliance initiative, Lepeak cautioned companies against thinking that the solution to the problem was to buy another product. “The situation with most users is more one of what to do with the technology rather than the need for more technology,” Lepeak said. “Another way to say that is you may not need to buy some (of IBM's products and services).”

Register or login for access to this item and much more

All Information Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access