140 likes | 389 Views
10TH ANNIVERSARY NATIONAL CONFERENCE ON E-GOVERNANCE. European Practices in Data Archiving with EMC. Technological Solutions on EMC Centera and Celerra Platforms . . Date - March 11 2009. Lyubomir Yanchev Storage Solution Consultant S&T Bulgaria. www.snt-world.com. S&T Bulgaria.
E N D
10TH ANNIVERSARY NATIONAL CONFERENCE ON E-GOVERNANCE European Practices in Data Archiving with EMC. Technological Solutions on EMC Centera and Celerra Platforms. Date - March 11 2009 Lyubomir Yanchev Storage Solution Consultant S&T Bulgaria www.snt-world.com
S&T Bulgaria RU LV S&TBulgaria Employees – 50 Certified Consultants - 6 Certified Support Engineers – 14 PL UA CZ SK MD AT HU RO SI HR BA YU BG MK GR
Information and Compliance Challenges Data Growth Digital Proliferation Cost 70 percent annual increase in data volumes 92 percent of information is digitally created with only 30 percent repurposed 80 percent of IT budget consumed by maintenance Escalating Storage Costs + + 80 percent of information is unstructured with no organizational control Nearly 90 percent of EU. companies are engaged in some type of litigation Millions in fines for inadequate record keeping Increasing Scrutiny and Risk + + Risk Litigation Fines Sources: Gartner Group, AIIM, Meta Group
Comprehensive Compliance: A Problem of Global Proportions Canadian Privacy Policy Principal 1983 Canadian Personal Information Protection 2001 Canadian Personal Health Protection Act 2004 Austrian Data Protection Act 1978 Luxembourg Personal data Protectio 1979 German Federal Data Protection 1990 Switzerland Federal Act on Data Privacy 1992 Netherlands Privacy Act 1993 German Federal Telecom Act 1996 Italy Personal Data Protection code 1996 Poland Personal data protection act 1997 Sweden Personal Data Act 1998 Spain Organic Law on Personal Privacy 1999 Slovak Republic Act on Data Protection 2000 Denmark Privacy Act 1978 Iceland Data Protection 1989 EU Data Protection 1995 UK Data Protection Act 1998 EU Safe Harbor 2000 Directive 2002 EC 2000 Fair Credit Reporting Act1970 Privacy Act of 1974 CPPA 1984 ECPA 1986 DPPA 1994 HIPAA 1996 COPPA 1998 GLBA 1999 21 CFR 11 2000 Sarbanes Oxley 2002 SB 1386 2003 FERPA 2004 PCIDSS 2005 Amended FRCP 2006 MA H.B. 4144 2007 India Info Privacy Act 1993 New Zealand Privacy Act 1993 China Personal Data Ordinance of Hong Kong 1997 Korea Act on Privacy 2000 Taiwan Personal Data Protection Act 2003 Japan personal data protection act 2005 Mexico Federal Personal Data Protection 2002 South Africa Protection Act 2003 Australia Privacy Act 1988 Australia Telecom Act 1997 Australia Health Data Protection 2001 Argentina Personal Data Protection 2000
2009 European Union Outlook: By the Numbers • Forrester: “As one outcome of the current macro-economic environment… expect more litigation and regulation in 2009.” Expect an increase in litigation during 2009 (“Large” companies and government organizations) 43% 43% Have more than $20M at risk in at least one case (public cost) Anticipate even more regulatory inquiries and proceedings in 2009 (all respondents) 33% 33 % $1B+ Government org and Companies spending > $10M on litigation each year (excl. settlements and damages) 20% Source: Fifth Annual Litigation Trends Survey, Fulbright & Jaworski, Oct. 2008
Directives of the European Parliament and of the Council • Data protection (1995 / 46) • Electronic signature (1999 / 93) • Electronic Commerce (2002 / 31) All directives intend • to enable the use of new technologies and • to harmonize national regulations, but only the national laws are mandatory.
EMC Centera The World’s Most Simple, Affordable, and Secure Repository for Information Archiving • Purpose-built for information archiving • More than 5000 customers • More than 260 partners • Works with any application from virtually any platform • Almost all major Healthcare and e-mail partners support EMC Centera • More than 240 PB shipped EMC Centera EMC Centera4-Node
CA CA LAN Content Address ContentAddressalgorithm • Digital fingerprint • Globally unique • Location- independent 10001010 Content Addressalgorithm 10111011 How EMC Centera Works: Application Example EMC Centera performs Content Address calculation and sends address back to application Simple Object is created and sent to application server Application server sends object to EMC Centera over IP network Database stores Content Addressfor future reference
EMC Centera Governance Edition and Compliance Edition Plus Optional Software Configurations • Optimized to manage the retention and disposition of content • Retention enforcement • Data-deletion enhancements • Shredding DoD Directive 5015.2 • Hardened platform (optional) • Disable remote administration (dial-in) EMC Centera Governance Edition • Suitable for internal governance and most regulations EMC Centera Compliance Edition Plus • Designed for the strictest of regulatory requirements, specifically SEC 17a-4 • Used by the SEC internally for e-mail archiving
EMC Celerra File-Level Retention Write Once-Read Many (WORM) File-Level Retention
EMC Celerra File-Level Retention Optional DART Functionality:Write Once-Read Many (WORM) for CIFS and NFS • Prevents files from being modified • Protects files against changes • Protects files from being deleted • Sets retention periods for files • Can extend the retention period of unexpired files • Files can only be deleted when retention periods are met • Set on a per-file basis • Indicate retention time • Commit to read-only • Two options: • File-Level Retention Enterprise (FLR-E) option provides for WORM functionality without meeting the stringent compliance requirements • File-Level Retention Compliance (FLR-C) option provides for additional protections to meet SEC Rule 17a-4(f) requirements #1 in NAS (IDC, Q3 2008)
Capabilities Tamper-Proof Clock • Software clock maintained per File-Level Retention file system • Maintains an additional clock that is separate from the system clock • Changes in the system clock time cannot be used to fool the file into “expiration” • Used for all File-Level Retention time comparisons • File-Level Retention clock cannot be modified or reset Activity Logging • Log is maintained in the File-Level Retention logs subdirectory • Information for each event: • Time of event (system time) • File with which the event is associated • Action (create, append-only file, etc.) • Operation being performed • The user ID of who performed or attempted the action Data Verification • Applicable only to FLR-C file systems • All data writes are write-verified by reading the data back • Writes to production FLR-C file system, local and remote replicas are verified
Thank you ! Lyubomir Yanchev Phone : +35929651767 Storage Solutions Consultant l.yanchev@snt.bg S&T Bulgaria www.snt.bg