For instance, email needs to be archived in accordance with internal rules as well as demands of legal mandates for storing business records, says Mark Bregman, Symantec CTO. "You have to keep information as long as required for internal or external policies," he said.
These policies may differ, creating complex problems for managing the data, he says. "Many businesses have multiple requirements for mandates that overlap," he said.
Such policies and regulations may exist for email, data centres, storage, backup and other areas of corporate networks, Bregman says. The chore of managing all these factors can overwhelm IT staff, forcing them to spend more money on operations than on critical infrastructure investment, he said.
In addition, regulatory constraints may be written in ‘legalese’ that doesn't translate well into practical deployment policies that can be implemented by IT departments, he said.
To deal with these complexities, businesses should first assess the risk involved with not protecting assets and write clear policies for protecting those deemed essential. Then they need to work out an implementation plan and figure out how to manage these assets and the protections they put in place, he said.
Businesses should map a plan for auditing how well the infrastructure they install supports compliance and get tools to report compliance and retain records as evidence for regulatory investigations, he said.
Investment in software tools to handle management of these compliance systems can save businesses money in the long term by avoiding legal penalties but also by sapping less IT staff time, Bregman said.
Corporate IT executives should lobby for these tools using the argument that the more time IT can spend developing business automation the more profitable the business will be. He said: "IT people need to talk to the business side of the business about IT not just as an expense but as a key enabler to being more responsive.”