Businesses face an increasingly complex and ever-changing maze of compliance regulations. While these compliance demands vary by industry and which geographic location a company runs its operations, there are many underlying similarities to those requirements.
Hitachi Vantara covers a lot of ground with its Hitachi Content Platform (HCP). The product offers compliance with a wide range of best practices, including data retention, systematic deletion, immutability, lineage, auditability, and other data governance best practices that are essential parts of many regulatory frameworks.
Along with maintaining compliance, today’s heightened cyber threat landscape also demands that companies comply with all these guidelines so that when they are the target of a cyberattack – and it will happen – they can recover data swiftly and without much downtime.
“Better data governance helps business stave off cyberattacks,” says Jeff Lundberg, principal product and solutions manager at Hitachi Vantara. “Companies need systems that can let them recover data in a couple of hours and are only as annoying as a power supply dying.”
Here are three best practices managed services providers (MSPs) can deliver for their customers with HCP:
Immutability
Often misunderstood, immutability means the ability for the system to prevent any changes or modifications once a record has been verified as a final business document. Companies need systems today that can lock down such immutability. When it’s working properly, it’s not just ensuring that data doesn’t get overwritten, it also means the system can support multiple immutable versions.
Lifecycle management
Compliance regulations demand that businesses retain documents for a certain period of time, which means they need systems they can depend on to store, retain, and delete the documents in a systematic fashion. In healthcare, medical organizations are required to hold records until the patient passes away. In many businesses, companies must retain records until the employee terminates with the company. Companies also need the ability to place a legal hold on data in the event of a subpoena. Best practices also require that companies shred document at the DOD’s wipe standard, known as DOD 5220.22-M, a widely-recognized method for sanitizing data and performing drive erasure.
Lineage/auditability
For companies to meet compliance guidelines, the best practices here focus on the journey of the data, how it gets managed at each storage location. Considerations include the encryption of data-at-rest, immutability and versioning, and finally, strong authentication, including multi-factor authentication and role-based access controls.
“We follow these best practices so we can be compliant and derive value from the data,” says Carol Stainbrook, executive director of the consulting practice at Cohasset Associates, a Hitachi Vantara business partner. “In the end, what’s important is the value of the data and how it can be used from a business perspective.”
Want to learn more?