With the roiling of the financial markets, the almost unprecedented incursion of government into the marketplace, and with a strong consensus that there has been too little regulation in the past decade, one thing is certain - government investigations, lawsuits and new regulations are on the rise. At a macro level, many fiscally conservative people worry that too much regulation will stifle investment and innovation. When you take it down a level, the businesses and other organizations that are subject to regulation - and the people within those orgs responsible for meeting the requirements - wonder how this is going to be funded, especially in recessionary times.
The answer to this challenge is that compliance solutions need to a business case justification; a showing that the solution will - in the real world - save the company money.
If this sounds like tired high tech marketing, please keep reading; it is not. The reason that there is money to be saved through the deployment of the right compliance solutions is that current approaches to some of the key information compliance challenges are today wildly inefficient. Specifically, organizations fail to properly manage their electronic files, they don't enforce their retention/deletion policies, and they respond to eDiscovery in reactive and expensive ways.
Every single organization in the world - and I've been to a lot of them;) - needs to (i) classify emails and files, (ii) delete the junk, and (iii) bring eDiscovery in-house. These are not trivial problems. Human beings are in the best position to classify their own emails, IMs, files and other content that they create, but there's so much of it, that they simply don't or won't.
EMC offers an indexing solution from StoredIQ that is closely integrated to EMC's market leading infrastructure. The solution can be rolled into a data center and it can index terabyes of information a day. Once the index is created, there are 2 critical use cases that we see customers attacking. First, the indexing appliance is purpose built for eDiscovery, and a allows the customers to bring eDsicovery in-house. Putting the tools in the hands of the IT, Security, Compliance, and/or Legal departments to do their own focused collections, litigation holds, and exports means less content is pushed through the eDiscovery process. Rather than collecting and preserving huge volumes by media type - tapes of drives - (much of which is definitively irrelevant), more focused collections and preservations are made. Less is processed and reviewed on the back end, and money is saved. The current processes are so inefficient (due to risk aversion) that there is a strong business case justification for this type of solution.
The second use case that we see is use of the indexing appliance to gain insight into emails and files that reside "in the wild" - on file shares, psts, desktops, SharePoint and so on. Without this type of solution, organizations are saving all their files (despite that fact that many of them do not have any value) because they cannot classify the important content and separate it from the junk. The goal of these projects is what I call defensible deletion (or to delete the junk). The idea is simple. With no insight into files on files systems and other places, organizations have no way to separate the needles from the haystacks. With insight into those files and the ability to "remediate" the subset of important content (ie. copy and collect it or move it) into more controlled environments, the organization can reduce the risk of applying automatic purge policies to the rest of it. There is clearly a risk to deleting content, but there's also a risk to saving everything. A reasonable, risk adjusted process for defensible deletion, like in-house eDiscovery, creates a strong business case justification for the solution (you save money through better management of the content.)
For many years, the belief has been that with better search technology, all content could be saved because we'd have more and more efficient ways to find it. In the compliance and information governance context, search is not nearly enough. You must also be able to "take action" upon the identified content (ie move it to a more efficient or appropriate place, copy and collect it - such as for litigation hold, delete it, change the security controls on it, and so on.) For more information about EMC's eDiscovery solution,including a 10 minute on line demo, please go to EMC eDiscovery Solution.