For many years, storage in the SMB market was merely a choice of base hardware and software. Except those considering large expansion plans, there was simply no pressing need to think beyond the storage basics.
But now, the increasing mountain of data organisations must retain has obliged SMBs to develop a strategic approach. IDC analyst, Jean Marc Annonier, claims that in the next 12 months internal storage capacity for half of all medium-sized businesses will rise by 25 per cent and external storage by 20 per cent.
Relatively new business operations, such as electronic billing and larger email attachments, are not the only factors at play. Technologies have also become more affordable and the powers that be are demanding additional compliance.
In fact, there are literally dozens of different legal obligations that SMBs face and these vary according to size, industry, and type of entity. Sydney-based law firm Arnotts Lawyers' Alan Arnott said it was important to undertake, enforce and audit data-retention policies.
While companies should seek legal advice and there is no "one-size-fits-all" approach, in many situations it is recommended that data and all relevant documents be retained for at least 12 years or more.
"The importance of data retention laws cannot and should not be underestimated," he said. "There are significant penalties that apply to breaches of the legislative provisions governing data retention, in some cases attracting fines of up to $1 million for corporations and $200,000 for individuals, as well as criminal prosecution and sentencing for those individuals involved."
Adding further complexity to this legal web, one recent compliance development involves the Australian Law Review Commission (ALRC), which is undertaking a review of the Privacy Act 1988. While the ALRC only submits final recommendations in a report to the Attorney-General (due in coming months), there is a possibility that as a result of their work, data retention laws could be amended and add further obligations.
The Australian Privacy Commissioner, Karen Curtis, said organisations covered by the Privacy Act should ensure they are meeting privacy requirements.
"With regard to data retention, organisations need to keep the personal information they hold accurate, complete and up-to-date," Curtis said.
"They should also take reasonable steps to protect the personal information from misuse and loss, and from unauthorised access, modification or disclosure. This could include physical security measures to prevent unauthorised access, computer and network security, the protection of data during transmission, and limiting access to the data by authorised staff.
"The Privacy Act does not prescribe a definite time period for retaining an individual's personal information. However, organisations are required to take reasonable steps to destroy or permanently de-identify personal information if it is no longer needed."
While some laws require documentation and data to be kept for over a decade, others indicate a much faster timeframe.
"Unfortunately, there is no uniformity of obligations under the various laws," Arnott said. "Each law carries with it unique time limits and various requirements as to the type and amount of data required to be retained. As a result, compliance is an onerous and time-consuming task."
Combine these points with the multitude of technologies available, and those set to be launched, and you realise SMB storage decisions just keep getting more complex and intricate. Much like the trend in document management, the channel must provide customers with a holistic approach to storage to enable them to address pain points and plan for the future.
Gartner has noted that as 44 per cent of SMBs prefer to use value-added resellers to purchase their storage products, the channel has steadily increased its ability to provide total storage solutions. According to the analyst firm, vendors have also modified their training programs and support for channel partners to incorporate strategic considerations.
In light of the pivotal role data storage has taken in the SMB space, some of the major vendors spoke to ARN about their market approach.