The invention relates generally to the field of storage devices, and more particularly to techniques to assure the genuineness of data stored on storage devices.
An important aspect of today's business environment is compliance with new and evolving regulations for retention of information, specifically, the processes by which records are created, stored, accessed, managed, and retained over periods of time. Whether they are emails, patient records, or financial transactions, businesses are instituting policies, procedures, and systems to protect and prevent unauthorized access or destruction of these volumes of information. The need to archive critical business and operational content for prescribed retention periods, which can range from several years to forever, is defined under a number of compliance regulations set forth by governments or industries. These regulations have forced companies to quickly re-evaluate and transform their methods for data retention and storage management.
For example, in recent times, United States governmental regulations have increasingly mandated the preservation of records. United States government regulations on data protection now apply to health care, financial services, corporate accountability, life sciences, and the federal government. In the financial services industry, Rule 17a-4 of Securities Exchange Act of 1934, as amended, requires members of a national securities exchange, brokers, and dealer to retain certain records, such as account ledgers, itemized daily records of purchases and sales of securities, brokerage order instructions, customer notices, and other documents. Under this rule, members, brokers, and dealers are permitted to store such records in an electronic storage media if the preserved records are exclusively in a non-rewriteable, non-erasable format.
In addition, organizations and businesses can have their own document retention policies. These policies sometimes require retention of documents for long periods of time. The National Association of Securities Dealers (“NASD”), a self-regulatory organization relating to financial services, has such rules. For example, NASD Rule 3110 requires each of its members to preserve certain books, accounts, records, memoranda, and correspondence.
Preserved records can take many forms, including letters, patient records, memoranda, ledgers, spreadsheets, email messages, voice mails, instant messages. Accordingly, the volume of preserved records can be vast, requiring high transaction speeds and large capacities to process. In addition, preserved records may exist in many disparate electronic formats, such as PDF files, HTML documents, word processing documents, text files, rich text files, EXCEL™ spreadsheets, MPEG files, AVI files, or MP3 files.
A number of conventional methods currently use upper level software, or application software, to preserve data in a non-rewriteable, non-erasable format. For example, upper level software, such as electronic mail archiving software, can be tailored to prevent deletion of data. However, upper level software programs implementing write protection are generally perceived to be unreliable, vulnerable to security flaws, and easily bypassed at the storage medium level. Moreover, upper level software implementations can prove to be costly since such implementations will need to process many disparate forms of data originating from many sources.
In another conventional method, write once read many (WORM) storage devices are used to preserve data in a non-rewriteable, non-erasable format. However, it is difficult to prove that the contents of a WORM storage device remain preserved and unaltered over a specified period of time. For example, a user can keep business activities record in a rewriteable device, alter the contents as needed, and store the data into the WORM storage device prior to an audit. That is, even if the data is stored in the WORM storage device, it is not evident that the original data remains unaltered.
As can be appreciated, conventional techniques lack precautions necessary to instill confidence in the stored data by auditors, regulatory compliance officers, or inspectors. There is a need for improvements in storage devices, especially for techniques to archive data and increase the trustworthiness of such data.