In-Depth

Regulatory Compliance: A Catalyst for Better Data Management

At Computer Associates, CTO Yogesh Gupta doesn't just talk about data management or regulatory compliance from an academic standpoint. He's living it

• By Jon William Toigo
• 03/31/2005

In the storage field, and in the world of business technology generally, one of the brightest minds I have ever encountered belongs to Yogesh Gupta. As CTO for Computer Associates, I’ve had the pleasure of interviewing Gupta many times and leave every meeting filled with ideas and energized to write down the kernels of wisdom that seem to flow effortlessly from his brain.

In preparation for the upcoming Data Management & Compliance Summit, which I will be chairing at Networld+Interop this May (see www.storagerevolution.com for an overview), I had another opportunity to speak with Gupta, who will deliver one of the keynotes for the three-day event, to discuss his presentation. Truth be told, the fellow could probably do the entire event as a one-man show, but alas, we will only have him for an hour. The trick will be to distill his wealth of knowledge and experience about data management into a PowerPoint deck that can be delivered in the allotted time.

What makes the task challenging? Gupta is not talking about data management or regulatory compliance from an academic standpoint. At CA, he’s living it.

I won’t go into the litany of events that found CA receiving the close attention of government regulators; what I will do is echo Gupta’s words, “A lot of companies are talking about reinventing themselves and better aligning technology with business processes, but we literally had no choice. Data management isn’t a fashion statement for us. We believe it is essential to change”

Says Gupta, current legal changes affecting vertical industries such as health care and finance, as well as regulatory requirements embedded in SEC rules (Sarbanes-Oxley and others that impact companies across many lines of business) are focusing the attention of many companies on the need for more disciplined management of their data. But, he notes, this is only the “catalyst for change—not the driver.”

If I am interpreting him correctly, his argument is that the drivers for improved data discipline and improved business/IT alignment should have their own intrinsic value proposition. Companies should be doing more to develop data architecture, application architecture, and pursuing other infrastructure strategies that will enable IT to better support their business processes and to improve business efficiency and productivity—not just to comply with regulations.

It does not escape Gupta that this view was core to the business process re-engineering (BPE) crowd only a few years ago. Nor is he slow to recall that many in that crowd soon found themselves pushed out of client sites by CEOs who tired of being told how they would have to change their “broken business models” in order to realize their goals. Nobody likes to be told by some snotty-nosed-fresh-from-B-school analyst that they are doing it all wrong. As a result, the BPE concept quickly lost its luster.

Today, many companies are reaching the very same conclusions articulated by the BPE droids a half decade ago: that a data and application architectures must change to support business processes, but for different reasons. Regulation is a factor, Gupta says, noting that the ever-present scrutiny of the company by both Wall Street and the Fed, as well as massive management changes, have made re-engineering a must-have. But he notes that many other companies are re-engineering because older lines of business are simply losing steam.

In the storage industry, for example, it is now commonplace to hear the former “gods of big iron” talking about transitioning themselves from hardware vendors to software vendors. EMC has been on this trip since 2001 and last year, IBM changed its Dunn & Bradstreet listing from “hardware manufacturer” to “software and services company.” Clearly, such transformations require a major re-thinking of business processes and the IT architectures that serve them.

Gupta says that the challenges are different at CA, where the core lines of business remain the same: software for enterprise management, security management, and storage management. “We are still pursuing the same line of business that we have been for the past 25 years. However, we are changing our internal business processes and their support architecture, starting with the financial side of the house, but proceeding outwards from there. The key is to understand where you need visibility into processes [and] where you need greater controls and transparency.”

And a lot of the analysis has to do with data, in Gupta’s view: what data is produced by and used by applications in support of business processes. This is mostly unexplored territory, he says, in most companies.

I’m hoping that the tools and techniques developed to do the job inside CA may become the foundation of a new order of software and methodology products from the company that can be purposed to help many companies who are treading water when it comes to compliance and data management. We will be getting some preliminary thoughts along these lines from Gupta on May 3 at the Data Management & Compliance Summit.

I hope to see readers of this column there. Comments are welcomed at jtoigo@toigopartners.com