Last week Splunk sponsored ComputerWorld’s Infrastructure World conference along with HP and IBM. I needed to come up with a talk and I wanted to do something new.

I’ve been thinking about how to describe the challenges we have managing all this changing technology and innovation. Note this is seriously a work in progress. I’m developing a theory that there are three fundamental drivers to data center chaos.

• expectations,
• complexity and
• accountability

Any new business or consumer technology can be quickly met with significant expectations if it becomes successful. Our dependence on everything from wireless email, online travel reservation systems and hosted software as a service dramatically increases the expectations these technologies will always be available, fast and do everything we want. Examples of failed expectation are everywhere. A few examples. On June, 20th United Airlines canceled 24 flights and delayed another 286 flights due to a “computer gremlin.” Research in Motion recently experienced yet another 24 hour email outage and more than 2.5M users were without service in North America. Salesforce.com, pioneers of Software as a Service (SAAS), a more reliable alternative to running it yourself continue to have outages as well.

As a continuation on the compliance topic, let’s review some of the major mandates you might come across in IT. Some of these mandates are more prescriptive, like PCI and others are more widely open to interpretation, like SOX.

• SOX is a securities regulation designed to ensure accurate financial reporting for public companies and companies preparing to go public.
• PCI is a credit card privacy regulation to ensure credit cardholder data is protected. Anyone accepting credit cards or processing credit card payments must be concerned with PCI.
• ITIL sets out specific IT process standards for IT services management best practices and frameworks. Organizations that adopt it, usually due to IT’s desire to improve overall processes and efficiency.
• HIPAA is a healthcare regulation designed to migrate to electronic patient records; ensuring the privacy of records through effective security controls. US healthcare providers and payers (insurers) need to pay attention to HIPAA.
• FFIEC is a banking regulation to ensure banks don’t fail because of fraud. IT security is a small subset of the regulation. US banks are mandated by FFIEC.
• DCID is a security regulation designed to ensure security of defense information systems. If you work for a US defense agency or contractor you probably have already heard of it.

Today I gave a talk at the Interop Data Center Summit happening during the Interop conference this week in Las Vegas. The talk was titled Demystifying Compliance. The goal was to dissect what compliance regulations and mandates mean for the future of IT. It was well attended with roughly 375 people. Thanks to the Andreas and Johna from Nemertes Research for inviting me to speak.

Interop was kind of a strange but interesting place to be talking about compliance. It’s traditionally a very networking focused conference. Interop has it’s roots in proving interoperability of various vendor’s technologies. Three days before the start of the show more than 40 vendors build a network from scratch. It’s sort of a living laboratory of networking technologies — wireless, wired, security, management etc.

But Interop has been growing up. The conference went through a “survival time” with the boom and bust of the networking market over the past few years. Now it’s leaner and meaner but healthy enough to start exploring things “up the stack” including security and yes, compliance.