Global Relay Alternatives & Migration Software [MVP Guide]

Software-as-a-Service (SaaS) archiving platforms have been around for a long time, and legacy archiving vendors like Global Relay have adopted the SaaS model to deliver their solutions. By allowing a company to avoid significant infrastructure costs, SaaS has, traditionally, been a lower cost, convenient, and hassle-free option and has especially useful for those looking to move away from on-premises archiving. However, SaaS archiving solutions weren’t designed with customization in mind and, in today’s world, their static feature sets haven’t been able to stand up to increasing security needs, the need for flexibility, and unlimited scalability that hyperscale clouds provide. While SaaS solutions might seem like the easiest way to go, they come at the cost of security, access, accountability, and control over your data. In fact, the only comparable benefit between SaaS solutions and public clouds from Amazon, Google, and Microsoft, is the lack of on-premises infrastructure. 

While SaaS vendors claim to offer the best turn-key cloud archiving platforms, in reality they suffer from many of the same issues that organizations are looking to move away from, including limited access to the powerful tools, such as Machine Learning, AI, and meaningful analytics available in a true hyperscale cloud. This is largely due to the fact that most SaaS archiving vendors rely on aging designs which make it virtually impossible to upgrade with the emerging capabilities clients are demanding. Additionally, most SaaS vendors don’t own their own datacenters and simply rent parts of a third-party, multi-tenant cloud, further blocking new cloud-dependent technologies from being added. 

SaaS architectures also put you, the client, at a major disadvantage – your encryption keys are controlled by the SaaS vendor – which raises major security concerns. This complete lack of control over security and encryption keys means that the keys used to secure your company’s sensitive data could be shared across all of the SaaS vendor’s other clients, producing security weaknesses that could greatly increase your chances of unauthorized access, data corruption, or deletion. This also means that the SaaS vendor can access your company’s sensitive data at any time or provide access to government authorities – without you ever knowing. Further limiting your options, many SaaS vendors store your files in their own proprietary format, meaning your data becomes trapped in what amounts to a data prison where huge “exit” fees can be charged if you ever want to move your data elsewhere. This data ransoming also prevents you from utilizing new powerful data analytics or ML/AI technology to provide content-based auto-classification and supervision for more accurate information management.

With these issues in mind, it’s clear that SaaS solutions create more challenges when it comes to your data. While SaaS platforms offer turn-key simplicity, they also offer minimal advantages over an on-premises solution and severely limit your future options. This begs the question: why not cut out the middleman and retain complete control over your sensitive data in your own cloud?

SaaS Archiving Issues:

• No access to encryption keys
• Little to no control over security policies
• Little or no control over your data’s geographic location – data sovereignty
• Proprietary file formats limit your ability to move your data, without data ransoming
• Limited search and review options for audio, video and other non-email files
• Data analysis and eDiscovery functionality is limited to “lowest common denominator” vendor-provided tools

For cloud archiving solutions that cost as much as SaaS archives like Global Relay do, that’s a lot of issues to contend with.

Believe the SaaS Security Stats

In a recent survey of global IT executives, including VPs, Directors, and members of the C-suite at major corporations, only 19% of those surveyed believed 75% or more of their SaaS vendors met all their security requirements. 70% stated they had been forced to make at least one security exception for a SaaS vendor. While many of these organizations are likely using popular SaaS products like Microsoft Office 365 and Salesforce, where the size and standing of the vendor might make the business more amenable to accepting a perceived lower risk, the clear takeaway is that many SaaS solutions don’t provide the security standards and flexibility modern organizations require.

On the topic of encryption keys, an astounding 95% of respondents believed it was important to control their own encryption keys, and 81% were uncomfortable with their SaaS vendors controlling them. However, 74% of those surveyed said they did not control the encryption keys for the majority of their SaaS solutions. This is a worrying statistic and one that many organizations will have to take steps to reverse as regulations continue to tighten and the threat of cybercrime grows. To that end, 92% of executives said they would require more security customization in the future, with 63% of them planning to retire current SaaS applications that don’t provide them control over encryption key creation and management.

These statistics paint a clear picture of the security landscape and the risk that the one-size-fits-all approach of SaaS vendors introduces. As the trend for security customization continues and scrutiny over data access and handling increases, SaaS solutions will become increasingly less palatable for organizations’ risk mitigation efforts. Instead, more secure and customizable solutions will be a major focus.

Soft SaaS security: Providers like Global Relay don’t allow you control over…

1. Threat detection
2. Identity management
3. Application security analysis
4. Firewall and firewall rules
5. Cloud-native directories
6. Custom compliance reporting
7. Encryption keys
8. Physical data center security

Moving to the hyperscale cloud will also mean changes to your security capabilities over what you have been used to in a static SaaS cloud. Remember, the SaaS platform was a “one size fits all” solution so took care of everything for you. But, with a hyper-scale cloud, you are able to customize your security environment to what best fits your company’s needs. Hyperscale clouds don’t restrict you when it comes to your own security policies, enabling you to follow the same processes and comply with the same regulations as you did on-premises, not to mention the fact that hyperscale cloud providers are the best in the business at keeping data safe. The major players, like Microsoft and Amazon, can’t afford to be lax when it comes to system protection. Not only does their size and ubiquity make them targets, but they know that a significant breach could mean irreparable damage to their respective businesses. It’s for this reason they dedicate hundreds of millions of dollars and countless experts to platform security every year in order to stay ahead of the threats and be as prepared as possible when it comes to emerging risks. SaaS vendors can’t match this level of investment or dedication to security. They don’t have the funds or resources and, ultimately, can’t afford to make security their primary focus.

Archive360 understands the significance of an organization’s move to a hyper-scale cloud and the concerns that go with such a decision. With more than a thousand legacy archive migrations completed successfully, we know the types of questions you need answers to and can help dispel any fears you might have in our initial discussions. The questions we hear most often include…

• How much data do I actually have in my archive and what kind of data is it?
• Is there a cost to move my data out of the Global Relay archive? If so, what is the cost?
• Does the archived data need to be reconverted back to its original format?
• How much “dark data” do I have (such as archived messages from inactive users and leavers)?
• Do I need to migrate the entire archive and/or the journal archive?
• I have ongoing or pending litigation; can I still migrate my archived mail?
• How do I manage archived email that is under legal hold? What special handling is needed to maintain chain of custody?
• Will I be able to account for 100% of my archived mail?
• How long will the migration take?