By: Bill Tolson on September 20th, 2018

Print/Save as PDF

Cloud Archiving and Immutability; Azure offers WORM

compliance archiving | SEC Rule 17 a-4 | Financial services | WORM

Blog09112018Finally, the financial industry is no longer forced into purchasing and supporting overpriced on premise WORM storage or high priced, specialty cloud archives that lock them into the platform with ridiculously high penalties when you want to move your data out.

Over the past couple of decades, on premise WORM storage systems such as the EMC Centera have a proven history of meeting the SEC Rule 17 a-4 immutability requirements. However, rising costs and complexity has caused the financial industry to move to the cloud for lower prices, higher security, and regulatory compliance.


Financial services and WORM

The Write Once Read Many (WORM) requirement from the SEC was originally passed years ago for the financial services industry because of the need to capture and store specific data (books and records) in such a way as to ensure document originality. All WORM storage was by necessity on premise (cloud storage didn’t exist yet).  One SEC requirement consisted of capturing broker/dealer communications immediately and ensuring those communications (emails/attachments) had not been altered or deleted before they were stored on immutable storage (WORM) per the SEC Rule 17 a-4. This was because the SEC wanted to ensure that broker/dealer communications were available to review in an unaltered state if complaints were later raised/filed against the financial services organization or individual broker/dealers. And again, because all storage was local, the SEC had to ensure that technology could protect records and ensure they were unaltered.


The main problem(s) with on premise WORM storage for financial organizations are:

  1. The technology, both hardware, and software continues to rise in the cost
  2. The cost to provide security for this sensitive data continues to escalate
  3. The amount of data falling under the immutability requirements continues to grow


Because of these issues, financial services organizations have been moving to the cloud for relief. However, many of the cloud solutions that offer compliance storage are as expensive as remaining on premise.


Cloud solutions present WORM storage opportunities?

For many years now, specialty cloud service providers have been marketing email storage solutions targeted specifically at financial services organizations to meet SEC Rule 17 a-3/a-4 requirements.  But, many of these cloud providers say they meet SEC Rule 17 a-3/a-4 requirements for WORM storage and information management requirements, but do they? It’s often impossible to find any explanation or third-party proof on their websites or sales collateral. The key requirement is the financial services organization cannot have access to the “regulated data” under any circumstances, including administrator privileges, for the length of the compliance retention period.

These specialty cloud email storage WORM providers would do well to provide 3rd party legal opinion, such as a respected law firm, stating that their solution actually meets the stated capabilities.

Specialty cloud solutions that ransom YOUR organization’s data

Many financial services companies that store content in specialty cloud-based archives are stunned, after the fact, by their cloud vendor’s one-way attitudes - low cost or even free to move huge amounts of data into their cloud-based archives, however, it’s another story when you want to move it out again.


Whether you need to export a large dataset in response to an eDiscovery or regulatory information request or you’ve grown dissatisfied with the cloud vendor and want to move your data somewhere else, the cost to extract your data skyrockets, sometimes to absurd levels. One reason we have heard from customers is that the cloud provider must convert it back to its original format before it can be usable.  This excuse raises a couple of questions; why was it converted in the first place, and does it really cost 30-50x to convert it back? In reality, they’re doing it to stop you from leaving.


An if the cloud vendor didn’t convert your data, they limit the amount of data you can pull out of their cloud to some ridiculously small amount such as 100 GB per week. Imagine how long it would take to move 10 PB of archived data to another cloud?


There is another way: Archive360 and Microsoft

Today, Archive360 and Microsoft announced a new Azure Cloud storage capability to ensure financial services regulatory compliance on the Microsoft Azure Platform. Microsoft has announced their WORM or immutability capability that works across all three of their storage tiers – hot, cool, and archive. Through configurable Archive2Azure policies, users can utilize Azure Blob storage data in an immutable state. With this, data can be created and read, but not modified or deleted. As well, Blobs can be transitioned across storage tiers (hot, cool, and archive) while remaining immutable.


Archive2Azure is the first native Azure solution that meets SEC Rules 17a-3 and 17a-4 guidelines, including ensuring WORM compliant storage.


Proof of compliance, not just vague marketing speak

Microsoft Azure is one of the leading cloud platforms available today. Archive360 and Microsoft can document how the Azure WORM capability works and why it meets SEC immutability requirements. Those third-party clouds so far have not. Which cloud solution does your company want to rely on?


No ransom to move your data, ever again

With Archive2Azure, your data is stored in your highly secure and industry standard Microsoft Azure tenancy, managed by Archive2Azure. Archive360 never charges you to reconvert your data back into its original format because we always store it in its native format. Also, because your data is stored in your Azure tenancy, there is no reason to migrate it again - your data is never held hostage.


Not just email

Besides the ability to capture email journals and save it to immutable Azure Blob storage for regulatory compliance requirements, Archive2Azure will also capture and manage all types of other structured, semi-structured, and unstructured data.


Native format

Archive2Azure always captures and manages information and metadata in its native format, so conversions are never necessary.


The Best of all Worlds

With this new AZURE immutable storage capability, Archive2Azure plus Microsoft Azure now offers financial services organizations the best of all worlds when it comes to low-cost compliant cloud archiving.



About Bill Tolson

Bill is the Vice President of Global Compliance for Archive360. Bill brings more than 29 years of experience with multinational corporations and technology start-ups, including 19-plus years in the archiving, information governance, and eDiscovery markets. Bill is a frequent speaker at legal and information governance industry events and has authored numerous eBooks, articles and blogs.