- January 19, 2021
- Archive360 Team|
- Data Privacy|
- Microsoft 365|
- Regulatory Compliance|
- Cloud archiving|
- Information Security|
Finally, the financial industry is no longer forced into purchasing and supporting overpriced on premise WORM storage or high priced, specialty cloud archives that lock them into the platform with ridiculously high penalties when you want to move your data out. At least many of the on premise WORM storage systems such as the EMC Centera storage system have a proven history of meeting SEC Rule 17 a-4 requirements however, the financial industry is moving to the cloud for lower prices and higher security.
Financial Services and WORM
The Write Once Read Many (WORM) requirement from the SEC were originally developed years ago for financial services organizations because all regulatory storage was by necessity on premise (cloud storage didn’t exist yet). A major SEC requirement consisted of capturing broker/dealer communications immediately and ensuring those communications (emails/attachments) could not have been altered or deleted before they were stored on immutable storage (WORM) per SEC Rule 17 a-4. This was because the SEC wanted to ensure that broker/dealer communications were available to review in an unaltered state if complaints were later raised/filed against the financial services organization or individual broker/dealers. And again, because all storage was local, the SEC had to ensure that records were original and unaltered.
The main problem(s) with on premise WORM storage for financial organizations are:
Because of this, financial services organizations have been looking to cloud solutions for answers.
Cloud Solutions Present WORM Storage Opportunities?
For many years now, specialty cloud service providers have been marketing cloud email storage solutions targeted specifically at financial services organizations to meet SEC Rule 17 a-3/a-4 requirements. But, many of these specialty cloud providers say they meet SEC Rule 17 a-3/a-4 requirements for WORM storage and information management requirements but do they? It’s often impossible to find any kind of explanation or third party proof on their websites or sales collateral. The key requirement is the financial services organization cannot have access to the “regulated data” under any circumstances, including administrator privileges, for the length of the compliance retention period.
These specialty cloud email storage WORM providers would do well to provide 3rd party legal opinion such as a respected law firm stating that their solution actually meets the stated capabilities. In fact, a few do.
Many financial services companies that store content in specialty cloud-based archives for SEC requirements are stunned by their cloud vendor’s one-way attitudes - it’s low cost or even free to move huge amounts of data into their cloud-based archives, however, it’s another story when they want to move it out again.
Whether you need to export a large data set in response to an eDiscovery request or, heaven forbid, you’ve grown dissatisfied with the cloud vendor and want to move your data somewhere else, the cost to extract your data skyrockets, and in many cases, to absurd levels such as $50 per GB.
One reason we hear a great deal is that “we have to convert it back to its original format so it’s usable”… which raises a couple of questions; why was it converted in the first place, and does it really cost 30-50x to convert it back? In realty they’re doing it to stop you from leaving.
Or worse, the cloud vendor will limit the amount of data you can pull out of their cloud to some ridiculously small amount such as 100 GB per week. Imagine how long it would take to move your 10 PB of archived data to another solution and how much you will continue to pay them over that period of time?
There is Another Way: Archive360 and Microsoft
Today, Archive360 and Microsoft announced a new cloud storage and information management solution, Archive2Azure, to ensure financial services regulatory compliance on the Microsoft Azure Platform. This is the first native Azure solution that meets SEC Rules 17a-3 and 17a-4 guidelines, including ensuring WORM compliant storage.
Proof of Compliance, not just vague marketing speak
We have a legal opinion from a respected Washington DC law firm, Wiley Rein, LLP, that can be reviewed and downloaded here that explains point by point how Archive2Azure meets SEC Rule a-3 and a-4 including WORM storage requirements.
No Ransom to Move your Data
Your data is stored in the highly secure and industry standard Microsoft Azure, not a specialty cloud and is managed by Archive2Azure. Archive360 never charges you to move data out of the Archive2Azure solution – ever, so you data is never held hostage.
Not Just Email
Besides the ability to capture email journals for regulatory compliance requirements, Archive2Azure will also capture and manage all types of other unstructured data including extending file shares into the Azure cloud.
Archive2Azure always captures and manages information and metadata in its native format so conversions are never necessary.
The Best of all Worlds
With this new capability, Archive2Azure plus Microsoft Azure now offers financial services organizations the best of all worlds when it comes to low cost compliant cloud archiving.
Your legal, compliance and security teams rely on having an immutable copy of all of your emails. Office 365 archiving does not support journaling. So what should we do?
This eBook provides actionable tips to empower IT to solve the problem.
Bill is the Vice President of Global Compliance for Archive360. Bill brings more than 29 years of experience with multinational corporations and technology start-ups, including 19-plus years in the archiving, information governance, and eDiscovery markets. Bill is a frequent speaker at legal and information governance industry events and has authored numerous eBooks, articles and blogs.