The Archive360 Newsletter
Q4 - December, 2021
Table of Contents
A Message from our CEO
With 2021 drawing to a close and the holidays almost here, I want to take a moment to reflect on what has been an unforgettable year here at Archive360. While the global pandemic continues to present us all with challenges both at work and at home, our team has once again achieved new heights with our products and our business.
Thanks to our customers, partners and business associates, 2021 is set to go down as a record year in the company’s history. In the past twelve months, we’ve doubled down on our commitment to innovation, delivering: a full Records Management module that’s redefining cloud-based records retention and disposition; a Zero Trust-based data security application that has been implemented by some of the most security conscious banks, healthcare organizations and US Federal agencies; a new approach to information governance scalability allowing us to onboard over 1PB/month of multiple data types for each customer, including, full classification, masking, and encryption from over 200 systems.
We’re on track to book a record number of new customer wins in both the commercial and government sectors. We’re honored to maintain our 100% customer retention rate and see our customers continue to expand their use of our technology. I’m immensely proud of the work that our team continues to do to support our customers and partners. And above all, I am thankful to all of you, our customers and partners, who continuously drive us to disrupt and transform the information archiving and management industry and confidently help you achieve your vision of digital transformation.
On behalf of the Archive360 team, I wish you a joyous, safe, and healthy holiday season and Happy New Year.
Customer Spotlight
How DLA Piper Transformed their Information Governance
In this podcast, Leigh Isaacs, Director, Information Governance for DLA Piper LLP and Bill Tolson, VP of Compliance and eDiscovery at Archive360 discuss how the changing remote workforce has effected the management of Information Governance processes. They discuss the transition to collaboration tools, its impact on an organization's corporate culture, and the ability to successfully do business remotely.
Experts' Advice
Whitepaper: Why Zero Trust is Important
This new report by Osterman Research describes how organizations are deploying and planning to deploy a zero trust architecture. It offers direction to decision-makers and influencers on best practices and solutions to support the move to zero trust.
Blog: Modern Attachments – An eDiscovery Quagmire?
The modern attachment capability can be problematic for both regulatory data retention requirements and in litigation hold/eDiscovery.
Podcast: The Changing Information Governance Environment in the Age of COVID-19
In this episode John Mancini, President of Content Results LLC, and long-time past president of AIIM discusses how the surge of data in organizations has forced the evolution of the "traditional" records manager role to now be responsible for all information within an organization including its privacy, security, retention and disposition.
Blog: CapEx versus OpEx - On Premises versus the Cloud
Many organizations continue to ask themselves: can you save money by moving from on-premises data centers to the cloud? How much can you save, and are there additional advantages to moving to the cloud? Read this blog to learn the pros and cons of each.
Microsoft 365 Migrations and Inactive Mailboxes (2-part blog series)
One of the issues most organizations run into during an archive migration is inactive users and what to do with their data. These blogs discuss best practices for departed employee data and the challenges of shared mailboxes.
Product News - Security Update
In this edition’s Product News:
- Log4j vulnerability – what it is and why Archive360 customers are not impacted
- Cybersecurity threats and updates from the United States Cybersecurity and Infrastructure Security Agency (CISA)
- Cloud data migration trends and issues
- Why your SaaS vendor leaves you vulnerable to cyber attacks
- How to take control of your data security
Log4j Vulnerability Highlights Importance of Strong Cloud Security Controls
Organizations worldwide have been scrambling to respond to yet another potential cybersecurity threat to global computer networks. This time the threat comes from a bug inside software known as Log4j which hackers could use to steal data, install malware or take control. Log4j is just another security vulnerability in what seems like an endless stream of cybersecurity vulnerability disclosures.
Archive360 Chief Architect, Glenn Luft, discusses why the Archive360 Archive2Azure platform was not impacted by the Log4J vulnerability named Log4Shell CVE-2021-44228.
What is the Log4j vulnerability?
Apache Log4j is a ubiquitous, open-source Java logging library used widely across a huge variety of enterprise and open-source software. Last week, it was publicly disclosed that a security flaw existed in this library. The vulnerability was named Log4Shell and given the identifier CVE-2021-44228.
The vulnerability can be exploited remotely without authentication, meaning threat actors can access it on a network without requiring any login data, authentication or credentials. Once an attacker gains access, they can quickly exfiltrate data or deploy ransomware to the vulnerable system. Since millions of applications and services use this logging system, it makes this risk that much more dangerous.
Microsoft has recommended a series of steps to mitigate the risk of exploitation, including contacting your software application providers to be sure they are using the most up-to-date version of Java, which would include patches.
Cybersecurity threats continue to grow
Cloud data migration trends and issues
Is your SaaS vendor meeting your security requirements?
While the Log4j vulnerability has no impact on Archive360 customers, it has impacted many SaaS archive solutions. As we’ve seen with other cyberthreats, the Log4j vulnerability highlights the importance of proactively ensuring your cloud vendors have up to date security controls in place or offer the ability for customers to customize their individual security processes/technology to better mitigate the ever evolving security threat landscape.
Sharing security responsibilities, particularly when you have a mix of IaaS, PaaS, and SaaS – each with different security requirements and capabilities – can be challenging. Multi-cloud makes matters worse. In fact, over 90% of the technology leaders surveyed by Pulse say their SaaS providers don’t meet all their company’s security requirements. And more than a third (37%) of tech leaders say they have had to make a security policy exception for one or more of their SaaS-based vendors.
The problem with SaaS archiving and information management solutions is their shared tenancy and one-size-fits-all security model that limits your security options. You must trust SaaS vendors to:
- Manage their software’s security configurations and rotate encryption keys appropriately
- Store encryption keys in a different location from where the data resides
- Strictly limit access to encryption keys
- Limit data access to only those identities–both human and non-human–who absolutely need it
- Limit data access duration to only the times it is essential
- Actively monitor their users’ job status and manage their entitlements accordingly
- Train their personnel on best security practices and for personnel to follow protocols
- Seek your consent before turning it over to the government using secrecy warrants
- Adequately test software updates for vulnerabilities before, during, and after deployment
Take data security matters into your own hands
For those of you who need to be in control of your data security and want to take data security to the next level by insisting on a zero-trust architecture approach, Archive360 offers the world’s first zero trust, intelligent information management, and archiving Platform as a Service (PaaS). Together with Archive360’s Security Gateway, you manage your data with your security in your cloud. You have your own dedicated deployment infrastructure. There are no shared network resources or shared encryption keys with other cloud tenants. You have complete control over your software’s security options. You can:
- Manage all software security configurations and rotate encryption keys as needed
- Secure data in transit, at rest, and while in use
- Store encryption keys on-premises or in the cloud, separate from the data
- Encrypt files, metadata, and data on-premises before moving them to the cloud
- Search encrypted data via homomorphic encryption
- Control data residency or geolocation
- Provide fine-grained control over access security and data retention by business unit, department, role, user, and record – down to the field or character level
- Block, mask, anonymize, and redact data down to the field or character level
- Provide field-level encryption controlled by role-based access controls (RBAC)
- Audit who accessed the file or data and when and how it was accessed
- Provide an immutable chain of custody
- Enable new uses for your data repositories to meet compliance and business intelligence needs
Unlike other information management and archiving solutions that transform data into proprietary formats, the Archive2Azure cloud platform always stores data in its native format, ensuring your organization always has access to and control over your data and eliminating the potential for vendor data ransoming.
In the Media
Help Net Security: Cloud compliance: Falling out of it could spell doom
In this Help Net Security interview, Bill Tolson, VP of Global Compliance and eDiscovery at Archive360, discusses the importance of cloud compliance and what companies can do meet the requirements when shifting to the cloud.
Government Technology Insider: FOIA in the COVID-19 Era: When Government Agencies Can’t Comply with Government Mandates
Many government agency employees have been working remotely, perhaps for the first time ever. And with most organizations having an on-premises decentralized approach to information management, it becomes nearly impossible to conduct searches for FOIA requests. So what's the answer? The cloud.