As European regulatory bodies encourage firms to embrace the cloud, it’s time to take a look at some of the benefits, concerns, and myths of archiving electronic communications in the cloud.
Historically, a typical bank’s policy to running applications and storing data was they were all located on-premises. Public cloud services simply weren’t used. But this has evolved with many financial organizations embracing a cloud-first stance, and justification required for on-premises activity.
Although an important driver, this attitude isn’t exclusively due to operational cost savings the strategy brings; in a market where fines typically start at seven figures, the risk must be manageable. Other considerations when compared with traditional on-premises software include managing and monitoring the backend infrastructure, and associated hardware and software upgrades, which are often neglected at the sacrifice of new features and bug fixes.
In addition, including new functionality without the need for service interruption makes it much more flexible than on-premises legacy systems. This is particularly relevant when considering the number of new communications tools and devices that are emerging at an alarming rate, and the trend from communications platform vendors towards web or mobile device applications delivered on the cloud. Each one increasing the complexity of the data required to be handled by the archive and the functionality needed in order to do so.
The electronic communications landscape continues to evolve. We still use email of course, but we are changing the way we work. The market is morphing from standalone applications toward a reconciliation of corporate social, Instant Messaging, Voice and Video into a single hybrid collaborative communications dashboard, such as Cisco Spark, Microsoft Teams and relative newcomers such as Slack.
At a time when communications vendors are simplifying the user experience into user-friendly consoles and email is being marginalised as old fashioned, the data-types we need to process for compliance purposes are becoming far more complex and increasingly harder to manage in on-premises email archives.
The flexibility and faster adaptability of cloud archiving makes it easier for modern communications data to be captured, and improves how information is reviewed and interpreted using techniques such as context aware archiving. This allows for reviewers to see far more than a simple date and time stamp including other communication platforms being used by the person during the same time frame, and with whom they are conversing. With a detailed analysis of archived data, reviewers can build a complete picture of conversations, even when they take place over several different channels.
Once data is centralised in one location it is possible for firms to extend their use of metadata to obtain a greater understanding of conversation threads, access more accurate searches, and generally make compliance processes more effective. For legal teams, it also makes the process of managing legal holds and searching large data sets easier.
Consider a simple example: if someone emails a colleague asking for innocuous information about a company, this is stored in the company’s email archive. The response doesn’t mention the company again but goes on to discuss a stock purchase tip or impending acquisition, but this takes place on Instant Messaging or SMS and is stored in a separate, dedicated archive. When an eDiscovery search is performed on conversations between the users talking about the company or ticker symbol in question, only the original email is found.
Centralising content and being able to look at it all through a single pane of glass to quickly search every interaction between users, irrespective of whether there has been “channel hopping” or not, will uncover issues that would otherwise remain undiscovered.
It is, of course, impossible to ignore the cost savings on human resources, infrastructure, and licensing that archiving in the cloud brings. Today, organisations need to consider everything from floor space to cyber liability insurance when budgeting for the cost of deploying, managing, supporting, backing-up, upgrading, and generally sustaining performance of an archive.
Regulated industries also need to examine the length of time information needs to be kept. Take for example Article 16 (7) of MiFID II: The records … shall be provided to the client involved upon request and shall be kept for a period of five years and, where requested by the competent authority, for a period of up to seven years.
In order to comply, firms still using on-premises systems will be obliged to carry out multiple hardware refreshes, renew numerous support contracts, and secure other resources such as staff over the period. In contrast, all of these associated costs are already calculated into the contracted price with cloud archiving.
Security is often cited as a reason not to use the cloud. However, it remains a fact that the largest source of data breaches, whether by malicious intent or not, come from internal actors. Certainly, due diligence must be carried out to ensure service providers deliver a sufficient level of rigor with regard to data security. In addition, they must adhere to the numerous standards and laws detailing what data can be stored in which country, and even the location and nationality of the people managing your infrastructure.
But companies considering SaaS-based archiving can expect solutions with security designed in from the ground up, certificated systems, audited processes and procedures, and a high level of security expertise that will mitigate any residual risk of archiving in the cloud.
As organisations consolidate their use of unified communications and social media and look towards next-generation hybrid multi-media collaboration platforms, the capture, long-term storage and recovery of modern electronic communications will have moved beyond the capabilities of traditional on-premises email archiving. The cloud offers the perfect environment for firms to benefit from more advanced control and insight over their data and whilst security must remain paramount, the innate cost benefits surely make for a compelling proposition.
Robin Smith, Technical Director International for Actiance
Image Credit: Melpomene / Shutterstock