12 December 2017
Robin Smith

RegTech

Robin Smith - Actiance

6Posts 36,548Views 0Comments
Finextra community

Business Knowledge for IT

This community aims to provide links, resources, book suggestions, tips and insights to facilitate learning and development of IT professionals in financial services, and to develop a forum for IT professionals to exchange views on various related items.

Archiving in the cloud: A Compelling Proposition

07 November 2017  |  4888 views  |  0

As European regulatory bodies encourage firms to embrace the cloud, it’s time to take a look at some of the benefits, concerns, and myths of archiving electronic communications in the cloud.

Historically, a typical bank’s policy to running applications and storing data was they were all located on-premises. Public cloud services simply weren’t used. But this has evolved with many financial organizations embracing a cloud-first stance, and justification required for on-premises activity.

Although an important driver, this attitude isn’t exclusively due to operational cost savings the strategy brings; in a market where fines typically start at seven figures, the risk must be manageable. Other considerations when compared with traditional on-premises software include managing and monitoring the backend infrastructure, and associated hardware and software upgrades, which are often neglected at the sacrifice of new features and bug fixes.

In addition, including new functionality without the need for service interruption makes it much more flexible than on-premises legacy systems. This is particularly relevant when considering the number of new communications tools and devices that are emerging at an alarming rate, and the trend from communications platform vendors towards web or mobile device applications delivered on the cloud. Each one increasing the complexity of the data required to be handled by the archive and the functionality needed in order to do so.

The electronic communications landscape continues to evolve. We still use email of course, but we are changing the way we work. The market is morphing from standalone applications toward a reconciliation of corporate social, Instant Messaging, Voice and Video into a single hybrid collaborative communications dashboard, such as Cisco Spark, Microsoft Teams and relative newcomers such as Slack.

At a time when communications vendors are simplifying the user experience into user-friendly consoles and email is being marginalised as old fashioned, the data-types we need to process for compliance purposes are becoming far more complex and increasingly harder to manage in on-premises email archives.

The flexibility and faster adaptability of cloud archiving makes it easier for modern communications data to be captured, and improves how information is reviewed and interpreted using techniques such as context aware archiving.  This allows for reviewers to see far more than a simple date and time stamp including other communication platforms being used by the person during the same time frame, and with whom they are conversing. With a detailed analysis of archived data, reviewers can build a complete picture of conversations, even when they take place over several different channels.

Once data is centralised in one location it is possible for firms to extend their use of metadata to obtain a greater understanding of conversation threads, access more accurate searches, and generally make compliance processes more effective. For legal teams, it also makes the process of managing legal holds and searching large data sets easier.

Consider a simple example: if someone emails a colleague asking for innocuous information about a company, this is stored in the company’s email archive. The response doesn’t mention the company again but goes on to discuss a stock purchase tip or impending acquisition, but this takes place on Instant Messaging or SMS and is stored in a separate, dedicated archive. When an eDiscovery search is performed on conversations between the users talking about the company or ticker symbol in question, only the original email is found.

Centralising content and being able to look at it all through a single pane of glass to quickly search every interaction between users, irrespective of whether there has been “channel hopping” or not, will uncover issues that would otherwise remain undiscovered.

It is, of course, impossible to ignore the cost savings on human resources, infrastructure, and licensing that archiving in the cloud brings. Today, organisations need to consider everything from floor space to cyber liability insurance when budgeting for the cost of deploying, managing, supporting, backing-up, upgrading, and generally sustaining performance of an archive.

Regulated industries also need to examine the length of time information needs to be kept. Take for example Article 16 (7) of MiFID II: The records … shall be provided to the client involved upon request and shall be kept for a period of five years and, where requested by the competent authority, for a period of up to seven years.

In order to comply, firms still using on-premises systems will be obliged to carry out multiple hardware refreshes, renew numerous support contracts, and secure other resources such as staff over the period. In contrast, all of these associated costs are already calculated into the contracted price with cloud archiving. 

Security is often cited as a reason not to use the cloud. However, it remains a fact that the largest source of data breaches, whether by malicious intent or not, come from internal actors. Certainly, due diligence must be carried out to ensure service providers deliver a sufficient level of rigor with regard to data security. In addition, they must adhere to the numerous standards and laws detailing what data can be stored in which country, and even the location and nationality of the people managing your infrastructure.

But companies considering SaaS-based archiving can expect solutions with security designed in from the ground up, certificated systems, audited processes and procedures, and a high level of security expertise that will mitigate any residual risk of archiving in the cloud.

As organisations consolidate their use of unified communications and social media and look towards next-generation hybrid multi-media collaboration platforms, the capture, long-term storage and recovery of modern electronic communications will have moved beyond the capabilities of traditional on-premises email archiving. The cloud offers the perfect environment for firms to benefit from more advanced control and insight over their data and whilst security must remain paramount, the innate cost benefits surely make for a compelling proposition.

 

TagsSecurityRisk & regulation

Comments: (0)

Comment on this story (membership required)

Latest posts from Robin

WhatsApp and WeChat - the next big headache for compliance?

13 November 2017  |  3637 views  |  0 comments | recomends Recommends 1 TagsRisk & regulationInnovationGroupFinancial Services Regulation

Archiving in the cloud: A Compelling Proposition

07 November 2017  |  4888 views  |  0 comments | recomends Recommends 0 TagsSecurityRisk & regulationGroupBusiness Knowledge for IT

Countdown to MiFID II: Are You Ready?

26 July 2017  |  5972 views  |  0 comments | recomends Recommends 0 TagsRisk & regulationGroupMiFID

Robin's profile

job title Technical Director International
location Theale
member since 2017
Summary profile See full profile »
Robin Smith has over twenty years' experience of security and compliance solutions within a wide range of networking and messaging systems.

Robin's expertise

Member since 2017
0 posts0 comments
What Robin reads

Who's commenting on Robin's posts