In this article, George Tziahanas, Managing Director at Breakwater Solutions, uncovers the dynamics impacting the EIA market and addresses the factors companies need to consider as they develop their long-term roadmaps and contingency plans in an evolving regulatory landscape .
The enterprise information archiving (EIA) market has changed a lot recently
several years; from consolidation among software vendors to adoption of cloud-based ones
Alternatives, customers bringing some skills in-house, and many other regulatory changes. These dynamics are causing companies to reconsider their long-term archiving strategies, and software vendors are seeing increased competition from unlikely sources, including their customers. And as an added boon to the EIA market, proposed changes to the SEC rules create additional headwinds for providers but increase options for customers.
The power of industry consolidation
The market for enterprise information archiving has consolidated significantly in recent years. Consolidation was fueled by modest growth rates and a more mature public
Cloud-based alternatives and the availability of private equity. Although archiving use cases continue to grow as part of broader data governance strategies, financial services firms have regulated the primary market for archiving providers.
The Microsoft Effect
Historically, organizations have archived information for two main purposes:
1. To minimize storage costs and offload content from operating systems, and
2. To meet regulatory books and records, legal holds and eDiscovery requirements.
Then came Microsoft, which introduced cloud-based email and collaboration solutions for businesses. Microsoft’s solutions made it unnecessary for many companies to outsource content to secondary archives. Its all-inclusive pricing offered subscribers large mailboxes, cloud-based storage, and end-user search capabilities.
Microsoft’s commitment to cloud computing has been enhanced with immutable storage and related capabilities that meet Security and Exchange Commission requirements (SEC), Commodity Futures Trading Commission (CFTC) and Markets in Financial Instruments (MiFID) requirements. In just a few years, it has become a leader in the data archiving market in Gartner’s Magic Quadrant designation.
Microsoft has become a de facto operational archive. It has an ever-growing list of subscribers who benefit from the resources provided to stay compliant – without the help of an outside provider.
Other cloud-based solutions followed
Microsoft has paved the way for others to adopt cloud-based storage and solutions. Solution providers such as Box, Slack, Bloomberg, Symphony, Redbox, Nice and similar companies can now manage regulated content within source systems without moving content to a centralized archiving environment.
This has further enabled organizations to do what they previously hired other vendors or companies to do. Instead of contracting with an external provider, this content is now managed in existing source systems. Providers in the data archiving industry suddenly found themselves in competition with a new niche: their customers.
Industry consolidation, new cloud-based options, and the cost of migrating data from external providers provide customers with an incentive to manage data in source systems or their private cloud tenants over hosted solutions.
As this trend continues, new regulations at the SEC are also helping.
See more: Transforming Your Software Development Strategy: Three Steps to Avoiding DevOps Pitfalls
Regulatory Changes at the SEC
The SEC continues to emphasize the importance of corporate books and records and relies largely on archived records for enforcement actions. On November 18, 2021, the SEC proposed changes to its electronic record keeping requirements for broker-dealers and security swap dealers. The relevant electronic record keeping requirements, associated interpretative clearances, and various enforcement actions made the SEC’s record keeping rules a major driver of the archiving market.
As the SEC changed the rules, new opportunities have emerged for companies to manage and archive their data with greater flexibility.
While none of the proposed rules are particularly transformative, they add pressure on existing archive providers and offer regulated customers some additional flexibility in the solutions available.
The three most relevant changes are:
- clarification of immutability requirements,
- Proposal for an audit trail alternative to immutable controls, and
- Elimination of the named third-party requirement.
In proposed changes to the “WORM” or immutability requirements, the SEC is codifying that pure software controls (as opposed to outdated, confusing language) may be sufficient. Regardless, the audit trail alternative negates the WORM requirement for transactional systems that “can deliver all changes to and deletions of a record or part of it; the date and time of operator inputs and actions that create, modify, or delete the record; the person(s) creating, modifying or deleting the record; and any other information necessary to maintain an audit trail of each individual record to maintain security, signatures and data to ensure the authenticity and reliability of the record and to enable the recovery of the original record and intermediate copies of the record enable .”
These two changes provide more flexibility and a wider range of deployment options, while reducing the need for some traditional archiving activities. Finally, removing the designated third-party requirement eliminates the need for that external service or offering.
Creating a better roadmap
Mark Twain once said: “Data is like garbage. You better know what to do with it before you collect it.”
The EIA market is changing. consolidate vendors. New resources are available to self-maintain a compliance posture and address legal and compliance requirements as needed. As the industry changes, the vendor you know today may not be the vendor you know tomorrow, or it may not be the same vendor due to consolidation. In addition, new cloud computing resources allow companies to do more in source systems or what other companies used to do for them. As you consider your company’s compliance strategy, consider the recent changes made by the SEC and recognize that the archiving market will continue to change over the next few years.
Those who collect and archive in the future may differ from those in the past. It’s important that their plans to archive data merge with yours. Businesses should rethink their data governance roadmap to ensure business compliance. There is a changing of the guard in EIA and organizations need to evaluate the best way forward by considering such a change.
the What factors do you think organizations should consider when developing their long-term roadmaps and contingency plans? Let us know Facebook, Twitterand LinkedIn.