The cloud offers different attractions to different users, but most can agree that freedom from on-premises infrastructure and its associated maintenance and security costs, alongside access to scalable technology and tools that grow with your business, are the major draws of data migration.

From disruptors that were ‘born in the cloud’ to the established players who have become cloud-based in the name of agility and competitive advantage, cloud migration is more a must-have than a nice-to-have in modern business.

In order to benefit from the many opportunities the cloud offers, you must first find a way to move your on-premises legacy archives to the cloud in a legally defensible manner i.e. without the risk of data corruption, leaving data behind, negatively impacting ongoing operations and end-user productivity, or damaging chain of custody. So, what are your options?

You’ll likely hear SaaS vendors claim they offer the best turn-key cloud archiving platforms but, in reality, they offer little more than an online environment without any of the benefits commonly associated with the cloud. Most SaaS vendors don’t own their own data centers but instead share a portion of a third-party cloud they rent. This is what’s known as a multi-tenant cloud, and it provides a significant drawback for the client – your encryption keys are controlled by the SaaS vendor with little access and control by you. Because encryption keys in a SaaS environment could be re-used across many clients, data breaches and the associated regulatory privacy issues are much greater. Additionally, this process opens up the possibility of unauthorized vendor access to your company’s most sensitive data, including the turning over of your data to government authorities or the courts without your knowledge.

Additionally, as one of many businesses sharing the same cloud, you must adhere to the SaaS vendor’s choices when it comes to security capabilities, the geographic location of your data, and the tools available to access it. Put simply, this one-size-fits-all approach robs you of control over your own data and the way it’s secured.  Another issue to beware of is where the SaaS vendor reformats your data for their own convenience. By converting your data into their proprietary format, the SaaS vendor gains more control over when and if you can move out of the SaaS cloud if dissatisfied. This amounts to sentencing your content to a data prison, with huge charges incurred if you ever want to move your data out of the SaaS cloud platform. In addition to this data ransoming, you are also unable to make use of the cutting-edge solutions cloud computing delivers, such as powerful data analytics capabilities or ML (Machine Learning) and AI (Artificial Intelligence) technology to provide content-based auto-classification for accurate information management. Such restrictions can undermine your decision to move to the cloud in the first place as well as impact digital transformation initiatives and should be considered carefully in the context of your business and its future plans.

The negatives of SaaS archiving solutions:

• Little or no control over your data’s geographic location – data sovereignty
• Little to no control over security policies 
• No access or control over encryption keys
• Proprietary formats limit your ability to move your data 
• Limited search options for audio, video, and other non-email files 
• Data analysis and eDiscovery functionality is limited to “lowest common denominator” vendor-provided tools

Believe the SaaS Security Stats

In a recent survey of global IT executives, including VPs, Directors, and members of the C-suite at major corporations, only 19% of those surveyed believed 75% or more of their SaaS vendors met all of their security requirements. 70% stated they had been forced to make at least one security exception for a SaaS vendor. While many of these organizations are likely using popular SaaS products like Microsoft Office 365 and Salesforce, where the size and standing of the vendor might make the business more amenable to accepting a perceived lower risk, the clear takeaway is that SaaS solutions don’t provide the security standards modern organizations require.

Elsewhere, on the topic of encryption keys, an astounding 95% of survey respondents believed it was important to control their own encryption keys, and 81% were uncomfortable with their SaaS vendors controlling them. However, 74% of those surveyed said they did not control the encryption keys for the majority of their SaaS solutions.

This is a worrying statistic and one that many organizations will have to take steps to reverse as regulations continue to tighten and the threat of cybercrime continues to grow. To that end, 92% of executives said they would need more security customization in the future, with 63% of them planning to retire SaaS applications that didn’t provide them control over encryption keys.

These security-related statistics paint a clear and frightening picture of the business security landscape and the risk that the one-size-fits-all approach of SaaS vendors introduces. As the trend for greater security customization continues and scrutiny over data access and handling increases, SaaS solutions will become increasingly less palatable for businesses aiming to de-risk their operations. Instead, more secure and customizable solutions will be sought. 

For complete control over your sensitive archived data and the ability to apply your own security standards and protocols, the only real choice is to migrate your legacy archive data to the more secure hyperscale cloud. Public, hyperscale clouds, like those from Microsoft and Amazon, can provide you with full flexibility, unlimited access to your data, data storage in its native format, and the most advanced security features and controls.

In a hyperscale cloud-based archive, you can also make use of cloud-scale AI and ML tools to unlock crucial business insight from your data, as well as focused and accurate predictive supervision and surveillance, and e-discovery processing. None of this is possible with a SaaS cloud archive, making a clear distinction between an archive hosted and managed in your own secure cloud tenancy that you directly control, and one hosted in the ‘kinda’ cloud’ offered via SaaS.

With an archive in your own public cloud, you get…

• Immediate access to your data in its native format 
• Full control of where data is stored for data sovereignty
• Complete control over security, compliance, and privacy 
• Flexibility and on-demand scalability – use only what you need
• Reduced upfront investment and predictable ongoing costs – CapEx versus OpEx
• No need for legacy infrastructure and ongoing maintenance fees
• Faster, scalable eDiscovery searches and case management, as well as customizable retention /disposition policy, controls for regulatory compliance
• Access to the latest AI and ML technology for data classification, mining, and analysis
• The ability to granularly search content within audio, video and social media files

Archive360 appreciates the many concerns organizations have when it comes to migrating their data. With more than a thousand migrations completed successfully, we know the types of questions you need answers to and can help dispel any fears you might have in our initial discussions. Common questions we hear include…

• How much data do I actually have in my archive and what kind of data is it?
• How much “dark data” do I have (such as archived messages from inactive users and leavers)?
• Do I need to migrate the entire archive and/or the journal archive?
• What happens to messages that have been stubbed? 
• I have ongoing or pending litigation; can I still migrate my mail?
• How do I manage archived email that is under legal hold? What special handling is needed to maintain chain of custody?
• Will I be able to account for 100% of my archived mail?
• How long will the migration take?