The Enterprise Information Archiving (EIA) market has seen significant change over the last
several years; from consolidation among software vendors adoption of cloud-based
alternatives, clients bringing some in-house capabilities, and many other regulatory changes. These dynamics lead enterprises to re-think their long-term archiving strategies, and software vendors see increasing competition from unlikely sources, including their clients. And as an added gift to the EIA market, changes proposed to the SEC rules create additional headwinds for vendors but increase client options.
The Force of Industry Consolidation
The Enterprise Information Archiving market has consolidated significantly over the last several years. Consolidation has been driven by modest growth rates, maturing public
cloud-based alternatives, and the availability of private equity. Although use cases for archiving as part of broader data governance strategies are continuously increasing, financial services organizations have regulated the primary market for archiving vendors.
The Microsoft Effect
Historically, organizations archived information for two primary purposes:
1. To minimize storage costs and offload content from operational systems, and
2. To meet regulatory books and records requirements and legal hold and eDiscovery requirements.
Then came Microsoft, which introduced cloud-based email and collaboration solutions for enterprises. Microsoft’s solutions effectively negated the need for many enterprises to offload content to secondary archives. Its including pricing provided large mailboxes, cloud-based storage, and end-user search capabilities natively for subscribers.
Microsoft’s commitment to cloud computing was enhanced with immutable storage and associated capabilities that meet Security and Exchange Commission (SEC), Commodity Futures Trading Commission (CFTC), and Markets in Financial Instruments (MiFID) requirements. In just a few short years, it has become a leader in Gartner’s “Magic Quadrant” designation in the data archiving market.
Microsoft has become a de facto operational archive. It has an ever-growing list of subscribers who capitalize on the resources it provides to stay compliant—without the help of an outside vendor.
Other Cloud-Based Solutions Followed
Microsoft blazed the trail for others to introduce cloud-based storage and solutions. Solution providers such as Box, Slack, Bloomberg, Symphony, Redbox, Nice, and similar companies can now manage regulated content within source systems without moving content to a centralized archiving environment.
This has further enabled organizations to do what they previously hired other vendors or companies to do. Now, instead of contracting with an outside vendor, this content is being managed within existing source systems. Vendors in the data archiving business suddenly found themselves competing with a new niche: their clients.
Industry consolidation, new cloud-based options, and the cost of migrating data from outside vendors encourage clients to manage data in source systems or their private cloud-tenancy versus hosted solutions.
As this trend continues, new regulations at the SEC also help.
See More: Transform Your Software Development Strategy: Three Steps to Avoid DevOps Pitfalls
Regulation Changes at the SEC
The SEC has continued to emphasize the importance of corporate books and records and relies extensively on archived records for enforcement activities. On November 18, 2021, the SEC proposed changes to its electronic record-keeping requirements for broker-dealers and security-based swap dealers. The relevant electronic record-keeping requirements, associated interpretive releases, and various enforcement actions made the SEC’s record-keeping rules a major driver of the archiving market.
Because the SEC changed regulations, new possibilities have emerged for firms to manage and archive their data with greater flexibility.
Although none of the proposed rules are particularly transformative, they add pressure to the existing archive vendors and provide some additional flexibility to regulated clients in the available solutions.
The three most relevant changes include:
- clarification of immutability requirements,
- proposal for an Audit-Trail alternative to immutable controls, and
- elimination of the designated third-party requirement.
In the proposed changes to the “WORM” or immutability requirements, the SEC codifies that software-only controls (versus outdated, confusing language) can be sufficient. Separately, the Audit-Trail alternative negates the WORM requirement for transactional systems that can deliver “all modifications to, and deletions of a record or any part thereof; the date and time of operator entries and actions that create, modify, or delete the record; the individual(s) creating, modifying, or deleting the record; and any other information needed to maintain an audit trail of each distinct record in a way that maintains security, signatures, and data to ensure the authenticity and reliability of the record and will allow re-creation of the original record and interim iterations of the record .”
These two changes provide increased flexibility and a broader array of deployment options while decreasing the need for some traditional archiving activities. Finally, removing the designated third-party requirement eliminates the need for that external service or offering.
Building a Better RoadMap
Mark Twain once said, “Data is like garbage. You’d better know what to do with it before collecting it.”
The EIA market is changing. Vendors are consolidating. New resources are available to maintain compliance posture on their own and meet legal and compliance requirements when necessary. Because the industry is changing, the vendor you know today may not be the vendor you know tomorrow, or it may not be the same vendor owing to consolidation. In addition, new cloud-computing resources enable firms to do more in source systems or what other companies once did for them. As you consider your compliance strategy for your organization, factor in recent changes by the SEC and acknowledge that the archiving market will continue to change over the next several years.
Those collecting and archiving in the future may differ from those in the past. It is important their plans to archive data meld with yours. Organizations should revisit their data governance roadmap to ensure corporate compliance. There is a changing of the guard in the EIA and organizations must evaluate the best way forward by considering such a change.
which factors do you think organizations should consider while developing their long-term roadmaps and contingency plans? let us know on Facebook, twitterand LinkedIn.