COMPLIANT INFORMATION ARCHIVING SOLUTIONS
DIGITALIZATION AND REGULATION
In this last blog post of our “Digitalization and Regulation” blog post series, you can read about compliant data archiving solutions.
Product solutions for compliant data archiving can generally be put into three categories; Hardware-based, Software-based and others.
Currently the most commonly implemented WORM solution is hardware WORM which also are the legacy solutions in the market.
For hardware WORM, the concept is realized through the processor/ controller (specifically called ‘systematic WORM’) or special manufacturing technologies (Ablative, Bubble-forming, Dye Polymer, Phase change) which prohibit the change or deletion of data to prevent any kind of manipulation of data. Further, optical storage units so far are CD-ROM devices, DVD devices, directly attached optical media library devices, LAN-attached optical media library devices, RDX or flash drives. For storage unit types like CD-R there is no physical way to alter the data saved and to destroy the data one must willfully destroy or not fulfill the retention requirements for the storage-unit in question.
Hardware WORM storage, mostly, is unable to be maintained up to 10 years, except for the longest living and best kept (perfect levels of humidity, temperature etc.) types of technologies. As hardware WORM technology cannot be altered, for it to also comply to GDPR requirements the storage unit would need to be destroyed as soon as the required retention has been fulfilled and the consumer in question has requested the data deletion. Further, it must be noted that most WORM hardware technologies are able to be used as storage until they run out of memory space. This in turn means that there could be several different data points on a singular storage unit, further complicating the management of data if the different data points have different regulatory requirements.
Lastly, it must be kept in mind that hardware WORM is impractical as it takes up physical space, needs constant maintenance, may fail randomly (even if it is well kept) and costly.
WORM-Software relates to the idea that any type of storage will be encrypted using software rather than through the mechanics of a processor or the manufacturing process. This means that software-based WORM can be both off-line on-premise storage or Cloud storage or even a hybrid of both. Software-based systems mimic the attributes that make physical media WORM. The software needs to accomplish four essential things. It must only allow data to be written onto a drive once. It must prevent anyone from deleting that data. It must keep records of both data writing and access, to ensure no one tampers with the data. Access is especially interesting as it rightfully implies that an admin with enough rights would be able to tamper with the data.
Replacing WORM storage solutions with a software enabled WORM solution is a balancing-act between several rules and regulations.
Most software WORM solutions are based on heavy encryption – most commonly AES-256 – to keep data from being seen or changed. However, such solutions still rely on some sort of admin policies creating the need for more rigorous security concerning the access and monitoring of employees or colleagues. Some companies have also turned to ZKP (Zero Knowledge Proof), a technology that lets you use a consensus algorithm similar to blockchains, to create a way of verifying the origin of the document without ever revealing its contents to the verifying parties.
With blockchain technology a new potential solution technology entered the market. However, most blockchain technology products save data on a chain and which makes its deletion proof and uncompliant. To circumvent this some blockchain companies found that the chains won’t be good storage place but rather supply a consensus algorithm which allows a large number of independent nodes to verify data without ever seeing it.
Most blockchain companies that found this solution are still struggling with general drawbacks of blockchains, namely throughput and cost per transaction. Some companies have resorted to private chains to overcome the scalability issues. This however has similar issues to other encryption–based software solutions: there is still an admin.
Other alternatives to digital hardware or software storage systems are either paper copies or copies on microform (e.g. Microfiche), which are archaic and inefficient technologies. These solutions have been replaced mostly by hardware WORM solutions.
Read the whole white paper about “Compliant Information Archiving – Digitalization and Regulation” here.