How We Support Security & Compliance Requirements Before, During and After an Email Archive
There are many benefits of moving your Email Archive to Cloud platforms such as Microsoft 365. Whether it’s to take advantage of the ever-growing security capabilities within the Cloud or to enable eDiscovery to be performed quickly and easily through more convenient access to the archive. However, these benefits can only be realised once you have successfully completed your migration. In this opening article, we’ll look at how you can remain secure and compliant on the journey to and once you are in the Cloud, so that you can quickly experience these benefits.
Before you migrate
It would be great to start from an assumed position of already being fully compliant with whatever industry regulation your business is subject to. In reality, very few businesses are likely to be 100% compliant 100% of the time. It would be totally understandable then, to require some housekeeping prior to a big move to the Cloud. After all, we might be talking about decades in scope for migration, relating to thousands of individuals of varying personas and rights.
With that in mind, it would be wise to consider whether the business is still clinging on to data that is in fact no longer subject to regulatory compliance. Folks are often resistant to finally push the delete button on old data, but it can be done in a totally legally defensible way, particularly as part of a digital transformation project.
So, before the migration, we encourage you to take stock…
- Look at the age of data and profiles of users it relates to
- Consider old and new regulatory compliance – how are you setup to meet this now, and how do you need to be setup to meet this in the Cloud, or elsewhere in the future – can you achieve everything you need to in systems like Microsoft 365
- What can be defensibly deleted and what process do you need to follow to achieve that
During the migration
During your migration project, your chosen partner, in terms of both Services and Software, should have your businesses’ security and compliance requirements in front of mind. They should have already configured your migration to meet proper standards.
One of those standards is Chain-of-custody tracking and proper reporting on this when the migration completes. Chain-of-custody is the concept of tracking an individual item’s progress as it moves from source to destination, making sure that the data can’t be tampered with whilst in transit, and that the same people have the same levels of access before and after the migration process. The technology we use from TransVault offers full chain-of-custody to meet the most stringent legislation relating to email records handling, enabling a legally defensible migration process.
After the migration
We’ve already touched on some of the reporting elements required to properly close out a successful migration project. TransVault’s migration engine comes with a wide range of out of the box reports designed to leave you in a fit state to answer any difficult questions you’d need to about your migration. Similarly, the experts here at bluesource can talk you through the various elements of how your project was conducted and the results, including any remediation that might be required because of lack of data integrity.
Ultimately security and compliance aren’t going to be something that just goes away after your migration to the Cloud, so we can continue consulting with you until you’re satisfied you’ve got the hang of your new set of capabilities and how they relate to your user community.
You might also choose to embark on additional adoption and enablement training for your users, now that their security considerations are likely to change significantly from this point on (multi-factor authentication, more regular password changes that need to be more secure etc). Again, bluesource have an array of skills in this area to help your business become as productive as possible as quickly as possible.