Explore TransVault™

Microsoft Office 365 Claims SEC 17a-4 Compliance- Is This Really A Small Detail?

6a0147e33fa56e970b01b8d178cfa0970cCEO’s point-of-view by Barney Haye:


I read an exciting blog this past weekend.  Our favourite messaging pundit, Tony Redmond, published The not so boring version of how Exchange Online satisfies SEC rule 17A-4 in his regular column on WindowsITPro.com.  Once again, Tony states what many of us are thinking – and it’s not as simplistic or boring as the official Office Blog on the subject.  In fact, if you’ve sat in the Email Archiving space, as I have for over fifteen years – you would see that the details of this are actually very promising, as it opens the way for large-scale migrations in the financial industry.


This ruling brought me back to a presentation given by a Belgian technology evangelist from EMC in 2002, where he outlined how his companies’ software (FilePool) had been bought by EMC and built into their new Centera storage platform.  During his presentation he became quite animated as he described how the device was “self-healing”, “fault tolerant” and absolutely “compliance-ready”.  In those days, the financial firms were just starting to recognize how expensive it could get if you were found incapable of accessing the many email records that should have been preserved.  An outcome was a very healthy industry supplying email archiving software along with Centeras, or later compliance storage competitors such as the NetApp SnapLock device, IBM DR550, Hitachi HCP, or similar. Financial industry compliance was the new big driver for email archiving sales.


Overnight, every reseller out there presenting to a financial company had a slide with the magic word “17a-4”. Compliance in the finance world became the biggest driver of new archiving opportunities and sales. Soon, unregulated firms also began to discover the impact of emails sent by employees. Indeed, most organisations quickly discovered that email had replaced the phone call, and this new standard was eminently more traceable than its predecessor.


Email now provided the way to find the smoking gun (just ask Rupert Murdoch at News International).  By 2015 it is estimated that on average any US firm worth greater than $1Bn has around 150 concurrent litigations in play.  Archiving all of your email, ensuring its correct storage, making sure you have a copy, being able to search for it, using eDiscovery tools to focus down on the results, culling duplicates and irrelevancies, producing results in a lawyer-friendly format – these tasks fill up the daytimes of corporate legal staff across the world.


Tony’s blog also had great synchronicity with Monday’s debriefs of a team from TransVault, who had travelled to Seattle last week for an invitation-only technical meeting event on Office 365 – the only migration vendor invited.  Whilst details of the event are obscured by NDA, there’s no secret that Microsoft is launching the new Enterprise E5 licensing plan on Dec 1, as Mary Jo Foley commented on ZDNet.  Mary (like Tony) describes how eDiscovery is also an important part of E5.  Earlier briefings at this year’s Microsoft events, Ignite and WPC, detailed how in January eDiscovery analytics company, Equivio had been bought for its Near-Duplicate Detection and Email Thread Analysis – and was to be put into Azure to work with Office 365.  Microsoft is really serious about this thing!


In Office 365, Microsoft has provided a compelling reason to move messaging and collaboration out of Exchange and into the cloud.  TransVault is enabling an ever-increasing number of organisations to take their legacy archives with them, removing one of the reasons to have to keep any remaining messaging infrastructure on-prem.  Third-party cloud archives like Mimecast, EnterpriseVault.cloud, Proofpoint and Smarsh have provided discoverable journal archives for those willing to pay for two clouds, but I think financial industry enterprises have barely taken that option so far – they have preferred to run their own journaling on-prem and retain an archiving & discovery tool – making sure that they comply with their industry’s regulations.  The journaling of financial services email then is one of the very last reasons keeping that infrastructure in place.  Recently, TransVault CTO Matt Bonetti blogged about our new Compliance TimeMachine feature that can move these on-prem legacy journals into O365, but for financial services that’s not enough without 17a-4 compliance.


For some time now, I’ve been saying that there are just a few remaining obstacles to a large scale migration of financial services messaging to the cloud. For that, archiving has to meet regulatory standards, with retention of all recipient details, preservation and retention of each message (and of course legal staff have to be comfortable that their discovery needs are met).  Also, multi-nationals will want to host their domain across multiple datacentres, with confidence that their data stays within each legal jurisdiction (a feature on the public roadmap already).  See Deutsche Telekom’s announcement that it is to act as Data Trustee for Microsoft Cloud in Germany.  Organisations must be confident that they understand any Safe Harbour-style issues related to holding corporate data in overseas multi-tenant datacenters.


It looks like with Office 365, we could be just about there.

(Is that a small detail?)

Barney Haye

Posted by: Barney Haye

Founder of TransVault, Barney has championed the business opportunities created by vendor lock-in in the email archiving marketplace.

Latest comments

Post a comment

TransVault logo
Share via