Actiance Alcatraz: Archivable compliance and ediscovery for Social Media By Earl Follis, Senior Analyst and Validation Engineer SSG-NOW May 2015 C omplying with federal corporate financial regulations is no longer an optional exercise for publicly-traded companies. The proliferation of governmental regulatory requirements in the U.S. (SOX, FINRA, SEC, HIPAA, et al), the U.K. (FSA SYSC, COBS, NMC, et al), and similar requirements in other countries, shifts governance and compliance from being a great idea to being a mandatory requirement for responsible corporate management. The solution for corporations looking to ensure compliance with these myriad regulations is to maintain long-term archives of all pertinent electronic records, while also monitoring employee social media communications for topics or activities that might violate the law. The ramifications of failing to maintain regulatory compliance are now quite serious, with hefty penalties and even criminal charges possible for senior management of publicly-traded companies, boards of directors and public accounting firms. With these facts in mind, software that monitors and manages corporate compliance and governance activities is a musthave for companies that fall under governmental rules and regulations. Actiance s Alcatraz product, working in conjunction with four integrated content-gathering tools to monitor corporate communications and social media interactions, offers customers a comprehensive governance and compliance framework that ensures your company will not run afoul of government regulations. Archiving One of the most onerous aspects of regulatory compliance is the requirement to retain and archive an extensive amount of business records, including internal corporate communications and documents. These records include emails, human resources documents, third-party agreements and contracts, unified communications, accounting documents, leases and legal correspondence. But more importantly, business records subject to regulatory compliance now also includes instant messaging conversations (both internal and external), business social networking (think LinkedIn, et al), customer resource management (CRM) software, such as Salesforce, and business collaboration tools, such as SharePoint. Alcatraz offers best-of-breed capabilities for tracking conversations in business social networking tools such as IBM Connections, and collaboration tools such as SharePoint, including the ability to display snapshots of conversations even after they have been deleted from the underlying platform. To ease the administration of archiving critical business records, Alcatraz offers a policy-based retention and archiving engine that allows Alcatraz administrators to define sophisticated filters for discrete retention policies based on the type of record and/or the content of that record. This policy-based approach is an industry best practice that allows Alcatraz administrators to save time while configuring Alcatraz to collect and archive all pertinent records without having to save every single piece of communication within a company. Alcatraz also automagically links users' various social media accounts into a single identity for the purposes of tracking those conversations within the software. Alcatraz also uses a unique search methodology leveraging elastic and distributed computing capabilities to achieve search speeds that are typically 10 times faster than traditional archiving search engines.
Administration Alcatraz is a cloud-based, hosted compliance and archiving solution that relies on separate modules to monitor and mine data from various content sources. As part of our product review testing, we first configured the Socialite data collection module to monitor governance-related user communications on LinkedIn. (Socialite is Actiance s security, management and compliance solution for social networks, providing granular monitoring of Facebook, LinkedIn, Twitter and other platforms.) Once the data collection modules were configured for use, we defined the users who would be included in our test and each user received an Alcatraz-generated email that includes brief instructions on how to link their social networking accounts to Socialite. For large-scale implementations, note that admins can import comma-delimited lists of users into Socialite, so the process of defining the users whose communications will be monitored could not be easier. Once each user is defined in the appropriate data collection module(s), admins and users can then use the Alcatraz interface to manage the communications flowing into the system. Alcatraz features a comprehensive case management system where users can open, manage, update, transfer and close cases as needed. We found the Alcatraz administrative console to be intuitive and easy to use.
Case Management Considering the potentially large amount of data that can flow into Alcatraz, a case management system is paramount to maintaining control of the various channels of data within Alcatraz. Before you can create cases, you must first define a Tag Group, and then define one or more tags within that group. Think of tags as a way to logically group related records into a case. Cases must have at least one tag associated with it, but you can also assign multiple tags to a case, where appropriate. For instance, you can create a tag group for HR-related cases, one for regulatory filings cases and other tag groups for other situations. There is no limit to the number of tags and tag groups you can create. You can assign cases to specific users with the click of a button in Alcatraz. Once you have created a new case, you must then preserve that case in order for that case to be available in the case review process. This prevents users from trying to work cases where the underlying communications records are not preserved. There is no point trying to manage a case while the disposition of the underlying conversations may be in doubt. Alcatraz offers a unique and extremely valuable feature that essentially creates snapshots any time the contents of a social network conversation is added to, modified, or deleted. This capability makes it easy for researchers and auditors to explore the content of these conversations at a specific point in time. This feature also means that even if one or more participants in a conversation delete earlier entries that might have been in violation of company or regulatory guidelines, you can still view the original entries and all related replies. As Alcatraz users examine suspect conversations, Alcatraz highlights any updates or changes made to the original posts. Virtual snapshots preserve conversations while highlighting any updates to existing conversations, saving time and effort for auditors and researchers. See Figure 1 for details of the Preserve tab. Note the term ADIP highlighted in yellow, indicating that this content was changed, added or deleted by one of the participants from a previous version of the conversation. Figure 1: The Alcatraz Preserve tab under Case Research.
Legal Holds Whenever a company expects litigation to result from their corporate activities, a legal hold is issued that directs all companies involved in the potential litigation to start the electronic discovery process of related documents, preserving all such documents for later use. Alcatraz makes it very simple to retain all records related to a legal hold via the Preserve tab in the left-hand menu. See Figure 2 for the layout of the Alcatraz Case Management tab. Figure 2: The Alcatraz Case Management tab. Supported Applications Alcatraz relies on three data collection modules to monitor conversations and communications from more than 60 popular applications, including Microsoft Exchange, Salesforce Chatter, SameTime, Google Talk, Yahoo Messenger, Lync, Jive, Jabber, DropBox, Blackberry Messenger, SharePoint, Bloomberg, Office 365, AOL Instant Messenger, IBM Connections, BazaarVoice, Microsoft Communications Server and more.
SSG-NOW's Take The stakes in corporate governance and compliance are extremely high, exposing company CEOs and CFOs to substantial penalties, including fines and even jail time, for filing fraudulent or inaccurate financial reports with governing bodies. Considering the stakes involved and the massive amount of corporate data and communications that now fall under SOX, FINRA, HIPAA and other government regulations, no publicly-traded company or public accounting firm can afford to ignore the risks of not complying with these regulations. Clearly, Alcatraz offers a compelling, cost-effective solution that includes cloud-based archiving, policy-based administration, a comprehensive case management systems, conversation snapshots, single identity tracking, and coverage for more than 60 source applications and services. We firmly believe that Alcatraz offers the best value in the governance and compliance management software space, with the added benefit of a simple, intuitive interface that allows Alcatraz users to concentrate on their job, not on managing software. No publicly-traded company can afford to ignore the possible financial and criminal implications of not implementing Alcatraz as part of their overall ediscovery process for governance and compliance. About Storage Strategies NOW Storage Strategies NOW TM (SSG-NOW) is an industry analyst firm focused on storage, server, cloud and virtualization technologies. Our goal is to convey the business value of adopting these technologies to corporate stakeholders in a concise and easy-tounderstand manner. Note: The information and recommendations made by Storage Strategies NOW are based upon public information and sources and may also include personal opinions both of Storage Strategies NOW and others, all of which we believe to be accurate and reliable. As market conditions change however, and not within our control, the information and recommendations are made without warranty of any kind. All product names used and mentioned herein are the trademarks of their respective owners. Storage Strategies NOW, Inc. assumes no responsibility or liability for any damages whatsoever (including incidental, consequential or otherwise), caused by your use of, or reliance upon, the information and recommendations presented herein, nor for any inadvertent errors which may appear in this document.