Migration

    Compliance Migration: Why It’s Important & How to Do It

    In this article we’ll cover everything you need to know about a compliance migration. For large organizations ...


    In this article we’ll cover everything you need to know about a compliance migration.  For large organizations performing a successful compliance migration is a sizeable task. It’s not something that should be underestimated in terms of the time it will take, or the resources that will be needed (IT infrastructure resources, as well as people).  So, let’s dig into this topic in more detail!

    Key Takeaways

    • A compliance migration is the process of moving large and important data archives, such as Exchange journal archives, to a new system or platform.
    • These archives are typically very large, often 10-500 Tb or more, and contain important information for the organization in terms of data compliance, risk, and eDiscovery. T
    • hey are different from other types of data migrations, such as end-user mailboxes or PST files, as they are tamper-proof and crucial for eDiscovery searches or legal procedures.
    • The challenges of compliance migrations include data quality issues, the need for specialized software and expertise, and the importance of maintaining the integrity and accessibility of the data during and after the migration.

    What is a compliance migration?

    compliance-rule-law-regulation-gMany organizations are familiar with migrating things like:

    • Mailboxes
    • Home drive data
    • PST files
    • SharePoint document libraries
    • End-user legacy archive data
    • Data relating to employees who have left the organization (leavers)

    These data sources are usually relatively small, perhaps just a few Gigabytes each, though your enterprise-sized organization is likely to have thousands or tens of thousands of them when it comes to a migration task or project.

    A compliance migration is different.

    A good example of a compliance migration is the migration of an Exchange journal archive. This has different characteristics from the other types of data that were just mentioned.

     Typically, this type of archive is: 

    • Usually very large: 10 – 500 Tb or more
    • Usually just a single archive
      • Some organizations may have more than one for various historical reasons or through acquisitions of other organizations
    • Very important to the organization in terms of data compliance, risk, and eDiscovery

    Unlike an end-user type of archive or a regular user mailbox, where the data in it is usually only valuable to the person that it belongs to, a journal archive contains data that can be essential to the organization.

    It holds a de-facto copy of all emails sent and received throughout the organization, throughout the time that the organization had Exchange journaling enabled. Items in an end-user mailbox can be altered by the end-user, or by applications installed on their devices.  Therefore, the journal archive is tamper-proof and a prime target for eDiscovery searches, or if a company is going through a litigation procedure.

    End-User Archive Journal Archive
    Relatively small (Few Gigabytes) Large (10-500Tb+)
    Large quantity of archives (thousands) Small quantity (1-10)
    Contains information for one user Contain information for all users across the organization throughout time
    Low overall business importance High overall business importance
    Target for litigation hold in the case of a legal issue Target for eDiscovery searches to answer legal issues

    Why does a compliant migration matter?

    If an enterprise organization receives a court request for data concerning a particular legal matter, then the data in the Exchange journal archive is crucial. If your organization is defending its actions, the presence of a particular email or the lack of it can result in millions of dollars of costs.

    What are the challenges with compliance migrations?

    There are many challenges that appear when performing a compliance migration. One of the most important is that the Exchange Journal archive cannot simply be treated in the same way as the end-user mailboxes, user archives, or any other end-user-centric repository during the data migration process. They are quite simply worlds apart in what they contain, the amount of data, and the importance to the organization.

    Here are three other challenges:

    Data quality issues

    Many enterprise organizations have had Exchange journaling enabled since it became available. Due to their extreme growth, the mailboxes where the ‘shadow copy’ of messages were stored quickly became a target for archiving systems such as Veritas Enterprise Vault, Quest Archive Manager, EMC SourceOne, and others. These software applications stored the messages in a long-term data repository and cleared out the journal mailbox to keep it small and tidy.

    However, as you can imagine, over such a long period of time lots of things changed. Not only did the way that Exchange creates journal messages evolve and change over time, but also the platforms and storage systems that did the data archiving also adjusted their storage models.

    The net result is that the data has been stored, in many cases, in different versions of propriety data formats with different versions of the archiving software. Some of this data might have been migrated between systems or organizations too. It is not uncommon for an Enterprise Vault journal archive to have gone through 7-8 different versions of the product, and 3 to 4 different versions of their propriety data format.

    In the end, retrieving and extracting that data can be a troublesome exercise for many organizations. This is especially true if there have been data disasters – a loss of data integrity or outright data loss, often unnoticed - over the years that the data has been stored.

    Wrong target fit for the type of source data

    Office 365 is a great place for end-user emails and data. There is a 1:1 relationship between the on-premise Exchange mailbox or legacy archive, and a mailbox in Office 365 (It even allows for the addition of a personal data archive). 

    For compliance data, stored in an Exchange Journal archive, that’s not the case. In Exchange Online, the compliance feature keeps historic emails in a hidden part of each user’s mailbox. So, in your legacy archive, you might have one copy of an email that was sent to 500 people but in Office 365 that would be stored in 500 places. This makes performing eDiscovery searches more complex.

    There are other options than doing a data compliance migration this way. Take a look at our Expireon product for a novel, unique approach to handling a large journal archive. 

    Incorrect project setup

    As mentioned earlier in the article, an Exchange Journal archive matters to several important stakeholders across the organization. So, when it comes to performing a compliance migration of that data to a new target like a Cloud Archive vendor, or to Office 365, it’s essential to have the right team members on the database migration project from the start. This will likely include people from:

    • IT
    • Governance, Records Management and Compliance (GRC)
    • Legal

    In some organizations that might mean multiple people from different regions, since, as we’ll see in the next section, regulations in the same industry can vary from country to country. 

    For more information on why Exchange Journal migrations to Office 365 keep failing, download a free whitepaper.

    What about compliant cloud migration regulations?

    On top of the challenges mentioned in the previous section, many enterprise organizations are subject to different types of industry regulations.  This is a challenge for organizations when they come to determine whether the legal data which was stored many years ago is subject to those new types of regulation.

    On top of that many enterprise organizations have a global reach. This means that there can be conflict or difficulties such as:

    Can data of two regions be merged?

    Can data beyond its retention period be deleted across all regions?

    The project team performing a cloud compliance migration must consider things like the European Union GDPR regulations as well as other cloud regulations, potentially in many different countries.

    If you'd like to find out more about bringing cloudficiency to your project, reach out to us.

    Talk To Us

    How do you perform a compliance migration?

    This, of course, is the big question. At Cloudficient we’ve had over a century of team experience when it comes to performing migrations for organizations of all sizes. We know that whilst projects have many similarities on the surface they are all very different once you dig deeper; with different challenges and different emphasizes placed on the project by the organization.

    What is clear is that if your organization has many Terabytes of Exchange Journal archive data to migrate it has to be carefully planned. A clear project plan, involving all the necessary business units will be the foundation of a successful data migration project. Without it, the project will almost certainly fail.

    If your organization is ready to perform a compliance migration of an Exchange Journal archive, download our free ‘Compliance Migrations – The Ultimate Checklist’ to assess your project readiness.

    There is much more to a compliance migration than simply moving the data. And there is much more information on this in our blog post here.

    Conclusion

    Performing a compliance migration of a large Exchange Journal archive to a cloud solution is a large undertaking for any organization. The data contained in such an archive can be critical to an organization especially if legal issues arise. Treating a large Exchange Journal archive the same as any other, smaller data repository, is almost certainly going to be a costly mistake, with the overall project likely to fail.

    Engaging a migration partner like Cloudficient will help ensure you’ve got the right project setup. The source and target environment's strengths and weaknesses will be fully understood and realistic expectations will be set concerning the data, the duration of the project, and what can be done with the data once it has been through the compliance migration process.

    With unmatched next generation migration technology, Cloudficient is revolutionizing the way businesses retire legacy systems and transform their organization into the cloud. Our business constantly remains focused on client needs and creating product offerings that match them. We provide affordable services that are scalable, fast, and seamless.

    If you would like to learn more about how to bring Cloudficiency to your migration project, visit our website, or contact us.

    Similar posts