Keeping Pace with FinServ Regulatory Compliance Demands with Smarsh and AWS

by Smarsh

Subscribe to the Smarsh Blog Digest

Subscribe to receive a monthly digest of articles exploring regulatory updates, news, trends and best practices in electronic communications capture and archiving.

Smarsh handles information you submit to Smarsh in accordance with its Privacy Policy. By clicking "submit", you consent to Smarsh processing your information and storing it in accordance with the Privacy Policy and agree to receive communications from Smarsh and its third-party partners regarding products and services that may be of interest to you. You may withdraw your consent at any time by emailing privacy@smarsh.com.

A version of this article was first published on the AWS Partner Network Blog.

Enterprise organizations require the ability to be proactive on modern governance challenges. The difficulty is knowing what data you have, where it’s located, its business value or risk to the organization, and how it can be protected.

Smarsh is an AWS Financial Services Competency Partner that captures and archives electronic communications data to meet compliance, discovery, and risk management requirements.

This financial services designation from Amazon Web Services (AWS) ensures Smarsh serves customer needs with the best technology available to meet data retention, compliance, discovery, supervision, and surveillance needs.

Smarsh Enterprise Platform

The Smarsh Enterprise Platform enables companies to capture, retain, analyze, and act on the “signals” in communications that are most critical to the business. These include compliance and brand risks and may expand to include security threats, cultural indicators, untapped revenue opportunities, and more.

Previously, the process for selecting technology at an enterprise level has led many organizations to build a patchwork of solutions across vendors both on the cloud and on premises. While each of the products selected were chosen to solve discrete problems, the connections between technologies can be less than ideal and often require significant attention and intervention to remain functional.

The Smarsh strategy for enterprise technology brings all the best technology into a single location — the Smarsh Enterprise Platform.

The products within the Smarsh platform include:

  • Capture: Available in the cloud or on premises, this technology captures 100+ communications channels and sends them to any archive, data lake, or location
  • Enterprise Archive and Enterprise Cloud: The central repository where all content is stored ready for access, analysis, and downstream usage
  • Enterprise Discovery: This product applies legal holds and the review of content for legal issues
  • Enterprise Conduct: Powered by artificial intelligence and machine learning technologies, this product enables the proactive review of employee communications to meet legal requirements and prevent costly employee missteps
enterprise platform

Using AWS components

We built the Enterprise Platform as a cloud-native solution. By doing so, the platform takes advantage of the near infinite flexibility and scalability of AWS cloud technologies to provide a reliable and high-performance product that meets the needs of the most demanding, large organizations in the world.

The Smarsh Enterprise Platform is architected using core AWS capabilities, including but not limited to:

  • Triple-active deployment and replication in AWS Availability Zones (AZs)
  • Amazon Simple Storage Service (Amazon S3) for all data storage
  • Multi-region deployment options
  • Amazon Elastic Compute Cloud (Amazon EC2) for fast scalability, compute and data retrieval
  • Amazon Elastic Block Store (Amazon EBS) provides storage for EC2
enterprise archive

Triple-active reliability

Central to how the Enterprise Platform is deployed on AWS is the conscious effort to maximize the availability and security of customer data. This is achieved by deploying multiple instances of the customer data into a single Availability Zone, and then replicating that data across multiple AZs.

By deploying across multiple AZs, AWS effectively becomes a super data center with high availability and active workload balancing. This relies upon the AWS architecture to provide inexpensive, low-latency networks between data centers, and a homogeneous infrastructure availability, performance, and service capability across data centers.

The effect for Smarsh customers is to gain the highest data availability and service reliability possible.

Disaster recovery benefits

When you look at traditional on-premise data centers and compare them with the Smarsh Enterprise Platform’s software-as-a-service (SaaS) model on AWS, the disaster recovery (DR) metrics stand out as prime differentiators. Recovery time objective and recovery point objective metrics measure how well a solution implementation can come back after a disaster.

Recovery time objective (RTO) measures the amount of time it’s expected to take to return to normal operations during an outage. With the triple-active method of deployment and replication across AZs, it’s possible to get this time down to near zero. In the extremely unlikely event where an AZ instance goes down, with the triple-active architecture there are always other AZs ready to pick up any data capture, storage, analysis, and retrieval needs.

Recovery point objective (RPO) measures the amount of data lost during an outage. Again, in an unlikely event of any outage, the triple-active architecture prevents data loss through continual data replication and retention.

enterprise platform disaster recovery

Traditional on-premise solutions rely upon hot and cold server failover methodologies. With the triple-active deployment model of Smarsh Enterprise Platform, the real-time synchronous replication ensures downtimes become a thing of the past. If any AZ goes down for whatever reason, the other two are available to serve data storage and request needs.

The triple-active deployment topology provides resilience against failures in the public cloud and is validated 24/7 by the Smarsh global fleet.

Multi-region replication options

For AWS and Smarsh customers, data security is of the utmost importance. With the Enterprise Platform, data is protected at its core by the Smarsh Policy and Operations Management team together with multiple layers of built-in security.

Smarsh encrypts customer data in transit and at rest. The continuous integration pipeline that deploys services includes automated testing to verify encryption configuration. Encryption in transit is built on robust industry-standard TLS 1.2 or higher, and encryption at-rest includes infrastructure-layer (disk) encryption for storage volumes, relational databases, and blob storage.

As an additional layer of protection, customer data is encrypted at-rest at the application layer using AES-256 before being stored on object storage where it’s encrypted again by the native object storage layer at rest. Encryption keys are protected within an isolated key management system (AWS KMS) backed by hardware security modules.

Smarsh hosts Enterprise Platform components in secure, isolated containers, where system immutability is enforced by making and deploying updates through a well-controlled pipeline, including regular security scans of the container images.

Security

To add additional resiliency to your data store, Smarsh offers multi-region replication that acts as a form of cold or warm DR option. In the cold DR form, you can be assured that Smarsh will:

  • Enable cross-region replication for Amazon S3 buckets that contain all object storage/content
  • Store regular snapshots of indexes and metadata in secondary region
  • Back up all relevant environment and user configuration to secondary region

In the event of a disaster where it would be necessary to leverage cold DR, all necessary data would be available to hydrate a new environment in this secondary region.

With the warm DR option, in addition to all the cold DR steps, a minimal set of services are deployed that allow you to view and search that secondary region’s data. In the event of a disaster, you would continue to have access to your data while the remaining services in the secondary region are hydrated.

Smarsh and AWS

The Smarsh Enterprise Platform is designed to meet the demands of teams worldwide, with AWS as the preferred cloud hosting provider. Whether you’re looking to meet information governance requirements, e-discovery needs, or implementing a robust supervision and surveillance program, Smarsh is configurable to meet your needs.

For more information about the Enterprise Platform, visit AWS Marketplace or reach out to AWS.

You can get full details about the Smarsh Enterprise Platform here.

Share this post!

Smarsh
Smarsh Blog

Our internal subject matter experts and our network of external industry experts are featured with insights into the technology and industry trends that affect your electronic communications compliance initiatives. Sign up to benefit from their deep understanding, tips and best practices regarding how your company can manage compliance risk while unlocking the business value of your communications data.

Ready to enable compliant productivity?

Join the 6,500+ customers using Smarsh to drive their business forward.

Contact Us

Tell us about yourself, and we’ll be in touch right away.