Back to Hub

Have You Lost the Route to Your Legal Archives in the API Economy?

Image by cookiecutter sourced from Adobe Stock

The corporate journey to using the emerging cloud ecosystem of discrete microservices will see critical business process and transaction evidence archived in disparate third-party storage services. Here’s why, and how, TrustWeaver is working to make sure that such fragmentation doesn’t become a compliance or productivity problem for companies.

Consolidation was a buzzword in the world of corporate IT until fairly recently; in fact, since no one appears to have killed it off as a trend officially, you’d be forgiven to think it’s still on many CIOs’ agendas. The truth is that the emergence of cloud-based business process vendors is pulling enterprises in the opposite direction: toward the agile integration of specialized, cloud-based vendors. Indeed, Gartner declared 2017 the year of the API economy. Whether you agree with that assertion or not, there’s little doubt that businesses can increasingly choose between supporting their processes using existing multifunction enterprise software clusters, or by composing the same process support from nimble, best-of-breed, cloud-based microservices.

In this ecosystem environment, a company’s transaction evidence can end up being archived by potentially many different cloud-based business process vendors. In this case, the company should be seriously rethinking how to maintain a harmonized level of security, data privacy and legal compliance for such archives.

So how do businesses end up knowingly adopting solutions that lead to such a risky thing as legal archive fragmentation? The answer is a combination of business economics and market dynamics.

Today it is pretty much inevitable that you get drawn into one or several cloud-based business networks: you either contract with them to provide a common process for communicating with specific categories of trading partners, or you are such a trading partner and get, happily or grudgingly, on-boarded onto such a trading platform. When more and more of your processes are run on such hosted platforms, it often makes a lot of design sense for such platforms also to archive the resulting transaction evidence for legal purposes.

Obviously, many companies have understood the advantages of cloud-based ecosystems and are already stepping up their data security and privacy requirements to be able to use them to the full. However, one thing that companies often overlook is the risk of regulatory non-compliance of data they store in different vendors’ archives. Security and privacy are key requirements under almost any law that requires business data or documents to be archived and remain accessible for longer periods of time. But these are only the base requirements, and they tend to vary tremendously from country to country, as well as among legal domains within countries.

If you want to know more about these requirements, we have published a list of 19 critical requirement types that you can use to double-check that your cloud vendors are serious about legally compliant archiving. However, even if you are vigilant and tick all 19 of these boxes when agreeing to your company’s precious long-term evidence to be stored by a cloud-based business process vendor, you will still have one other problem: fragmentation.

We see a lot of businesses whose legal and tax departments and country subsidiaries have to maintain long lists of URLs and access credentials that would allow them to point an auditor, judge or arbitrator to the right dataset or document in the right third-party vendor’s archive. And even if the right web interfaces can be quickly located, it can be challenging to deal with the many different ways in which individual vendors have implemented access controls, as well as legal and functional requirements from across their customer base.

We at TrustWeaver are on a mission to try and prevent this emerging obstacle to the accelerated rollout of cloud-based business process platforms, through two mutually reinforcing strategies. First, we partner with as many such business process platforms as possible so that they can archive your invoices and other critical business evidence in the same TrustWeaver-Archiving service, which comes with one consistent package of compliance assurances for all users. As a result, enterprises can already today contract with multiple cloud-based business process platform vendors without worrying about diverse archiving and compliance approaches. Second, we are working hard to enable flexible ways for enterprises to access TrustWeaver-Archiving in a consolidated manner. Our goal is that companies can easily get to all of their original transaction data regardless of which third-party vendor deposited it there.

Yet another reason to ask for TrustWeaver when outsourcing your business processes or transactions.