Secure electronic archiving

Recently, the topic of "Secure Electronic Archiving" was on the agenda at the ISSS conference in Zurich. A meeting point for archive managers and other interested parties.

First speaker of this ISSS-The keynote speaker is Niklaus Stettler from the HTW Chur. He will introduce the topic of "preservation" of data and information - where it is not only about the mere possession of the data, but also about the "use" during the retention period. What exactly does long-term archiving mean? Isn't that a pleonasm, since archiving usually implies "long term"? Nevertheless, it is worth defining this "long term" so that all parties involved in the organization have the same understanding. Archiving is about preserving three levels:

  • the physical object (data in the form of bits and bytes)
  • the logical object (the representation and visualization of data and information)
  • the conceptual object for understanding the data and information presented.

In addition, formats have a lifetime and a migration already represents a change, with the risk of information loss. Niklaus Stettler uses the example of an Excel worksheet to show how functionality can be lost when archiving, depending on the format.

Modern, complex system landscapes and equally complex data objects also place new demands on archiving.

Archiving of electronically signed documents

Speaker Daniel Muster will show the peculiarities of archiving electronically signed documents - unfortunately with little "good news", as he steers the audience's expectations at the beginning of the presentation. The challenge, and thus the "bad news", lies in the different purposes of electronic signatures. A distinction must be made between whether a signature is used for identification or authentication. Moreover, a signature does not protect integrity in a preventive sense, but merely indicates that the content of an object has been changed - it is not possible to restore the "original" with an electronic signature. At the end of his interesting presentation, Daniel Muster pleads for lawyers and technicians to cooperate more in this regard and for the definitions and meanings, in the specific case of "electronic signature", to be clearly defined before archiving projects are implemented in practice. For signature verification in the future, time stamps are also useful for archived data.

Daniel Burgwinkel from the Competence Center Records management explains the possible applications of blockchain technology for electronic archiving and for protecting the integrity of objects. Peter Höpli and Renato Schmid from Unisys explain the possibilities of IBM's Watson Analytics in the area of evaluating large amounts of data in law enforcement by means of a practical demonstration. Brigitte Roth-Grüter, IBM, will also provide the legal basis for electronic archiving. Using an example of a foreign private bank that is withdrawing from Switzerland and using "Archive as a Service" as a solution, she explains in practical terms how "audit-proof storage" can be guaranteed. In addition to certified IT components, a central role is played by the overall view of an archiving solution - the interaction of several components and processes. The costs are distributed sensibly with the help of risk assessments.

Various solution example

The afternoon of this event is characterized by solution examples on the part of solution providers such as the presentation by Andreas Rohrs, Swisscom, on "Digital Long-Term Archiving in the Cloud" as well as "Archiving with Privacy Protection" at Dswiss (SecureSafe) in the presentation by Tobias Christen. Robert Spierings, Arcplace AG, spoke on "Secure archiving of e-dossiers", Klemens Berger and Andreas Dangl from Fabasoft addressed the topic of "Legally compliant archiving in the cloud" and the final presentation by Thomas Liechti, Mount10, was entitled "Modern long-term data storage" in the mountain. In between, Christian Hug and Raphael Hasler from PwC explained "Increasing efficiency through conscious handling of business information". Their conclusion is that a "compliant" implementation of electronic archiving can only be achieved if business processes, technology and compliance requirements are implemented in a coordinated manner in the form of an overall system.

Report by Umberto Annino, newly elected ISSS President

(Visited 52 times, 1 visits today)

More articles on the topic

SECURITY NEWS

Bleiben Sie informiert über aktuelle Sicherheitsthemen – praxisnah und zuverlässig. Erhalten Sie exklusive Inhalte direkt in Ihren Posteingang. Verpassen Sie keine Updates.

Jetzt anmelden!
anmelden
You can unsubscribe at any time!
close-link