WORM as an alternative for manipulation security?

When it comes to the topics of manipulation security and storage of sensitive information, WORM storage systems are still frequently recommended today. These are special storage media that can only be written to once. The approach sounds plausible at first glance. However, it contains some stumbling blocks in terms of data protection law. It is not only since the introduction of the DSGVO that corresponding specifications have made it necessary to be able to delete certain information from documents, PDFs, e-mails, chats or telephone calls if necessary.

This may be the case, for example, in the context of the "right to be forgotten" or in the case of private e-mails from employees. And this regardless of whether the information in question is on paper or digitally on a file server, laptop or in an archive. Requirements that are not technically feasible with pure WORM solutions.

Digital signature in combination with sophisticated storage technology

To protect against manipulation, it is therefore advisable to clearly identify archive data by means of digital signatures and to protect it by means of encryption. In this way, it can be technically ensured that the data is not changed unnoticed. In addition, to prevent careless deletion, this protection can be combined with "SOFTWORM technology". This allows you to easily comply with all legal regulations. However, it is recommended to be careful that this function is controlled by the archive. In this way, unnecessary dependencies can be avoided.

With our solution, we rely on "Trusted EMA®", an IT architecture that makes subsequent data manipulation impossible and thus even exceeds the strict WORM concepts on both the hardware and software sides. In EMA®, not only every incoming and outgoing document is secured and encrypted in its original format, but also the entire file system. Due to the innovative concept, which is bound to the individual appliance in each case, data can only be viewed and restored by the creator of the archive: Access can only be made with exactly the same EMA® hardware or associated hardware that was used to set up the dataset. This works securely: whether the appliance is running in the cloud or on-premises! No matter which storage system your data ultimately ends up on, our security model ensures that it is always protected against malicious access by unauthorized parties.

Manipulation and changes are thus not possible and valid data protection laws can be easily fulfilled. To top it all off, an independent third party, our so-called ANA server, signs each document that is imported into the archive.

Would you like to learn more about EMA®'s SOFTWORM approach? We look forward to hearing from you.