Nigel's Eyes

20240402 Is Microsoft's new WORM a solution to long-term storage of archived KYC data?

Everyone should by now know that I have had a long-held dislike for Microsoft, its practices and its products. But for once, colour me impressed by the potential for the company's latest WORM drive.

It is a surprise to find myself impressed with something it has developed and which could be a solution to a long-standing problem in financial crime risk and compliance - that of storing KYC and other required data over decades or, potentially, hundreds of years. Microsoft claims it can store data on the same glass tablet for thousands of years.

There have been many ideas over the decades but they all have one problem - a technological, or in the case of organic storage, a certainty that they will degrade and become unreliable or fail entirely.

The claims for Microsoft's ideas are so wild - and unprovable - that there are still credibility problems. Can storage really last for "thousands" of years? And if it can, will the tech to access it be available? Have you tried to buy a floppy disk reader lately? That's hardly ancient tech.

But, in terms of longevity, Microsoft has a point: If it doesn't break or scratch, glass lasts pretty much for ever and, as all those old school sports trophies attest, engraving rarely wears off.

The concept is simple: take a tablet of glass, engrave data with a laser and read it back in the same way.

This tech takes us back to early CDs and the acronym WORM for Write Once, Read Many. So it's for archived data not for active files. CDs etc. also use lasers to read and write data. And like CDs, ect, there is no power demand and no connectivity on the storage medium itself.

That's fine - in fact, it's better than the present forms which can be altered. And it solves the problem of decades' worth of legacy data stored on old machines some of which require a heart-in-the-mouth moment as they are booted up and others of which run constantly because data is called even though no processing takes place on those machines.

It works like a giant jukebox: the glass plates are put into a library and indexed and recovered by a machine when the data is requested.

The special glass is scratch (and therefore tamper-) resistant.

The biggest challenge will be to produce a standardised, future-proof and portable data format: a proprietary format will perpetuate the problems it has the potential to solve. And there's my first major complaint: Microsoft has a range of things it brands "Azure" and this product will encrypt and decrypt your data using "Azure AI." So, from day one, you lose control over your data.

Equally, if all your data is held in a physical warehouse controlled by a third party (assuming very few customers will have the money or expertise to run their own) that leads to many risks, including what happens if the storage company fails.

I'm sure there are many risks I haven't thought of in the five minutes since I found out about it but on the face of it, it's really quite remarkable and has great potential in our industry.

Except for the fact that your you may own your data (assuming Microsoft doesn't use it for training) but you will lose control over it.

So, back to my usual position: I really don't like Microsoft and this product is technologically exciting but from a legal and regulatory perspective, it's not fit for purpose in commerce and industry.…