Guidelines for effective e-mail archiving

Getting control of electronic messaging involves software tools, tiered storage, and enterprise content management (ECM).

By James E. Geis

Highly publicized corporate scandals have illustrated the dramatic consequences that can result when e-mail is misused. In addition, recent surveys have revealed electronic message misuse to be a growing problem even when it doesn’t make the news: One of five US companies has experienced litigation, has let an employee go, or has suffered a security breach because of electronic messaging misuse.

And yet many companies still lack even the most basic policy programs to dictate appropriate use and the protection of information through corporate messaging systems. Inappropriate content, including jokes and potentially offensive or harassing material, can be a human resources nightmare; the release of secure or confidential information creates the potential for negative corporate exposure and liability. Also a problem is errant distribution-such as proprietary information being sent to the wrong person, to a competitor, or even to Websites or blogs that monitor and track public and private scandals.

Taking control

Gaining control over electronic messaging is-or should be-at the forefront of every organization’s digital information management plans. Whether driven by IT, legal, or management, the entire organization must be in lockstep on the initiative.

The good news is that taking control of this highly misused medium can be one of the easiest initiatives your organization will undertake. In fact, e-mail archiving solutions are one of the best risk mitigation tool suites available today when it comes to information management. They decrease administrative overhead, automate the audit trail and discovery retrieval processes, and establish safeguards to monitor and protect your organization’s data. Examples of misuses easily controlled with the tools offered in these suites include incoming and outgoing transfer of company files (e.g., price lists or other confidential information) via messaging software, as well as sharing of intellectual property (whether yours or your clients’) beyond the corporate firewall.

Solutions for multiple priorities

No matter what is driving your organization’s need for electronic message management (e.g., compliance regulations, cost management, growth, risk management, or controlling information security) you will automatically reap the benefits of addressing all, plus a few more, by integrating e-mail archiving tools.

Compliance regulations are probably the most common driver behind e-mail archiving today. Highly regulated industries such as banking, finance, and healthcare are required to fully track, audit, retain, and monitor electronic communications to prove appropriate action, or else document an absence of inappropriate actions. In these highly transactional environments where financial decisions are sometimes made through instant and electronic messages, all messages need to be captured, locked down to prove authenticity, and kept accessible in their original format for an extended period according to SEC and other regulations. In the healthcare industry, all patient communications must be captured and medical records must be retained long-term (currently two years past death, according to HIPAA). Archiving solutions enable such organizations to capture and monitor all in-bound and out-bound e-mail traffic as well as other digital information.

Cost and growth continue to be challenges as the requirement to reliably and securely retain information for extended periods has strained many IT operating budgets. In response, the storage industry has introduced new storage protocols and platforms-such as content-addressable storage (CAS), iSCSI, and clustered NAS-that allow flexible options for accessing information. These technologies enable organizations to build cost-efficient storage infrastructures that segregate transactional and reference information to an appropriate storage tier. Many of these newer platforms and protocols are converging storage over IP networks as opposed to direct channel access, thus introducing a new challenge to the overall IT infrastructure.

Archiving software can be used in conjunction with lower-tier storage and “trickle-down” servers, to provide a cost-effective mechanism for long-term retention requirements. This enables organizations to limit the use of their more-expensive, higher-performing, highly available storage and server platforms for support of dynamic, transactional-based environments. In addition to reducing overall storage and server costs, a tiered storage architecture decreases the system administration time required to deal with systems problems. For example, offloading the estimated 80% of reference, “old,” or compliance-related e-mail or digital information to a different platform allows for faster recovery and increases the performance of the primary application storage and servers.

Many longer-term storage platforms have built-in features that allow for automatic media repair for data integrity; lockdown to prove that transactions are in the original, secured, unaltered format; and built-in nomenclatures to retrieve information addressing files by their content and location through metadata. Additionally, these platforms tend to be distributed and most have application programming interfaces (APIs) that work with many middleware applications to integrate with replication and backup for disaster recovery and business continuity. These newer classes of storage allow for fingerprinting that provides the audit-trail and retrieval processes necessary for legal discovery. The Storage Networking Industry Association (SNIA) identifies CAS’s benefits and features as immutability and authentication, location and technology independence, scalability, and elimination of duplicate information.

Risk management and information security are the greatest benefits of electronic message archiving solutions. Content scanning and filtering are important to control information flow as many organizations grapple with monitoring and auditing information.

Instant messaging (IM) is also becoming an essential productivity tool. Many industry analysts believe that IM will eventually supersede e-mail as the de facto standard for business communications. However, IM is increasingly prone to misuse and has the same regulatory requirements of e-mail. Some organizations have already put IM standards in place; those that have not face significant risk. It’s not just text that can go through this software; it can be used to transfer files of any type, size, or content, to anyone, anywhere. Additionally, this medium poses the same risks for viruses, spoofing, phishing, worms, and other security problems that electronic message software has developed an integrated solutions approach for preventing.

The IM medium also has created security threats to the network, with many IM programs requiring fixes in order to close “back doors” and security holes. Adding to the problem is that everyone is not using instant messages solely for work purposes; many employees spend a lot of time chatting with friends during work hours wasting valuable corporate resources.

Enterprise content management

A new lexicon of enterprise content management (ECM) has recently entered the IT vocabulary. ECM is basically an umbrella that covers the disposition of all digital information-database records, medical imaging, electronic and instant messages, documents, scanned images, scanned documents, Web content, etc.-within a company and provides the necessary means to centralize all such information.

Today’s ECM software encompasses the management of all electronic information under, ideally, a single tool. A few years ago there were a handful of players in the ECM market. But in the last few years, numerous acquisitions have been driven by the desire to create an overall solution to track, correlate, and monitor all information. While many vendors clamor for presence in the ECM space by merging technologies, the real differentiator is whether they offer the business and process management behind the hardware and software to allow you to truly manage information through a single view.

It’s important to note that ECM is not just a technical solution; it is a discipline that needs to start well before the hardware and software are deployed. ECM is rooted in policy, processes, and an overall information management strategy that must be documented, agreed upon, and “socialized” to the corporate environment to have any chance of garnering control of information.

ECM is not synonymous with information life-cycle management (ILM), nor is it simply a means to store everything in one place. ECM is a comprehensive approach to determining not only how information is accessed, retained, and deleted (i.e., ILM), but also how it is created and shared. ECM addresses questions such as the following: How, when, and by whom is the information created, stored, and accessed? What is the business value of different types of information and what happens to that value over time? How long must you retain information and how quickly would you need to retrieve it for legal or other discovery purposes? And, most important, how soon and under what circumstances can you delete it?

Managed service providers can help manage this process, but many companies can easily perform the task themselves since it involves many resources already available and in-house. For example, mature, feature-rich solutions for reigning in electronic messages that also allow you to manage documents and file shares have been available for quite some time.

Don’t wait until the legal system comes knocking at your door or your company makes the headlines. Start with a clear and concise documented, communicated, monitored, and auditable policy program that outlines roles and responsibilities for every employee. Then develop a corporate information management strategy that encompasses the treatment of all digital assets. Understand what features you require now and what features you will require in the future. Re-use existing human and capital assets by re-deploying them to realize immediate benefits.

James E. Geis is director of storage solutions at Forsythe Solutions Group (www.forsythe.com) in Skokie, IL.

Benefits of e-mail archiving and ECM systems:

  • Ready access to all electronic messages and other digital information, which are easily indexed, searchable, and retrievable for legal discovery or other fact-finding missions.
  • Monitoring and capture of all incoming and outgoing messages.
  • Filtering of inappropriate content.
  • Decreased load from expensive primary resources by offloading content to less-expensive computing platforms.
  • Integrated with spam, virus control, firewalls, and other content filtering mechanisms to weed out useless information so it won’t need to be stored or backed up, or have multiple copies.
  • Integrated with a tiered storage approach to best utilize storage investments.
  • Automated policy-based access, retention, and deletion.

Basic electronic message policy components

  • Detailed, consistently updated information about requirements regarding, but not limited to, the purpose of the policy, revisions, who the policy affects, policy description and details, definitions and glossary, responsibilities, and procedures;
  • Statement that all electronic communications are potentially admissible in legal proceedings and should be treated as such;
  • Statement that messages transmitted using corporate assets belong to the company (not the user) and can be monitored, tracked, reviewed, and audited. Privacy is non-existent when it comes to use of company assets to transmit electronic communications;
  • Statement of appropriate use of electronic messaging, which includes the following guidelines:
    • Appropriate content (business purpose only)
    • Appropriate business language and grammar
    • HR guidelines about offensive language
    • Allowed or disallowed domains for sending/receiving e-mail
    • Guidelines about printing, copying, or saving messages outside of the archival or message handling software
    • Differences between business and non-business use of electronic messages
  • Directives on mailbox and message use;
  • Designation of company-approved instant messenger software, standards, and business usage;
  • Guidelines for the “CARD” of messages and other digital information:
    • Creation: Who, what, where, why, when, and how messages are created
    • Access: What software can be used, who can access the primary message store or archive, where messages can be stored (e.g., laptops, desktops, home computers, PDAs, or handheld devices)
    • Retention: How long and what types of messages are retained and why, as well as how they are indexed and searched for immediate and easy retrieval
    • Deletion: Precipitating events or legal reasons that messages can or should be purged or removed, as well as a process for halting automatic deletions due to special circumstances (pending or potential litigation)
  • Guidelines for storage, location, backup, restore, security, archiving, disaster recovery, and business continuity requirements;
  • Documentation, education, and communication plan as well as directives on employee notification and acceptance of policy and policy changes;
  • Involvement and input from human resources, legal department, IT and business units, and support from upper management;
  • Plan to audit the policy and remediation procedures for violations of documented policy and a process for monitoring policy adherence real-time; and
  • Plan to update, improve, and re-communicate policy statements.

This article was originally published on July 01, 2005