E-mail archiving and retention policies and guidelines are intended to help businesses protect themselves and their customers from potential harm. While this is the case, they also present unique challenges, particularly for smaller firms that may lack the internal IT resources to achieve full e-mail archiving compliance on their own.
Fortunately, a new breed of automated e-mail archiving solutions can help companies of all sizes achieve the compliance they require. These companies can realize tremendous peace of mind in knowing that this mission-critical business link is protected, all while saving valuable time and resources.
Why archive e-mail?
In today’s business climate, regulatory bodies and companies have a number of reasons to enact an e-mail archiving policy to protect both themselves and their customers. In the financial sector, for example, e-mail archiving is mandated by the U.S. Securities & Exchange Commission (SEC) and the Federal Deposit Insurance Corporation (FDIC) and other agencies. It’s mandated as a means of maintaining historical documentation pertaining to transactions, the transmission of sensitive business data, customers’ personal identification data and many other purely preservationist motivations.
The persistently litigious nature of society provides substantial reason for other businesses and organizations that recognize the value of protecting themselves from the potential risk of legal action. By preserving e-mail communications for posterity, companies may benefit from the evidentiary value of historical e-mail conversations, both from a plaintiff’s and a defendant’s position. Discovery time and expenses can be cut substantially with an e-mail archival and retrieval system that makes searching and accessing the archived files simple and easy.
Vested Interest in Compliance
Vested interest in compliance
Regardless of the reason for the archiving mandates, businesses clearly have a vested interest in compliance. Besides exposing the business to potential risks, failure to meet compliance standards may result in fines, sanctions or even decertification to the industry regulatory body-each of which can level a significant financial blow along with the loss of reputation and business.
In addition to being urged into compliance strictly as a regulatory matter, every business should consider e-mail archiving as part of its comprehensive disaster recovery (DR) plan. Fire, flood and other physical damage can wipe out an entire office in minutes, and take with them the vital e-mail data that could actually help aid in recovery efforts.
In addition to these natural disasters, the risk for catastrophic data loss strikes fear into the heart of many IT management professionals and business owners who realize the potential impact a massive data loss can have on business continuity. Even at a granular level, the accidental deletion of a single crucial e-mail can mean the loss of a client, contract or potential opportunity for growth.
Finally, the right e-mail archiving solution can even help to ensure access to the vital e-mail communications stream, even during a server or other IT network outage. With an effective and reliable redundancy and continuity plan in place, a hosted e-mail archiving system can provide a valuable backup e-mail access service that can allow users to send and receive e-mail messages-even when the main server is out of commission due to a failure or even scheduled maintenance. This continuity of communication can help minimize the damage from an outage and prevent the loss of business due to a breakdown in the main system.
For many businesses, particularly those with lean IT resources, the concept of implementing an e-mail archiving program can seem a bit daunting. Given the sheer volume of e-mail data and the massive storage required to handle it all-not to mention the management of the varied industry-specific retention periods-the very thought of archiving each and every sent and received e-mail message can be overwhelming. Conversely, the potential risk of not complying with archiving mandates is huge.
For businesses and industries where high-level data security is required, this factor adds another layer to the perceived complexity of e-mail archiving. And then, of course, there is the issue of physical security of the archival data server itself, which must be protected from breach and failure as well as harm from physical hazards such as electrical surge or weather-related threats.
When financial resources are tight, some businesses may rely on manual archiving systems, believing that the full-featured automated system they require may be out of their budgetary reach. The problem with manual archiving (besides the fact that it can be an incredibly time-consuming process), is that the risk of human error makes it a rather unreliable practice. What happens if the person in charge is out sick and the data dump is not performed? What if a critical file or folder is missed? These potential failures make manual archiving a decidedly noncompliant solution where most regulatory agencies are concerned. To meet the standard, archiving must be ongoing, automatic and virtually foolproof.
Finally, in order for e-mail archiving to be truly effective, the retrieval of data must be simple and easy. If restoring archived e-mail messages is a cumbersome and tedious process, this can outweigh the positive benefits of discovery cost savings, the ease and convenience of DR and the continuity aspect of an archiving system.
In the current market, there are basically three options for e-mail archiving. While each may have some positive and negative aspects, the key is to align the business objectives (compliance, DR and e-mail continuity) with the right feature set to achieve optimum performance. Let’s explore the three basic options for e-mail archiving:
1. Manual systems
Manual systems are generally the least expensive but definitely not the most effective or reliable. Not only does the process require a significant investment of time but it is also fraught with the potential for error and/or failure. Furthermore, manual archiving is not a compliance solution to most industry standards.
2. Resident systems
Resident systems are widely available in the market. While most are effective, they tend to be expensive, require hands-on management by internal IT staff and often lack value-added benefits. For example, if the archiving server is housed in the same physical location as the main data center, this provides virtually no DR protection from fire, flood or other physical calamity. It also provides virtually no e-mail continuity in the event of an outage or equipment failure. Archiving on a remote server most likely requires investment in data storage capacity, adding to the overall cost of archiving.
3. Hosted systems
Hosted or in-the-cloud archival systems provide the most effective, reliable and affordable solution for businesses of all sizes. By automatically archiving sent and received e-mail messages on remote servers that can provide an added layer of DR preparedness and e-mail continuity in the event of an outage, hosted archiving solutions provide the right mix of regulatory compliance, value-added features and service, and affordability. This kind of “set it and forget it” solution delivers reliability and ease of use at a relatively predictable and fixed cost-usually based on the storage capacity required or the number of archived mailboxes.
Choosing a Solution
Choosing a solution
When shopping for an e-mail archiving solution, it’s important to assess any potential vendor or service on four key deliverables:
1. Storage capacity
The solution must meet the storage and retention needs required to achieve regulatory or policy compliance, and it should be easily upgradeable as storage and retention needs change.
A fixed-cost pricing model is ideal, and a solution that requires minimal hands-on management will help reduce the sometimes less tangible cost of time investment.
Simplicity of integration, operation and retrieval is key. E-mail archiving should be easy to implement, own and operate. The retrieval of data should be an uncomplicated process that can be modified to suit each company’s needs. For example, some solutions require IT administrator access and/or involvement to retrieve lost data, while others can be configured to grant users access to retrieve their own or others’ data as needed.
4. Redundancy and reliability
Look for a solution with built-in redundancy, and one with an outstanding reputation for reliability. A hosted service with geographically disparate data centers can provide this redundancy, as well as the value-added benefit of e-mail access continuity in the event of a failure in the main system.
Based on these criteria, the ideal solution is the one that provides the right mix of compliance, ease of use and value-added features that meet the compliance and operational objectives for the business. The bottom line is that the first priority must be to recognize the need for e-mail archiving for compliance, DR and business continuity purposes. It’s critical to put a plan into place before it is too late.
Ted Green is founder, President and CEO of Greenview Data. Ted founded CompuView (which later became Greenview Data) in 1980 as a doctoral student at the University of Michigan. Ted holds both an MS and BA in Computer Science and a BA in German from the University of Michigan. He may be reached at [email protected].