A conversation on email archiving and compliance

More and more industries are being asked to archive their e-mail communication due to legal or industrial compliance regulations. As organizations begin to examine e-mail archiving there are a few questions they should ask about compliance before selecting a product.

How will mandatory archiving affect organizational costs in terms of storage space?
The first issue with storage costs is predicting the space your company will require in the future. This is hard to do as e-mail storage is growing quickly (still). There is also a huge difference, depending on the archiving solution used on how much storage will be needed. Today, we can distinguish three types of archiving solutions: – On-premise software solutions that can be pure e-mail archiving products or part of a deployed DMS.

  • On-premise hardware solutions of an appliance type.
  • Hosted solutions offering off-site archiving in a cloud based approach.

From a cost perspective, on-premise solutions usually lack scalability, leading to high costs and a complex process to extend the archiving system once storage limits are reached. Also, it's very likely that storage costs per GB will continue to drop in the future, but on-premise solutions don't benefit from these reductions as they are always sized and licensed for a several years upfront.

Hosted solutions in contrast can offer storage resources that are continuously growing with the customer's requirements, virtually offering unlimited and automatic scalability. In general hosted solutions are often more predictable and flexible in costs as you have practically no upfront investments and pay for what you get – also benefiting for example from future price reductions for storage. In that, even not archiving at all also can lead to increasing storage and hardware costs: Usually email servers will quickly reach storage limits as email volumes are skyrocketing. This often requires new email server storage systems or even new email server – along with backup systems that meet the growing storage capacities.

How does email archiving assist in disaster recovery efforts in the event of an emergency?
While there are archiving solutions also offering special disaster recovery features let's keep one thing in mind: Having a good day-to-day backup and recovery strategy is a mandatory goal for every IT infrastructure. An archiving solution, whether on premises or off-site, should never be a substitute for this approach. That said and as a last resort, an e-mail archiving solution, especially when hosted off-site, can save you when everything else goes wrong.

For many companies, e-mail is a big asset still growing in importance. In case of a devastating incident not only tearing down your email servers but also you backup systems, even an on-site archive could be useless. In this case having your entire company's e-mail communication safely archived in a datacenter and instantly accessible from any web browser over the Internet can really make the difference! To close the circle, having an off-site e-mail repository in case of a disaster, can also be important from a compliance standpoint – at least in the future, as some indications can be found, that upcoming compliance regulations will make an off-site archive mandatory.

Yet another kind of a “disaster” may be the closure of a business. In this event it is also possible that for compliance reasons e-mails have to be maintained for years – even if the business premises together with the whole IT infrastructure and email servers don't exist anymore! In this case, a hosted email archive will maintain compliance – even better: this may come at no annual, additional cost!

Other benefits of email archiving
While legal compliance often is considered necessary evil, there are other good reasons for deploying an e-mail archiving solution, too. The implementation of an archive solution can have an instant and very welcome impact on a company's e-mail infrastructure:

  • As older e-mails no longer need to be stored on the e-mail servers, valuable disk space can be recovered.
  • With lower storage consumption, system backups will run faster, too.
  • As more and more end-users will rely on the archive to search and retrieve information, the load and traffic resulting from accessing the servers will also be distributed, freeing even more e-mail server resources.

Speaking of end-users, they will experience a new and convenient method in managing their e-mails. They don't need to care any longer about accidentally deleting e-mails or slow and cumbersome searches through countless, diligently created folder structures in their e-mail client. An e-mail archive can ensure that all e-mails are securely stored never mind if the user deleted them from his inbox or not. And with strong full-text search engines it's a matter of seconds to find and retrieve e-mails with a simple, Google-like search. One of the biggest challenges administrators have to face when managing e-mail storage space so far is the uncontrolled creation of PST files.

PST files are local archives end-users can create on client PCs or even network shares. The motivation to use this feature in MS Outlook is mainly related to mailbox quotas: When confronted with a storage limit on his personal mailbox the end-user is easily tempted to use these simple archive files to circumvent the limitations. However, the risks of data leakage or loss are very high – central management nearly impossible. With an e-mail archive where all data is stored in one central, always accessible archive, PST files are dispensable. Even better: Many archiving solutions allow the assimilation of e-mails stored in existing PST files.

Ensuring emails remain secure
When archiving e-mails off-site through a hosted email archiving service, several areas must be considered to maintain privacy and secure storage of email messages. The first topic to look at is the way emails are transferred to the archive. As in a hosted service the data is usually transferred over the public internet they should be encrypted during transit. Once arriving in the archive however, the data should also be stored encrypted – only accessible by the customer himself.

That's an important point as some existing hosting solutions don't offer an encrypted storage or when offered only encrypt the whole archive but not individually for each customer. Together with the high availability and security standards of a datacenter where the emails are stored, the level of security reached by a hosted solution is often considerably higher than for example an SMB on-premise solution where suitable server rooms with according cooling, uninterrupted power supply and access control are often missing.

How cloud computing will play into email archiving
Summarizing the above, from a cost perspective as well as scalability and planning point of view it's a excellent alternative to traditional on-site solutions. That is especially the case where a complex and long deployment but also daily maintenance and monitoring efforts can't be accepted – e.g. for SMBs. Also, future legal requirements will probably make off-site compliance archiving mandatory.

How often should email be archived and saved? What happens between saves? Is there a way to automatically archive emails in real time?
Compliance regulations as well as simple day-to-day business needs, for example to reproduce an important e-mail communication, require that all e-mails that are business relevant are archived. There are different approaches to achieve this. Traditional archiving solutions often leave the choice of what to archive to the end-user. While this can have advantages as for example the ability to classify or categorize e-mails upfront, it has the critical disadvantage that important e-mails potentially do not get into the archive at all! For compliance standpoint so, manually archiving e-mails is not acceptable. The solution here is to use so-called journal archiving.

This is a built in capability offered by most e-mail servers which transfers a copy of all e-mails to a special archiving location automatically as soon as it is sent or received. While automatically archiving all e-mails is the best choice to comply with internal or legal regulations, critics often argue that this can result in archiving large amounts of spam messages. In fact this is a very important point. Therefore, it is recommended to put e-mail archiving into the context of the whole corporate messaging strategy: With an appropriate e-mail security solution that potentially even integrates with your archiving solution, this concerns can easily be overcome.


You Can Learn More About the Astaro Internet Security Product Line By Going to www.FirewallShop.com/Astaro.

The original article/video can be found at A conversation on email archiving and compliance

Leave a Reply