Despite the availability of many other communication tools, the email remains the most important means of communication for companies around the world. But are companies really always aware that their emails can contain business-critical data that need to be preserved and kept available in the long term?
Email compliance regulations are constantly growing and so are, therefore, the legal requirements governing the handling of such data. It is essential that IT decision-makers get to grips with the issue of securing email data and include this in their strategic IT security respectively email governance policies. Global companies need to remember that compliance requirements can vary from country to country.
- What are the Differences?
- Eliminate Mailbox Quotas
- Eliminate PST Files
- Reduce Storage Requirements Through De-Duplication and Compression
- Reduce the Workload of the Email Servers and Simplify Backup and Restore Processes
- Provide Complete, Tamper-Proof and Long-Term Email Retention
- Helps to Meet Compliance Requirements
- Assistance with eDiscovery scenarios
- Full-Text Indexing of Emails for a Fast Search
- End Users: Restore Lost Emails Quickly and Easily
- Important to Know: Ensuring Data Privacy
- So, to conclude
To Preserve and to Protect Business-Critical Data
But how can a company preserve and protect important, business-critical data? The answer is to implement both an email archiving solution and a backup software. Deploying both solutions within a corporate environment is actually very important as they fulfill different purposes and complement each other well.
The primary objective of any email archiving solution is to ensure that email data remains available and retrievable over time. For companies, this is particularly important with emails involved in the preparation, completion, execution or reversal of a business transaction (e.g. invoices, quotations, support inquiries, or appointment requests).
In contrast, the purpose of a backup is to store data in the short and medium term, providing a regular snapshot of the data in question. This concept allows copies of whole data sets to be made so that they can be swapped out to external storage or a cloud environment and restored at a later date.
So, a backup is merely for the purpose of disaster recovery, allowing temporary, backed up data sets to be copied back from external storage in the event of data loss. The following objectives can be achieved through email archiving¹:
|Objectives||Email Backups||Email Archiving|
|Eliminate mailbox quotas|
|Eliminate PST files|
|Reduce storage requirements through de-duplication and compression|
|Reduce the workload of email servers and simplify backup and restore processes|
|Provide complete, tamper-proof and long-term email retention|
|Helps to meet compliance requirements|
|Assistance with eDiscovery scenarios|
|Full-text indexing of emails for fast searches|
|End users: restore lost emails quickly and easily|
What’s Behind It All?
An email archiving solution allows emails that have been successfully archived to be deleted (automatically) from the email server’s mailboxes, thus freeing up storage space on the server.
A backup solution usually creates temporary copies of the email server’s data on an external storage medium or in the cloud. In this context – and depending on the backup concept being used – “temporary” means that data within the backup is overwritten or deleted (e.g. in the case of incremental backups), or deleted completely according to a fixed schedule if the backup file is no longer needed. Creating these copies does not eliminate the need for mailbox quotas – “full mailboxes” and the often associated need to “swap out” emails (e.g. to external PST files) remain a nuisance for users and IT administrators alike.
PST files are mainly used to transfer emails from a user’s mailbox (e.g. due to mailbox quotas) or to create local copies of the emails on the user’s PC. The contents of the mailbox are copied manually or automatically (e.g. via the Microsoft Outlook function AutoArchive) into a PST file, then swapped out to an external storage medium, allowing the contents to be deleted from the user’s mailbox if necessary.
Many companies are trying to get rid of PST files altogether as they often harbor risks. They are considered error-prone and inefficient, and often take up a lot of storage space. PST files are easily damaged or lost, particularly as they are often stored across a variety of users’ PCs and locations. This makes it more difficult to back up files and frequently results in key data being lost. Moreover, PST files can’t be browsed using a full-text search function and aren’t tamper-proof either.
In this regard, email archiving offers crucial benefits for IT administrators in particular, and can also help to meet companies requirements. The emails are archived in a centrally-administered system designed for long-term retention, while taking account of necessary regulatory and compliance requirements. This gives the IT administrator control over the entire archiving process. Because the archived emails can be deleted automatically from the email server, PST files become redundant as a potential solution for bypassing mailbox quotas. The contents of existing PST files can also be archived centrally, allowing end users to browse them with ease.
It’s also fundamentally possible to back up PST files independently of any archiving process in use. However, as this approach doesn’t allow mailbox quotas to be bypassed, it’s not possible to fully eliminate PST files using backups.
Another advantage of email archiving compared to PST files is the ability to de-duplicate and compress archived emails, meaning that the archive uses less storage space.
While it’s true that a backup solution too can compress and – depending on the provider – de-duplicate data, an email archiving solution has the added crucial benefit of offloading the email server, as the latter no longer has to retain emails that have already been archived.
By applying “rules” to delete emails from the server after successful archiving, the volume of data on the server can be reduced. This can significantly accelerate subsequent backups and restore routines (in the event of data loss) on the email server, and thus substantially reduce the downtime of this business-critical system. As well as generally alleviating the data load on the email server, email archiving can also enhance the performance of the backup process. A backup solution can’t do this on its own.
The main aim of any email archiving solution is to retain email data in a form that is complete, tamper-proof while providing long-term availability (see Helps to Meet Compliance Requirements).
Completeness is usually achieved by archiving emails directly upon arrival at/departure from the email server (known as journaling). A backup solution merely saves the email server in its current state (snapshot). This increases the likelihood of users deleting and losing email data before the backup is created.
Professional email archiving solutions help to retain data in a “tamper-proof” way through encryption, the formation of hash values, restricting user privileges to a necessary minimum, and maintaining audit logs of relevant changes and user events. Some backup solutions are now also being marketed with tamper-proofing in mind – although exactly what this involves varies from provider to provider.
An email archiving solution differs from a backup solution in that it often retains data in the archive for several years, while a backup solution normally only stores data in the short and medium term. A backup, therefore, is merely for the purpose of disaster recovery, allowing temporary, backed up data sets to be restored from external storage in the event of data loss.
Depending on the solution in place, archiving email data in a complete, tamper-proof and long-term manner helps to meet compliance requirements, as emails too can be subject to varying compliance requirements depending on the country and industry in question.
A key criterion for this to happen is the integrity of the data in question: with journal archiving, emails are archived the moment they are received or sent, while a backup usually follows a certain schedule and harbors the risk of tampering or data loss in the interim. GDPR options and retention policies are supported by most email archiving solutions and, indeed, a number of backup solutions, although in the latter case, the configuration options often aren’t as user-friendly or comprehensive.
Outside of Anglo-American jurisdictions, eDiscovery is usually understood to mean the process by which electronically stored information is localized, procured, reviewed, and exchanged.
Both professional email archiving and backup solutions can help with eDiscovery scenarios as they usually provide a search function, as well as partial recovery and export functions. However, it’s important to bear in mind that the functions of a backup solution aren’t as comprehensive as those of an email archiving solution. If PST files contain emails (see Eliminate PST Files) which in turn are stored in backups, eDiscovery scenarios could prove laborious and time-consuming.
Some professional email archiving solutions record the contents and metadata of archived emails and their attachments in a full-text index. Provided that the necessary privileges have been granted, this enables end users to search for certain emails quickly and efficiently in the live system without having to rely on the IT administrator. There are also email archiving solutions that offer this function through integration in Office applications, such as Microsoft Outlook.
While it may be possible to browse these items separately with a number of backup solutions, this function is generally reserved for the IT administrator and restricted to certain contents and metadata.
For end users, email archiving solutions also offer advantages over backup solutions when it comes to recovery, too. End users are able to search for certain emails using the search function before recovering them independently. No additional IT capacity is required to restore emails, i.e. there is no need for the IT administrator to manually search backups for certain emails and restore them for the user. By contrast, a backup solution does not normally give end users direct access to the data.
To avoid conflicts with data privacy regulations when archiving incoming and outgoing emails, we recommend prohibiting the use of private email or requiring that employees use only external email services. The policy can be specified in writing, for example, in guidelines for using the company’s IT infrastructure, in a company agreement, an employee’s declaration of consent, or an individual employment contract.
Email archiving and backing up emails are two completely different solutions that pursue different objectives. Whereas backups are designed to cope with disaster recovery scenarios and store data only for a limited period, the job of an email archiving solution is to ensure that the data is retrievable and available, even over a long period of time. Incidentally, it is important to note that the email archives themselves should be backed up as well. It follows, then, that both data backups and email archiving are key elements in the IT strategy of any security-conscious firm.
¹ The statements in this document are based on the fundamental concepts of backups and email archiving. The functions of an email archiving solution discussed here are based on the range of functions provided by MailStore Server. The functions of backup and email archiving solutions may vary depending on the provider.
** Optrics Inc. is an Authorized MailStore partner
The original article can be found here: