IT Brief New Zealand - Technology news for CIOs & IT decision-makers
Story image

Email archiving: the mechanics of compliance

Wed, 1st Apr 2009
FYI, this story is more than a year old

How do you store years of emails and make them easily accessible? A number of corporate governance scandals in the last few years have highlighted the need for companies to better manage the rapid growth of corporate data, in order to comply with regulatory and corporate governance requirements. This has led to a two-pronged challenge: balancing operating costs while preserving and maintaining access to content.

Technology provides the tools and systems needed to combat these pressures, particularly as more records and information are created, distributed and stored digitally. Not only is a company's IT department responsible for storing and protecting information for long periods, it's also the department most likely to produce records in response to an audit or legal discovery.

In order to address these challenges, organisations are increasingly looking to new technology that simplifies the processes required for compliance.

With a number of standards being enforced in the last couple of years, such as PCI DSS and Sarbanes-Oxley, as well as the new Public Records Act, which comes into force next year in New Zealand, companies need to be able to prove the authenticity of digital records. They also need to provide assurances records have not been altered and that they have the ability to retain records in a protective storage environment over a period of months, years and even decades. The capability to search for, restore and retrieve information that may be stored in a number of locations across various media types is also critical.

The need for records

Today, a single lost email or file can result in millions of dollars in losses for a corporation, in terms of potential risk and lost opportunity. With these regulations in place, enterprise data storage is no longer a subject reserved for back-room technical discussions. A stricter corporate governance environment has been developed to minimise the risks of corporate accounting scandals, which has led to the formation of numerous regulations. Many mandate how organisations must treat business records in electronic and paper form to ensure accountability, credibility and compliance with these standards.

Companies must be able to measure and quantify the risks inherent to how they are storing and managing the exploding number of emails, web pages, voice recordings, instant messages and rogue data. Business content can exist in unstructured data including invoices, contracts, instant messages, spreadsheets and web pages, as well as structured sources such as applications and databases.

Pulling together all of this information to be compliant can be a daunting task.

A strategic approach

For most organisations, email along with other forms of enterprise messaging, has risen to the top of IT and business professionals' agendas. This should come as no surprise, given the fact most major business transactions occur over email on a daily basis. Email is one of the most important applications to protect from a backup and recovery standpoint. Clearly, a strategic approach has to be considered alongside an organisation's other enterprise applications traditionally considered 'mission-critical', as the ability to simply access information content is not sufficient.

Archiving, united with retention policies, enables email content to be managed as a record and easily incorporated into business processes. The first step of effective email archiving and record management is extracting sent and received emails along with associated attachments from a messaging system. The most complete record possible will include captured metadata such as date, from, to, cc, bcc and subject, as well as keywords and phrases within the body of the email or attachment.

Once extracted, email and attachments should typically be offloaded to a scalable content repository to help ensure all archived email remains easily accessible. With archived emails residing in a central repository, recovering email to fulfil record requests or legal discovery becomes a single matter of executing a search against the repository.

A business needs to consider the following when reviewing its processes for storing and accessing its corporate data:

Multiple content sources: A firm should deploy an active archiving solution able to support the content from different applications and structured and unstructured data into single active archive architecture. It is common for a large firm to have hundreds of different application and file system repositories that must be actively archived for compliance, legal or business purposes.

Mailbox management: This reduces the load on primary email storage by migrating data to an archive layer or storage based on business rules.

Support for business policies: The single, most important criterion for an email archival solution is its support for a firm's business policies. Business policies are a consolidation of legal requirements, compliance requirements, and overall corporate policies about how a firm wants to manage its information assets.

Common archive services: Once an active archive solution that supports many different content sources is in place, a series of common, horizontal services, such as index or search, data classification, access controls, retention, preservation, or disposal, can be performed. These common management services can be applied centrally across multiple content types based upon the defined business policies.

Data authenticity, integration, and preservation: An active email archive should preserve the authenticity and integrity of the electronic records it's storing and ensure these records are secure and safe from unauthorised access and tampering, and will not change while stored. Some regulations require electronic records be stored in a way that ensures they can't be changed, modified or deleted during the lifetime of the record.

Data longevity: An active archive solution must preserve the longevity of the data. In many cases, content within electronic records must be retained for long periods of time. For example, some healthcare institutions must retain records for the life of the patient plus seven years.

During that time, the underlying technology storing the electronic records may become obsolete. As the content is likely to outlive the media on which it is stored, an active archival solution must provide for data longevity by easily and transparently migrating content to the technology of the day.

Benefits/Costs: It helps organisations to control the costs and management burden associated with the skyrocketing volume of email by automatically migrating attachments or older or less-frequently accessed messages from overloaded email servers to less costly archival storage devices. Implementing an email archiving solution results in savings in administration, storage spend and support costs in the long-term.

Respond to legal discovery: Archiving products that specifically address the regulatory aspect of email and message management helps enable companies to prepare better for, or respond to, legal discovery notices and minimise the imposition of fines that are increasingly common for failure to comply with record retention regulations.  Employee productivity: As a strategic component of an overall content management solution, email archiving products can also have a significant effect on employee productivity by streamlining and automating previously manual email management activities.

Ease of management: An email archiving solution can improve the search and retrieval process considerably, resulting in less time spent by administrative staff finding and retrieving stored and archived messages.

Conclusion

Organisations in all industries, especially heavily regulated industries stand to benefit from an email archiving and tiered storage solution, in order to be more compliant with regulatory and corporate governance requirements.

Companies also have the potential to deliver many business, financial and operational benefits. By migrating email and related attachments from primary email servers to archival storage devices, an email archiving solution can prolong the useful life of existing mail servers, postponing the need to purchase additional servers even while email capacity growth continues.

As a result, email archiving can assist organisations to tackle the two-pronged challenge of balancing operating costs while preserving and maintaining access to content. This helps businesses compile information correctly and gives them the options to be able to access records in a timely fashion, which ultimately saves time and money.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X