Home Compliance & eDiscovery Simple Steps to Compliance: Archiving Electronic Messages for Competitive Advantage
Tuesday January 06, 2009

Simple Steps to Compliance: Archiving Electronic Messages for Competitive Advantage

Wednesday, 23 April 2008 17:59 Kieron Dowling, Jatheon

The way people communicate with each other in both personal and business contexts has changed dramatically in a few short decades. In today's virtual, paperless world, massive quantities of information can be transmitted in seconds from one location to another, anywhere in the world.

As companies adopt and benefit from messaging technologies, they also struggle to define the parameters for their appropriate use. Forcing the issue are governing bodies and regulators in all industries, who have imposed strict requirements on the storage and management of messaging data in response to groundbreaking lawsuits in recent years.

Organizations of all sizes are now realizing that a corporate e-mail archive is no longer a luxury, but a necessity in today's regulatory environment. What may seem an overwhelming prospect, however, should also be viewed as a key tool in creating a company's strategic advantage. More, e-mail archiving need not be daunting. Incredible growth in this market has led to easy and affordable archiving options for companies of all sizes.

The Exploding Market

By 2011, the market for e-mail archiving solutions will increase nearly 10-fold to almost $6.1 billion, up from $796 million in 2006, according to independent market research firm The Radicati Group. North America and Europe will be the largest markets, accounting for 60 percent and 32 percent of global sales, respectively. What's driving this demand? The three trends below.

Worldwide explosion in e-mail and instant messaging (IM) usage. The average corporate e-mail user sends and receives a total of 133 messages per day, one-quarter of which are sent with attachments. Enterprise IM adoption is also heating up. As demand grows, major platforms including IBM Lotus Sametime and Microsoft LCS/OCS are making IM a key component of their unified communications strategies.

The increasing storage requirements of corporate e-mail users. As more graphics-rich forms and documents are sent as e-mail attachments, average e-mail message sizes are rapidly rising. In 2006, the average corporate e-mail user sent and received roughly 16.4 MB of data per day. By 2010, that figure is expected to exceed 21.4 MB.

Regulatory compliance requirements. An increasingly litigious environment surrounding the use and storage of e-mail and other messaging data has affected companies in virtually all industries. Federal rules obligate companies to produce electronic evidence. Companies that can not save, find, and share their e-mails risk losing their credibility in court. Analyst firm AMR Research estimates that by 2010, compliance spending in North America will exceed $80 billion, which may be characterized as a hidden tax on profits.

Challenges Facing Organizations

Companies large and small face a number of common challenges when it comes to their messaging systems, including:

The need to comply. Government and industry regulations are very specific about their compliance requirements. In addition to industry requirements, some companies implement their own messaging retention policies. Others don't. A survey by the American Management Association and The E-Policy Institute reveals that 66 percent of companies lack policies for saving, purging and managing e-mail.

The need for all users to quickly access and manage corporate information. The sheer volume of electronic messaging is overwhelming users, rapidly turning e-mail into a productivity issue for many companies. In fact, an Osterman Research survey found that 46 percent of e-mail users spend more than two hours each day doing something in their e-mail inbox.

The need to store increasing quantities of data without affecting system performance. As the size of the average user's e-mail box continues to rapidly swell, organizations spend more time restoring crashed servers and managing mailboxes (often deleting useful information) to meet required quotas.

Why Archive Electronic Messages?

An e-mail archive, in a nutshell, is a system that automatically obtains messages, attachments, and information about the messages from e-mail servers. It then indexes and automatically stores that information in read-only format for a specified length of time, based on the company's or industry's retention policy.

E-mail and IM content stored in the archive remains accessible to the user without placing an unnecessary load on the e-mail server. An archive also enables companies to define policies, search for messages, and maintain an audit trail of who accessed a message and when. A company creates an archive of its e-mail and IM data for four key reasons.

Compliance. Organizations in virtually all industries--from financial services to health care, government and beyond--are now subject to some level of regulation concerning the storage and management of their electronic data. The Federal Rules of Civil Procedure, Sarbanes-Oxley, the U.S. Patriot Act, HIPAA, SEC rules, state laws, and corporate policies are all part of this dynamic regulatory environment.

E-mail storage capacity and management. Companies frequently limit the size of each user's mailbox to optimize e-mail server performance. This forces users to spend time cleaning out their mailboxes, which reduces their productivity. Allowing larger mailboxes, however, can severely affect the efficiency of the e-mail server.

E-discovery. A nightly backup of a company's computer data is not the same as an archive. One of the main differences is that to comply with most regulations, e-mail messages, their attachments and IMs must be stored in their original formats, and no one should have the ability to alter their content or delete them altogether. Unlike a backup, which is usually made at the end of each day and designed to restore e-mail servers after a problem, the archive is created at the front end, before a message reaches the end user's computer, and stored in a non-rewriteable format.

An archive is also fully searchable, greatly simplifying the e-discovery process. For example, if Company X sues Company Y, lawyers typically review all e-mails related to the case. With no e-mail archive, discovery can take months of billable hours by a team of lawyers and IT professionals. In contrast, the process can literally take minutes via keyword search of an e-mail archive.

Corporate intelligence. As much as 75 percent of a company's intellectual property is housed within its messaging system. More, users often refer to old e-mail when composing new e-mail. An archive offers a company access to a rich repository of corporate knowledge through an easy-to-use search interface.

In-house Archive Advantages 

To create an e-mail archive, companies have two basic options. With an in-house e-mail archive, the company buys and manages the solution on its own. With an outsourced solution, the company's e-mail is stored and managed offsite by a third-party vendor.

The exploding e-mail archiving market has been flooded with vendors and archiving solutions. Choosing an archiving solution can be overwhelming, particularly for companies with no e-mail usage policy in place yet feeling pressured by growing industry regulations and the threat of litigation. That said, there are a number of compelling reasons to establish an in-house archiving solution:

Simplicity. Depending on the chosen solution, an in-house archiving appliance can take up no more space than an average router and can be up and running in a matter of hours. Even in IT departments with a team of one, managing the appliance is relatively simple, and requires little or no IT experience. Initial setup is typically completed with the appliance vendor or integration partner.Security. Given the highly confidential nature of many e-mail communications and file attachments, company leaders are often uncomfortable having their data housed off-site by a third party--especially as e-mail archiving is currently an unregulated industry.

The concern is shared by regulators, including the National Association of Securities Dealers (NASD), which has said in a Member Notice, "outsourcing an activity or function to a third party does not relieve members of their ultimate responsibility for compliance..." In other words, the buck stops with the end-user organization.

Reliability. With an outsourced solution, server performance can be compromised during high-volume periods as messages must share the same bandwidth, whether they're being sent, received, or archived. In contrast, an in-house archive captures copies of all incoming and outgoing messages after or before they make contact with the outside world, with no impact on a company's bandwidth or server performance.

Cost-effectiveness. For smaller companies, the appeal of an outsourced solution may be its apparent cheaper price tag. Over time, however, the cost analysis favors in-house solutions.

For example, a 100-person company might pay $10,000 for an in-house archiving appliance. The company handles ongoing management of the archive, so it pays no recurring costs. The same company might pay $3,500 per month for an outsourced solution (100 seats x $35 per seat – the current mid-range cost of an outsourced archive), and those costs would recur each month the company chooses to archive its e-mail.

In-house Archiving in Action

An in-house archiving appliance can be set up in a matter of hours, and completely integrated into a company's existing e-mail interface. Here's how the archiving appliance works with the company's e-mail solution:

1. Once an incoming message/file has passed through the company's firewall and spam filters, it moves to the router.

2. If the e-mail system is managed in-house (e.g., Microsoft Exchange, Lotus Notes or another networked system), the archiving appliance captures every message and its attachments (a process called "journaling").

3. If the e-mail platform is hosted by a third-party provider or is a less-common, proprietary e-mail system, the archiving appliance captures a copy of all messaging traffic as it passes through the switch or router (a process called "sniffing").

4. Users can then access their e-mail archives and perform basic or advanced searches through their e-mail program.

The company"s compliance officer--often the IT person in smaller companies--also needs little IT training to define the rules by which messaging traffic will be monitored and captured. Those rules can be dictated by the compliance requirements governing the company's industry, by the company's own e-mail policy, or both. Changes can be made at any time via drop-down menus.

Overcoming Archiving Inertia

The threat of non-compliance lawsuits or system crashes due to storage capacity shortfalls motivate many companies to archive their e-mail. However, smart companies also understand that e-mail is a growing repository of organizational intelligence, one that can be mined for a better understanding of the company, its customers, and its opportunities for growth and improvement.

Even in the absence of a formal e-mail management and retention policy, a company should begin archiving today. A good in-house archive can be easily adapted as a corporate policy develops. The worst thing to do is nothing--and with a few simple steps, companies can not only ensure their future compliance, but also gain significant strategic advantage. 

 

E-mail/ IM Policy Pointers

Yours may be one of the many companies that has yet to establish its policy for e-mail and IM use and retention. The tips below offer guidance toward that end.

* DON'T make it an IT project. Your policy for how e-mail and IM will be used and retained by your company should be developed with input from across the organization. Give IT, legal, HR, compliance, customer relations, and administrative departments a seat at the policy planning table--and make sure international divisions of the company have a voice, too.

* DO create two policies: One for retention of e-mails and IMs, and another for company-wide usage of e-mail and IM. These will be separate policies, but it's important that they're developed side by side. Both should be reviewed and updated annually.

* DO communicate your usage policy with all employees, not just through e-mail, but through face-to-face training and discussion in department meetings. Be specific and detailed. It's important that everyone in the company understand both appropriate and inappropriate use of e-mail and IM, and that violating usage guidelines is a punishable offence. Employees should also know that copies of everything they send are being archived. This knowledge alone often results in fewer instances of inappropriate messaging.

* DON'T delay archiving in the absence of a retention policy. Ideally, the policy comes first and dictates the parameters of the archive setup. But for many companies, a policy can take months to develop and gain consensus--and most aren't willing to risk a damaging noncompliance situation or costly e-discovery process in the meantime. A flexible in-house archiving solution can easily be adapted as policy takes shape.

Kieron Dowling is president and CEO of Jatheon Technologies, Inc.; contact Kieron at This e-mail address is being protected from spambots. You need JavaScript enabled to view it . www.jatheon.com

 


Computer Technology News

Our twice weekly email newsletter
Click here to see current issue or sign up below

Subscribe to CTN