It’s no secret that technology has created an “instant correspondence” business culture, and this culture is in the direct path of the rapidly growing compliance- and e-Discovery-driven movements within business organizations.  This is especially true within the regulation-heavy industries of banking, healthcare, pharma, and government.  Highly regulated business sectors transfer thousands of highly confidential messages and data to their servers every minute, and although real time communication allows for better and faster business decisions--as system integrators and VARs servicing these markets know--there are always compliance concerns and regulations to be considered. 

Legislation Affecting Instant Communication Trends

In recent years, several regulations (FRCP, HIPAA, the Sarbanes-Oxley Act, and Securities and Exchange Commission Rule 17a-4), were enacted to strengthen ethical business practices and corporate governance.  These regulations require archiving of all communications in legal, healthcare, finance and other regulated businesses.  In addition, recent changes to the Federal Rules of Civil Procedure made it clear that any information stored in a visual format can be called upon in court, including emails, attachments and calendar files.  These laws require U.S. companies to keep better track of their employees’ correspondence and other electronic documents.  Failing to preserve or produce electronic communications when requested in legal cases could be viewed as a breach of e-Discovery and compliance efforts.

In the United States alone, the Enterprise Strategy Group’s research shows that there are more than 10,000 laws and regulations drafted by the US federal and state legislators that address "records," the information that takes the form of email. The regulated industries include financial, health care, insurance, banking, energy, pharmaceutical, etc.  Worldwide, the requirements for records retention are regulated in every country, and just to name a few, there’s the Universal Market Integrity Rules for Canadian Marketplaces in Canada; the Data Protection and Freedom of Information Act in the United Kingdom; and Conseil des Marches Financiers’ Decision 99-05 in France.

Addressing the Major Business Needs behind Email Archiving

There are also specific business functions associated with email archiving, such as regulatory compliance, e-Discovery, storage management, backup and disaster recovery.  Needless to say, the influence of email archiving software products has had an appreciable impact within the most highly regulated industries, where a typical court request, for example, may only allow three hours for the swift perusal of data/emails in response to a litigation situation. 

Information retrieval needs to be immediate, secure and capable of navigating the enterprise networks for multi-national organizations.  As a result, compliance-driven organizations must implement secure message storage solutions that facilitate real-time capture of extremely large volumes of email (with attachments).  Highly-regulated companies with the most accurate and secure enterprise email archiving solutions are specifically addressing a number of factors for maintaining top-tier systems that meet compliance and e-discovery requirements.  These factors include the following:

• Data Compression: According to GreenDataStorage.com, data compression’s ultimate goal is “to reduce the size of data to create a corresponding reduction in network bandwidth or storage capacity.”  Fortunately, many archiving products include compression as one of their storage reduction features.  Data compression can be used for all tiers of storage.  When combined with de-duplication technology, some archiving products can reduce data storage sizes to a quarter of their original size – not a bad digital footprint in light of “green” trends for reducing an organization’s carbon footprint. 

In addition, the use of ‘stubbing’ can save a tremendous amount of space on an enterprise’s email servers.  Many confuse stubbing with archiving, which involves storing a copy of a message or attachment on an archiving server.  During the stubbing process, the bulk of a message or attachment is moved off the email server to the archive server.  A link to the message or attachment content will appear in the users’ inboxes, allowing users to click on the link and almost immediately access the message or attachment.  This helps companies meet Sarbanes-Oxley’s requirement of easy accessibility to information while keeping data secure.

• Real-Time Archiving: From a compliance point of view, industries affected by federal regulations (such as Sarbanes-Oxley) require companies to preserve electronic business records in a secure but easily accessible manner.  Real-time, or journal, archiving ensures that companies capture every piece of information before employees can delete it.  Archived information is secure behind corporate firewalls from outside parties, while intensive access control features restrict employees’ ability to view and manipulate archived data.  Retrieving data from an archive should be a matter of defining search terms and hitting the ‘search’ button, then waiting a few seconds. 

• Duplication Concerns: Single instance storage technology locates multiple instances of the same file and stores only one copy, thereby de-duplicating archive reserves.  Imagine how many times one email is sent to multiple employees or how many times the same attachment is forwarded.  Without de-duplication, every copy of an email or attachment sent to multiple employees or sent multiple times (or both) would be stored to the archive, which wastes space in the archive and wastes time during e-discovery searches. 

System integrators and VARs responsible for reviewing archiving products should ask if the product supports single instance storage of attachments as well as emails.  Why is this a critical point?  Most businesses follow the “80/20 rule”: 80 percent of storage space is used by large attachments, which comprise only 20 percent of total electronic communications.  Most archiving products de-duplicate emails, but fewer also de-duplicate attachments.  Neglecting attachments during the de-dupe process significantly reduces total storage volume reduction. 

• Storage Management: Tiered storage or hierarchical storage management is the process of placing less frequently used data on less performance-intensive storage devices, resulting in a ‘tiered’ or ‘hierarchical’ storage scheme.  Hierarchical storage management reduces overall energy usage by storing data more efficiently.  Another added benefit of tiered storage is cost reduction, as less time and energy is spent managing less frequently used data.

• Cross-Server Searches: Because compliance officers need the ability to search through millions of messages across the entire archive within seconds, a company’s enterprise archiving software solution must apply to multiple email server needs within an organization.  Even though there are many, many IT departments managing a mixture of email servers within a single company, many integration efforts aimed at compliance and e-Discovery stumble at this point.  Cross-server searches have consistently been a hang-up in the e-Discovery process and this boils down to incompatible software products for archiving.  Time and money are often lost in the effort to ‘patch’ together software solutions to allow multiple email server searches.  In recent years, however, next-generation archiving products have broken new ground in the realms of cross-server support and native integration, allowing IT teams to adopt a convenient “server neutral” approach to message management.

• E-Discovery: A quality e-Discovery set-up should enable a legal counsel to perform e-discovery searches without IT supervision, in a manner that is graphically intuitive.  Traditional electronic discovery is expensive and time-consuming, especially when the requested information is not stored centrally. In fact, traditional discovery methods often fall far short of court deadlines, resulting in anything from embarrassment to fines for organizations unable to produce in a timely manner.

In 2006, the United States Supreme Court updated the Federal Rules for Civil Procedure (FRCP) regarding discovery, effective December 1, 2007, thus forcing many organizations to reconsider their electronic information management policies (and storage management solutions).  VARs and integrators stand to benefit from this trend by providing services and solutions helping companies to make better product decisions for their electronic discovery and compliance-ready enterprises (i.e. servers, storage devices, and email archiving software). 

In managing high message volumes, regulated organizations rely more heavily on their email archiving solutions for setting policies, archiving into specific categories (such as finance and HR), and creating specific tiers of information, whether it is universal, by group, individual, or department--and of course, the ability to set litigation hold. 

When complete audits have to be performed quickly, data must be unalterable.  The regulated enterprise is accountable for every action, it is important to have the ability to establish subordinate access logs--so a supervisor can view a subordinate’s messages (a process also aimed at upholding employee accountability).  Other features important to organizations tasked with electronic discovery requirements include:  1) a Web console providing granular access controls for administrators, auditors, company officers and legal counsel, 2) notation features for adding case numbers and notes, 3) archive logs with search histories (with search terms noted too), and 4) read-only formats for administrators, executives and legal counsel.

Notation features should allow employees to share relevant information about archived items without impacting the archived data in any way.  Legal professionals, internal auditors, and even end-users need to be able to speed along discussions of archived data for litigation events, internal audits, or business-critical projects.  Because of this, advanced search options are also extremely valuable to in-house legal counsel, who can search messages and attachments by full text key words or key phrases as well as a variety of metadata.  Counsel should also be able to utilize Boolean logic, proximity searches, and fuzzy searches while combing the archive, and the search results can be saved in a couple of modes--archive search baskets, downloaded, or emailed as attachments.  Last but not least is the integration requirement for common legal technology products, including out-of-the-box integration with any legal review tool that can accept PST, EML, NSF, and HTML formats.  

Every highly-regulated organization is looking for a storage solution that fits their particular IT environment.  The individuality in the enterprise’s environment can come from their choice of email server, OS, existing storage devices, or internal-record-keeping controls.  Businesses want solutions that will support any changes made down the road.  Whether it is a government entity, bank, public school, hospital, pharmaceutical company, or publicly-traded company, every compliance-focused business seeks storage solutions that allow the organization to keep all their business-critical records and communications without sacrificing server performance.  This is where archiving steps in to remove the burden of managing mass storage off of email and file servers. 

Ashley Coover attended the School of Journalism at the University of Florida.  She began her writing career as a newspaper reporter, later working as an editor.  She currently writes for MessageSolution, Inc., a thought leader in the fields of digital archiving, compliance and legal technology.