Email Archiving Requirements
Jun 10th, 2008 by LoPo
Disclaimer: I’m a Microsoft Exchange Administrator, some of this can apply to other messaging environments but most is specific to Exchange installations.
So I decided to write a little article about Email Archiving since it’s a subject that has been very near and dear to my heart for the last, oh, almost 2 years. I’ve gone through a grueling time trying to get a particular product up in going with the help of Professional Services and it was decided that the product simply wouldn’t work in our environment and the project was scrapped after almost 10 months. Might I had that the product was selected without proper evaluation and research. Continuing, I had already began researching vendors before scrapping the current project, reading reviews, ignoring Gartner’s magic quadrant, reading more reviews, looking at whitepapers, online documentation and I came up with a list of 8 in-house solutions and two outsourced solutions. During the subsequent months, we cut the outsourced solutions and 4 of the in-house solutions. After which we began an evaluation of the 4 vendors, 3 of which were Software solutions based on MS SQL and some sort of Application server, the 4th was a hardware based(you want to think appliance, but it isn’t per se one) solution. Each product had their strengths and weaknesses…. more later on.
Anyways, the reason: I’ve watched threads on various forums and mailing lists go by asking about Email Archiving platforms out there and it appears Admins don’t really understand their requirements which determines which solutions they should evaluate/select. For example, a Messaging team working at a privately held company in healthcare industry could have very different reasons for archiving email than say a messaging team working for a publicly traded patent holding technology company.
So you might be asking yourself, like what reason?
Regulations – Thanks Enron and Identity Theft
- Do I have to follow some sort of regulatory guidance? HIPAA, SOX, etc
- Do I have legal requirements? “We shred email after 1 year”
- Are we constantly going to litigation?
- Do we outsource the eDiscovery process and analysis?
- Do I have document retention requirements? i.e. Must keep contracts for 3 years, PO’s for 7 Years, etc.
- Do I have international locations that are bound to strict privacy acts? EU…
- Do I need to be able to perform discovery searches against the entire archive data set?
These would be what I refer to as compliance requirements.
Technical – Can I improve performance?
- Do I have messaging database bloat? You know the user type, the one that saves EVERYTHING including the “There is left over sandwiches in the break room, come get it!”. These users often cause your mailbox database to grow and grow. Hopefully you’re shaking your head and saying “This is why we have quota’s in place!”.
- Is my messaging environment distributed? Mailbox servers located in various offices connected via some sort of WAN, MPLS, or VPN link.
- Do I need to archive more than just email? Files, SharePoint, SQL, LCS, or OCS…and do I need to search from a single interface
- Are PST’s out of control, and perhaps against Policy?
- If bound by a compliance requirement, which generally requires Exchange Journaling to be enabled, can my Exchange server’s handle the additional load that journaling produces?
These would be what I call Mailbox and Data Management requirements.
Political – Who is this going to piss off?
- Are we open to outsourcing this solution? Are we worried about our data residing on systems outside our control?
- Do I want users to know their data is being archived?
- Do I want users pulling their data directly from the Archive repositories?
- Do I want to prevent users from creating and using PST’s to save data outside our retention requirements?
These would be what I call, the “Walking on Egg Shells” requirements.
As you can see there are several factors to define your requirements.
All for now, more in a future post.
Do you see Exchange journaling used primarily for compliance oriented organizations? What about eDiscovery purposes? Other?
Hi Jody,
I see journaling used in both those manners that you’ve asked about. There is no way you can guarantee compliance without Journaling. Compliance requires that you have, and can prove, that you have a copy of every message transmitted to and from your users mailboxes. The only way you can to this is with Journaling. However for eDiscovery, this term can cause some misunderstanding amongst the IT pros and their management. The term eDiscovery is, and has been, misused by most Email Archiving vendors which is part of the confusion amongst corporate america’s messaging departments. What you end up finding is that most Email Archiving vendors have an expensive add-on that has eDiscoveryisk features, but isn’t a true eDiscovery tool. If you want to see a true eDiscovery tool, I would point you to ClearWell.
Email archiving is simply a means to move, retain, index, and store emails outside of the Messaging environment and most often apply retention to this data so that IT departments can respond in timely manner. eDiscovery on the other hand is the means of searching, tagging, culling the archived data with a method to export for litigation purposes or investigations while retaining chain of custody.
So to answer your question, you would see Journaling used in most infrastructures that are subject to email retention, document management, and compliance requirements. Most often than not, those policies are derived from corporate legal departments so that when they’re faced with litigation they can produce all discoverable documents per those policies.