Email: Archival & Compliance

Overview	Archival	Backups/Disaster Recovery	Compliance	Forensics
Email Archiving and Compliance Solutions A problem faced by many organisations, despite the plethora of high profile cases of major organisations failing to retrieve e-mails in a timely manner, organisations are still failing to deploy effective e-mail archiving solutions. Recent surveys from Gartner, Forrester and Radicati all show that a fraction of companies have implemented an email archiving solution even though there increasingly more and more legislation requiring organisations to retain documents and communications including email. Furthermore organisations are obliged to demonstrate transparency to shareholders by establishing good corporate governance and risk management procedures. By implementing appropriate technologies they can achieve this - but the majority of organisations have not done this to date. IT departments have escalating storage concerns with mail servers exceeding capacity and are requesting employees to delete emails to reduce mailbox quotas. Important documents are being destroyed. Documents that are meant to be kept for compliance and legislative purposes. This cannot be allowed to continue. Important business decisions, commitments and financial documents are communicated by email Companies are being required by law to keep email for substantial retention periods and there are now criminal penalties for email shredding Disciplinary proceedings, harassment cases, tracing corporate leaks often require rapid access to email evidence Vicarious liability: Employers are responsible for the actions of their employees Email is being used as valid evidence in court cases Storage on the mail servers is growing rapidly and companies need to offload these emails into a centralised secure and audited repository Email solutions can be provided for any business size, and we can provide a comprehensive email archiving and email compliance solution suitable for your needs. Products in this category involve: Scalable email solutions Email solutions for compliance with information laws Email solutions for archiving Secure email archive storage Easy email solution installation Email solutions to automatically replicate emails on the email archive to another archive server for disaster recovery and business continuity Email solutions to reduce the load (and increase capacity) on Exchange email servers Compatibility with all email server technology Email migration tools between different email servers Advanced email archive search tools Forensic grade email compliance technology Email Archiving and Compliance Solutions A problem faced by many organisations, despite the plethora of high profile cases of major organisations failing to retrieve e-mails in a timely manner, organisations are still failing to deploy effective e-mail archiving solutions. Recent surveys from Gartner, Forrester and Radicati all show that a fraction of companies have implemented an email archiving solution even though there increasingly more and more legislation requiring organisations to retain documents and communications including email. Furthermore organisations are obliged to demonstrate transparency to shareholders by establishing good corporate governance and risk management procedures. By implementing appropriate technologies they can achieve this - but the majority of organisations have not done this to date. IT departments have escalating storage concerns with mail servers exceeding capacity and are requesting employees to delete emails to reduce mailbox quotas. Important documents are being destroyed. Documents that are meant to be kept for compliance and legislative purposes. This cannot be allowed to continue. Important business decisions, commitments and financial documents are communicated by email Companies are being required by law to keep email for substantial retention periods and there are now criminal penalties for email shredding Disciplinary proceedings, harassment cases, tracing corporate leaks often require rapid access to email evidence Vicarious liability: Employers are responsible for the actions of their employees Email is being used as valid evidence in court cases Storage on the mail servers is growing rapidly and companies need to offload these emails into a centralised secure and audited repository Email solutions can be provided for any business size, and we can provide a comprehensive email archiving and email compliance solution suitable for your needs. Products in this category involve: Scalable email solutions Email solutions for compliance with information laws Email solutions for archiving Secure email archive storage Easy email solution installation Email solutions to automatically replicate emails on the email archive to another archive server for disaster recovery and business continuity Email solutions to reduce the load (and increase capacity) on Exchange email servers Compatibility with all email server technology Email migration tools between different email servers Advanced email archive search tools Forensic grade email compliance technology Why Email Archiving? There are many reasons for considering an email archiving product - from simple prudent email protection, a fail safe option for retrieving lost or historical emails to offloading email servers through automatic storage redirection to the email archive. With costs for email recovery from traditional backups rising considerably, email archiving products can assist with reducing administration costs associated with managing email storage. Important items to include in any email archive shopping list should include scalability, relieving storage demands from email servers, provision, powerful search & retrieval, disaster recovery features and ease of use, installation and support. Please contact us for email solutions that provide: Rapid retrieval of historical or lost emails. Basic and advanced searching of the archive, reducing the time to locate emails. Import and Export of emails to and from the archive allowing migration and email recovery. Scalable, extensible storage solutions accommodating the business email capacity as it rises. Reduced administration cost associated with dependence on tape storage. Mirroring and auto-replication of emails providing disaster recovery for email data. Large email processing capability allowing emails of virtually unlimited size to be processed - providing flexibility and assurance of smooth email data capture. Seamless access via LDAP/Active directory integration - providing simple, hassle free automatic access to the archive for individual users. Privileged, audited searches protected through our unique data guardian 'auditing' technique. Email Backup and Disaster Recovery Imagine the worst situation you can with regard to losing your primary email server The disruption to service and the ramifications of lost email are likely to have a major impact and associated cost to your organisation. During this time compliance regulations don't change, and businesses are still obliged to protect email information. Typically in such situations businesses resort to the tried or trusted regime of backup recovery. Or should that be tired and busted regime? Magnetic tapes degrade, are slow, and require extensive administration to recover even Gigabytes of data let alone Terabytes. During the recover process, email - often in plain text - is easily readable by anyone who has access to the tape volumes. On a more routine level, requests from individuals to the I.T. Department to recover a particular email whether due to accidental loss, or because it transgressed a retention period are costly, incur disruption and delay and again, potentially expose all email stored on backups to prying eyes. An Osterman Research survey showed that 44.1 percent of surveyed organisations allow users to back up their own mission critical email data. This approach obviously ensures employees spend a lot of time managing their email data and incurs a loss in employee productivity. Add to this the cost of data recovery and the loss of evidential weight for litigation cases. Email Replication solutions available allow emails to be automatically copied to a duplicate server located anywhere in the organisation or an appropriate hosting center. ISP's or those providing managed services can even provide the backup for companies that don't wish to invest in a backup of their own. Replicating email in this way not only allows users to perform their own recovery operations at individual user level - without involving any administration overhead - it also allows them to recover the emails quickly - typically in less than 5 - 10 seconds compared to days or weeks for some backup recovery operations. Not only are individuals able to retrieve their own items of email, but privileged users can retrieve the email of any user through secure technology. This almost completely removes dependence on email backups and while we don't advocate dispensing with traditional backups, with the Email Replication solution, they will be rarely, if ever utilised. From a disaster recover perspective, the Email Replication solution not only protects your email archive but your whole email compliance archive policy. Aside from the obvious benefits of having instant access to all email on the server, businesses can show they have protected their email data even in the event of a widescale disaster - something those without email backup and disaster recovery solutions cannot claim. Compliance Unless you are well versed in compliance and specifically email compliance law, the various regulations affecting email are a minefield - and an overlapping minefield at that. We further divide compliance between external compliance and "internal" compliance. Those responsible for the ultimate protection of data need to have confidence that complete email information can be produced within certain time periods and/or that it can be shown to be intact. If it cannot be shown that email has not been tampered with, then it is said to have lost evidential weight. In addition to this, other data regulations are related to "exposure" of personal or other business sensitive data to inappropriate parties. Another type of compliance, "internal compliance", is about common sense, best practice techniques to preserve email over a common retention period with the subsequent ability to retrieve email data in a cost effective, timely fashion. Many organisations today still require the retrieval of much tape media - which often depends on knowledge of when an email was said to have been sent or received. Internal compliance is a key ingredient in protecting organisations against disputes, legal claims or other litigation that may be difficult to defend without the requisite email evidence. Whether you are concerned about "internal" compliance to protect the organisation against litigation by its employees, trading partners or other organisations or you need to comply with government and industry email data protection regulations, your business will require the ability to accurately, and confidently perform discovery or e-discovery operations. Being able to reproduce email data quickly and show that it has not been tampered with is a key ingredient to compliance. In addition, the ability to audit privileged users, to mitigate the risk of abuse of position, is a mandatory requirement for any solution assisting with email compliance. Our email solution product philosophy is compliance driven and, for this reason, does not support the concept that emails from different sources within a business should have different retention periods. This would be to assume that emails from one part of an organisation has the content of their emails restricted to a single email data protection regulation. Sales departments may refer to both personal data ("I hope your partner has recovered from their recent illness") to financial information ("the price of the widgets is $3000"). Our philosophy is that you don't know whether or not you need to retain an email until you need to retrieve it. With regard to auditing, our email solutions provide the most stringent auditing capabilities on the market with the Data Guardian technology. By ensuring that responsible Data Guardians are responsible for "watching" what people are searching for, all search attempts (only the criteria, not the results) are emailed - and as such auditable to the Data Guardian team - thus mitigating the risk of Director level collusion to read or destroy email evidence unchecked. Our email solutions provide protection and immediate compliance to all of the above internal and external compliance regulations and processes for email data. By archiving and replicating copied email across multiple locations, together with the ability to both retrieve and restore emails, we provide a compliance driven email archiving solution. The first choice for many legal entities in the U.K., our products can save businesses significant sums in removing the dependency on tape backups (that incidentally, typically would allow inappropriate personnel access to protected information), and increasing the confidence that email data whether buried in an attachment or body of an email can be easily retrieved with the minimum of fuss. For all the above reasons, our email solutions offer one of the only "forensic grade compliance solutions" in the world, combined with a world class, scalable email archiving storage solution. Email Forensics Being able to state with confidence that a complete record of emails to and from an organisation and internally within a business requires a clinical, organised and provable trace of email that will provide any investigating entity with a high degree of confidence that they have an accurate record of email events. Our email solution's retention philosophy of retaining all email is the only approach that can guarantee a holistically complete email record set. Those approaches that employ or offer a policy manager not only increase the cost of ownership of the email archiving product, but also cannot be said to offer true email compliance. Certainly there can be little confidence that all emails have been retained. Such solutions can be said to be archive driven as opposed to compliance driven. Forensic grade compliance describes a grade of email archive compliance that has high evidential weight with regard to its completeness and integrity. It must be shown that the email records could not have been tampered with beyond all reasonable doubt. This effectively means that it must be possible to demonstrate that the record being written is the same as the record being read back. Our forensic email solution has a heritage of embedded forensic robustness with time stamps taken from sender, recipient, timing servers and processed time. With email data protected via AES 128bit encryption, and tamper proof checksums ensuring administrators and auditors alike may be confident in the knowledge that emails have not been tampered with and that the email archive provides a true reflection of the sequence and content of email messages. Further, the Data Guardian technology mitigates the risk of unauthorised or inappropriate e-discovery operations by privileged personnel - ensuring that appointed data guardians are informed of all investigative activity.