Page III: Companies are under pressure to keep more data for longer periods of time due to regulatory requirements. How should IT departments cope with electronic communications archiving?
At the same time, archiving absolutely all messages is often seen as the easiest and lowest-risk route to compliance. While today this may still be the safest choice, these companies will face the difficult task of managing an enormous volume of messages in two to three years, which not every archiving solution may be able to handle. Given this, it's critical that you select a solution that is ideally suited for corporate-wide e-mail capture and archiving based on key words/phrases, individuals, roles, or other customisable identifier -- while maintaining long-term security, efficiency, and economy related to storage requirements.
Beyond backup
Distinguishing between e-mail backup and e-mail archival is critical if regulatory problems are to be avoided. E-mail backup systems are designed to provide wholesale recovery of the e-mail server, should a disaster befall the production environment. These systems are not designed for compliance or legal discovery-related record retention.
Simple e-mail system backups have no provision for the review of individual e-mail records. Backup processes format the data to reduce storage space and speed future recovery processing. This formatting works against attempts to review and retrieve individual messages.
A true e-mail archiving and retention system ensures, at a minimum, that companies have ready access to any given e-mail record, whenever it is needed. Maximising the evidential weight of e-mail records also requires a secure audit trail capable of tracking every action against every archived e-mail message.
Look for security and scalability
A good approach to e-mail archiving will capture every e-mail and attachment and compress the data. A better approach ensures that a unique key is generated and encrypted, and that the message is digitally signed. The compressed, encrypted, and signed messages and attachments, normalised for single-instance, should then be written to a highly scalable relational database. Only after the archived message is successfully stored in the database should it be deleted from the archive inbox.
Keep in mind that solutions that troll mail servers for messages may not provide the best approach. Some products process mail messages as they pass through the server. This real-time processing provides airtight auditing and leaves no window for the messages to be tampered with prior to being encrypted and archived. A distributed configuration for the archiver, which may run as a Windows service, can also eliminate the potential for degraded mail server performance due to archiving. Look for a solution that is able to run multiple archiver processes simultaneously, each accessing a different mail server. This will aid in scalability as the flow of e-mail increases.
The best e-mail archiving solutions will perform comprehensive auditing of every event in the life cycle of an e-mail message. Each time a message is stored, viewed, retrieved, or deleted, the audit system tracks the change, logging the activity in a secure database. Any changes made to policy configurations affecting an archived message should also be audited.
The encryption and digital signing of all e-mail and attachments, as soon as they enter the archiving process, eliminate any possibility of the audit trail being circumvented. Without comprehensive encryption, this guarantee cannot be made. The combination of strong encryption and a bulletproof audit trail allows administrators to vouch for organisational compliance with auditing requirements and regulations with confidence.
Editor's note: This article is meant for information purposes only. Designing and deploying solutions for compliance purposes should always be done with the advice of a lawyer or consultant whose specialty lies in the area of archiving regulations.
1%
8%
