Follow GFI:
Find us on Facebook Follow us on Twitter Find us on Linkedin Subscribe to our RSS Feed Find us on YouTube Find us on Google+
 

Email Archiving Doesn’t Have to be a DIY Project

on June 19, 2013

email archiving is not a DIY projectThe “do it yourself” craze is big, and there’s a good reason for that. You can learn a lot, save money, and ensure that things get done your way. But there’s a down side, as well.  The success (or not) of DIY depends on both the nature of the project itself and on the person(s) doing it. While DIY might be a great choice for minor home improvement projects such as putting up wallpaper or laying tile, it can turn into a disaster – or even turn deadly – when amateurs decide to tackle electrical work or knock down structural walls. And painting a mural on your wall might turn out great for a do-it-yourselfer with some artistic talent, whereas it might not end up so well for someone who has never had an aptitude for art.

In the IT world, network admins often find themselves in the DIY role for different reasons. Some are just control freaks – you almost have to be, to some degree, to do the job properly – and they subscribe to the notion that if you want something done right, you have to do it yourself. Others are placed in the DIY position out of necessity; budgetary restrictions or management decisions originating “upstairs” may force you to take on projects that are beyond your level of expertise or for which you don’t have time.

Email archiving is one of those tasks that would seem, at first glance, to be an easy fit for DIY.  To “old school” folks, archiving is a pretty simple and straightforward thing; it just means storing old records somewhere, separate from current working files. However, modern archiving is a bit more complicated than that.

First we need to look at why we archive records in general, and email in particular. There are a number of business reasons for keeping old messages. A high percentage of business communications today are conducted via email. Having access to past messages is a part of business continuity, whether in the more familiar sense of recovery from a disaster or in the broader sense of maintaining consistency and avoiding reinvention of the wheel, as well as verifying and understanding the reasoning behind past decisions and actions. Personnel turnover can result in chaos, but if a history of discussions about a particular project or issue has been preserved, new employees and managers can get up to speed in their roles much more easily and quickly. Email messages may also yield valuable information that is needed in case of an internal personnel investigation or an audit.

However, there’s an even more compelling reason to archive email messages. In many cases, it’s the law. Governmental and regulatory agencies often require businesses to retain email messages in order to be in compliance with their standards. Not only might you be required to keep the messages, but you also may be legally obligated to ensure that they are stored securely.

Even if your organization doesn’t belong to a regulated industry, email messages are frequently a prime target in the discovery process in case of a civil lawsuit (e-discovery). In the U.S., the Federal Rules of Civil Procedure say that all emails and other communications files that may be relevant to current or future litigation must be produced when requested in a lawsuit. Failure to comply with the FRCP can subject you to penalties that include fines, sanctions, or contempt of court charges and can result in your organization losing the lawsuit.

Email messages may also be subpoenaed in the case of a criminal investigation. When email messages become evidence in a legal proceeding, you may have to do more than simply produce the messages. You may also have to prove that they are authentic and haven’t been changed or tampered with.  A few years ago, I co-authored a white paper with Mike Wolf at Microsoft (Establishing the Foundation of Authenticity for Electronically Stored Information: Strategies Using Microsoft Technologies) that explored this issue in some detail.

When you take all these factors into consideration, email archiving starts to look like very serious business, and something that you might want to leave to the professionals, in the same way you probably wouldn’t attempt to perform surgery on yourself or act as your own attorney in court.

The solution might be to contract with a provider of hosted email archiving services – and let them manage your archiving for you. But you might be (understandably) wary of storing all those messages, some containing sensitive information, in a cloud-based service. That’s why it’s important to use a provider you can trust – a company with a long history of focusing on security as well as email archiving. Archiving can be integrated into a comprehensive email security solution that also protects against spam, email-based malware and can even block inappropriate outbound messages.

There are a number of good reasons to consider integrating email security and storage and taking it “to the cloud” and the security of your archive is an important one.

If you’re looking for a cloud-based email security, continuity and archiving solution, have a look at GFI MailEssentials® Online, or register for a free trial and give it a spin today! 

 

About the Author:

DEBRA LITTLEJOHN SHINDER is a technology consultant, trainer and writer who has authored a number of books on computer operating systems, networking, and client and server security over the last fourteen years. These include Scene of the Cybercrime: Computer Forensics Handbook, published by Syngress, and Computer Networking Essentials, published by Cisco Press. She is co-author, with her husband, Dr. Thomas Shinder, of the best-selling Configuring ISA Server 2000, Configuring ISA Server 2004, and ISA Server and Beyond. Deb has been a tech editor, developmental editor and contributor on over 20 additional books on networking and security subjects, as well as study guides for Microsoft's MCSE exams, CompTIA's Security+ exam and TruSecure’s ICSA certification. She formerly edited the Element K Inside Windows Server Security journal. She authored a weekly column for TechRepublic’s Windows blog, called Microsoft Insights and a monthly column on Cybercrime, and is a regular contributor to their Security blog, Smart Phones blog and other TR blogs. She is the lead author on Windowsecurity.com and ISAServer.org, and her articles have appeared in print magazines such as Windows IT Pro (formerly Windows & .NET) Magazine. She has authored training material, corporate whitepapers, marketing material, webinars and product documentation for Microsoft Corporation, Intel, Hewlett-Packard, DigitalThink, GFI Software, Sunbelt Software, CNET and other technology companies. Deb specializes in security issues, cybercrime/computer forensics and Microsoft server products; she has been awarded Microsoft’s Most Valuable Professional (MVP) status in Enterprise Security for eight years in a row. A former police officer and police academy instructor, she has taught many courses at Eastfield College in Mesquite, TX and sits on the board of the Criminal Justice Training Center there. She is a fourth generation Texan and lives and works in the Dallas-Fort Worth area.

submit to reddit
 

Leave a Comment

Name Required
Email Required
Website
Comment