I’m working on a new feature article for Storage Magazine focused on selecting an enterprise email archiving product. This is something I’ve done quite a bit of work around, so I decided to redirect it into a “bride magazine” type “ten things to look for” item. If you too know about the field of email archiving products, how about weighing in with a comment or email with your opinion?
Without further ado:
The ten technical things some email archiving products do and others do not do*
- Capture all messages – Can the archiving system really guarantee that every message is captured? Really? Even if a user does the old “double-delete” and gets rid of every copy on the system before the “archive sweep” happens?
- Search and e-discovery – It’s amazing to me that some archiving systems have really terrible search capabilities. But more important is whether they can handle real e-discovery requests from the legal department.
- Record user metadata – Capturing what users do with a message (read, file, ignore, forward) is a tough nut to crack, and it might just be impossible with some archiving technologies!
- Archive stuff other than email – Some are general archives that can take just about any content, while others are purpose-built for email. I am hemming and hawing on whether this is critical in an email archiving product, and which is preferrable…
- Security and chain of custody – How secure is the archive content? If the answer is “kinda” then your legal department is not going to be happy!
- Ingest an existing mail store or PST file – It’s great when an archiving system can capture every email once it’s installed, but it’s a whole other matter to be able to pull in pre-existing content. But beware! You have to flag this stuff as possibly incomplete and perhaps even unreliable!
- Integrate with mail clients – What does the end user see? Is it an unfamiliar web link or a reassuring Outlook window? What about Outlook Web Access users? Or the 8,000 other email clients?
- Allow off-line access – Can a user access the archive when they’re on a plane? Can they see it on the train? Would they, could they in the park? Will you, will you when your data center goes dark?
- Integrate with third-party tools – How well will the archive really serve legal if it can’t export messages to their favorite search tool? Note – some can even talk directly with these products!
- Integrate with mobile users – Ok, I am on an iPhone in the enterprise crusade, but I’ll admit that lots of folks use BlackBerries and Windows Mobile (and Symbian) too. How can they access the archive?
I’ve worked with most of the products out there, and know who can and can’t do these things. But not all are important to everyone, so I just can’t say “this product is best.” But I’m very interested in your opinion. What key technical differentiators would you suggest?
* Not the actual article title!
Full disclosure: I’m VP Sales and Marketing for the US vendor of Crioserver email archiving appliance made by UK-based Forensic Compliance Systems (FCS). Having said that, this makes me sort of an expert in the field, Cryoserver or not Cryoserver 🙂 . I’ll simply try to be helpful, and hope you’ll judge my comments on their merits. Please feel free to contact me with any questions, of course.
So, my comments will be both generic and also refer to specific Cryoserver’s capabilities. Feel free to consult http://www.primeviewusa.com/cryoserver.cfm. I’ll address each of your points, and add some of my own. I’ll also rate the capabilities listed on scale of 1 to 10, 10 being the most important. This rating is of course my own, but it is based on real customer’s requests and feedbacks. Needles to say, Cryoserver does it all, and bakes apple pies as well 🙂 !
1. Capture all messages, incl. making “delete-delete” trick irrelevant – extremely important! You must be able to provide a COMPLETE and TAMPER-PROOF store, to prove in court and elsewhere NOT ONLY THAT AN EMAIL WAS RECEIVED BUT ALSO THAT IT WASN’T. (Rating – 10)
2. Search and e-discovery – ease of search and sophistication of search options very important! Average consulting rate in NYC area of IT professional specializing in e-discovery is $120/hr, attorney doing same well above $500/hr. They’ll be standing there, clocking billable hours, while you’re sweating through primitive searches… (Rating – 9)
3. Record user metadata – paramount. Not only what was done with an email (read, ignored etc.), but not less importantly – ability to EXPAND and make serchable mailing list of TO, FROM, CC, BCC INCLUDING GROUP INFO as it existed and FREEZING IT AT THE MOMENT THE EMAIL WAS CREATED AND SENT. Meaning – people leave, move from group to group, groups get disbanded (SUBRPIME_MORTGAGES_SUPER_START_FINANCIERS at Bear Stearns, anyone?) , then the company gets sued, emails subpoenaed… (Rating – 10)
4. Archive stuff other than email – not very important in an “email archiving solution”. If you want to archive, inventory, protect, journal etc. data outside of email system, you’re better off using other utilities doing that. One comment about “other stuff” in conjunction with email – attachments handling is important. Email archiving device/software must be able to efficiently archive, stub (i.e. archive only once if identical via hash signature), and efficiently search through attachments. Attachment search must include ability to search through zip file withing zip file within zip file in foreign languages incl. double-byte characters (Chinese, Japanese, French etc.) while it is all password-protected… Otherwise you’ll never find out who exactly ordered the attack on Pearl Harbor… 🙂 Got the idea? 🙂 (Rating – 5)
5. Security and chain of custody – without that, archive is meaningless. But not only that – one of the rules of most of the laws and regulations governing email preservation (SOX, HIPAA, FRCP amendment 26 etc.) also require CONFIDENTIALITY of e-documents. Meaning, only people named in the addresses of the email and people ESPECIALLY AUTHORIZED can see it. That’s why fully compliant and tamper-proff email archiving tool should allow only read-only access of owners to their own email, a special group of privileged users that can retrieve other people emails, and a special group of WATCHERS (and watchers that watch the watchers!) that will be notified of ANY access to email archive, the nature of that access (i.e. search terms), who did it and why. (Rating – 10)
6. Ingest pre-existing email – yes, must be capable of doing that, must be capable of marking these emails as potentially unreliable. But also, MUST be able to RELIABLY CATCH UP – i.e. if archiving device is for some reason disconnected, it should be able to go back and archive emails that meanwhile passed through. Also, should be able to serve as a backup device for email server – if email server crashes and loses a bunch of emails, one should be able to restore them from the archive back to the server. (Rating – 8)
7. What users see – of course “a reassuring Outlook window”! 🙂 Or icon within existing mail client. Whatever works best for the organization. That includes Outlook web access etc. (Rating – 7)
8. Allow off-line access – yes, should be available. Depending on local MIS/IT/compliance policies. And yes, when data center goes dark too – email archiving tool must include mirroring finctionality – i.e. mirroring device that could be located off-site, in a disaster-recovery facility. This will achieve two goals – accessibility when data center “goes dark”, and easily restorable backup (not like tapes!) if a real disaster strikes. Not of equal importance to everybody though, depends on the type of organization. And budget, of course. But the capability must be there. (Rating – 4)
9. Integrate with third-party tools – actually, one should say “must have an ability to export search results in a variety of formats”. Subsequently, these results will be imported into 3rd-party tools that legal likes, which is usually a trivial task. (Rating – 9)
10. Integrate with mobile users – if you can access your corp. email from your mobile device, then it should be as easy to access the archive. Period. If compliance agrees of course 🙂 , but the capability should be there. (Rating – 5)
Full disclosure: I’m VP Sales and Marketing for the US vendor of Crioserver email archiving appliance made by UK-based Forensic Compliance Systems (FCS). Having said that, this makes me sort of an expert in the field, Cryoserver or not Cryoserver 🙂 . I’ll simply try to be helpful, and hope you’ll judge my comments on their merits. Please feel free to contact me with any questions, of course.
So, my comments will be both generic and also refer to specific Cryoserver’s capabilities. Feel free to consult http://www.primeviewusa.com/cryoserver.cfm. I’ll address each of your points, and add some of my own. I’ll also rate the capabilities listed on scale of 1 to 10, 10 being the most important. This rating is of course my own, but it is based on real customer’s requests and feedbacks. Needles to say, Cryoserver does it all, and bakes apple pies as well 🙂 !
1. Capture all messages, incl. making “delete-delete” trick irrelevant – extremely important! You must be able to provide a COMPLETE and TAMPER-PROOF store, to prove in court and elsewhere NOT ONLY THAT AN EMAIL WAS RECEIVED BUT ALSO THAT IT WASN’T. (Rating – 10)
2. Search and e-discovery – ease of search and sophistication of search options very important! Average consulting rate in NYC area of IT professional specializing in e-discovery is $120/hr, attorney doing same well above $500/hr. They’ll be standing there, clocking billable hours, while you’re sweating through primitive searches… (Rating – 9)
3. Record user metadata – paramount. Not only what was done with an email (read, ignored etc.), but not less importantly – ability to EXPAND and make serchable mailing list of TO, FROM, CC, BCC INCLUDING GROUP INFO as it existed and FREEZING IT AT THE MOMENT THE EMAIL WAS CREATED AND SENT. Meaning – people leave, move from group to group, groups get disbanded (SUBRPIME_MORTGAGES_SUPER_START_FINANCIERS at Bear Stearns, anyone?) , then the company gets sued, emails subpoenaed… (Rating – 10)
4. Archive stuff other than email – not very important in an “email archiving solution”. If you want to archive, inventory, protect, journal etc. data outside of email system, you’re better off using other utilities doing that. One comment about “other stuff” in conjunction with email – attachments handling is important. Email archiving device/software must be able to efficiently archive, stub (i.e. archive only once if identical via hash signature), and efficiently search through attachments. Attachment search must include ability to search through zip file withing zip file within zip file in foreign languages incl. double-byte characters (Chinese, Japanese, French etc.) while it is all password-protected… Otherwise you’ll never find out who exactly ordered the attack on Pearl Harbor… 🙂 Got the idea? 🙂 (Rating – 5)
5. Security and chain of custody – without that, archive is meaningless. But not only that – one of the rules of most of the laws and regulations governing email preservation (SOX, HIPAA, FRCP amendment 26 etc.) also require CONFIDENTIALITY of e-documents. Meaning, only people named in the addresses of the email and people ESPECIALLY AUTHORIZED can see it. That’s why fully compliant and tamper-proff email archiving tool should allow only read-only access of owners to their own email, a special group of privileged users that can retrieve other people emails, and a special group of WATCHERS (and watchers that watch the watchers!) that will be notified of ANY access to email archive, the nature of that access (i.e. search terms), who did it and why. (Rating – 10)
6. Ingest pre-existing email – yes, must be capable of doing that, must be capable of marking these emails as potentially unreliable. But also, MUST be able to RELIABLY CATCH UP – i.e. if archiving device is for some reason disconnected, it should be able to go back and archive emails that meanwhile passed through. Also, should be able to serve as a backup device for email server – if email server crashes and loses a bunch of emails, one should be able to restore them from the archive back to the server. (Rating – 8)
7. What users see – of course “a reassuring Outlook window”! 🙂 Or icon within existing mail client. Whatever works best for the organization. That includes Outlook web access etc. (Rating – 7)
8. Allow off-line access – yes, should be available. Depending on local MIS/IT/compliance policies. And yes, when data center goes dark too – email archiving tool must include mirroring finctionality – i.e. mirroring device that could be located off-site, in a disaster-recovery facility. This will achieve two goals – accessibility when data center “goes dark”, and easily restorable backup (not like tapes!) if a real disaster strikes. Not of equal importance to everybody though, depends on the type of organization. And budget, of course. But the capability must be there. (Rating – 4)
9. Integrate with third-party tools – actually, one should say “must have an ability to export search results in a variety of formats”. Subsequently, these results will be imported into 3rd-party tools that legal likes, which is usually a trivial task. (Rating – 9)
10. Integrate with mobile users – if you can access your corp. email from your mobile device, then it should be as easy to access the archive. Period. If compliance agrees of course 🙂 , but the capability should be there. (Rating – 5)
Email archiving solutions should help the companies to meet the email archiving compliance requirements including, SEC, NASD, HIPAA, FRCP, and Sarbanes Oxley and to reduce physical storage.
-www.jatheon.com
Not to mention archiving solutions should reduce burdens on IT departments. If they are clunky and hassles they really aren’t doing their job. They should also benefit end users say if they loose or delete emails.
Sonian Blog