A Sticky Storage Situation

In light of today’s strict regulatory environment, James Blake, Chief Strategist of unified email management company Mimecast discusses the need for enterprises of all sizes to adopt an email management strategy which enables companies to store and search through their emails.

Email has become the mainstay of the business world as both a communication tool but also as a means of delivering a high proportion of business correspondence. In fact each of us are now receiving an average of 18 MB of data per day – and that’s due to increase to 28 MB of data per day by 2011. Add to this a fact recently reported by industry analysts the Radicati Group; that just 14% of business emails are being archived and the scale of the issue of storage and retrieval becomes evident. With organisations currently facing an increasing number of regulations with which they must comply, the importance of managing email throughout its lifecycle from transmission to storage has never been more important. A recent number of high profile cases have brought this into focus.

In early May this year, a 24 page report into the Electronic Records Preservation at the White House revealed that the US Government was in breach of the Presidential Records Act, which came into force after the Watergate Scandal and clearly states that presidential records belong to the citizens of the United States, not the president and his representatives.

When George W Bush came to power, it was decided to move the Whitehouse’s email server from IBM’s Lotus Notes to Microsoft’s Exchange. It was found that the Whitehouse’s incumbent archiving server, the Automatic Records Management System (ARMS), could not handle the data from the Exchange server. It also transpires that the archived email was stored on Whitehouse servers in such a way that historical email was accessible by all users of that server, regardless of their security clearance.

In light of this incident, a business might have worried about the threat of confidential information reaching a competitor or personally identifiable information leaving or leaking out. This throws the storage policies of UK businesses into the spotlight again as the law does not yet require firms to store emails or paper documents, except in relation to specific taxation or corporate issues. The result is that, in most cases, it is up to the firms to make their own policies regarding storage and retrieval of electronic communications.

Many organisations are now beginning to adopt service based offerings to ensure continuity of email to Microsoft Exchange, in fact, this is exactly what London law firm Sprecher Grier Halberstam (SGH) have done recently. If the Whitehouse had used a service like this, email continuity would have been provided immediately (according to the report, the migration took two years), as well as providing watertight email retention with strong chains-of-custody.

Recently, however, many well documented incidents have reinforced the need for a wider email lifecycle management system that enables companies to adopt effective policies not only for storage but also to protect against data from leaking out of their organisation. Today’s regulatory environment makes the consequences of data leakage severe, whoever sees it. The Data Protection Act, HIPAA, EuroSOX, MiFID and GLBA all mandate the confidentiality of information and, therefore, the prevention of leakage. The Data Protection Act in particular requires that organisations prevent the disclosure of any personal data stored by the business or Government in question; the Payment Card Industry’s Data Security Standard requires that if a business handles payments by credit card (or just store the card information) then all outgoing communications must be screened for credit card data. Back in 2007, The Financial Services Authority fined Nationwide Building Society £980,000 for losing a laptop with 11 million customer details, but this year it also fined a stock broking firm for having poor security controls and inadequate protection for client details even though no information had been lost or stolen.

Furthermore a fine isn’t the only way that leaked information can impact business. For example, Hertz Global Holdings dropped Deutsche Bank from its underwriting team after “several emails” discussing its imminent $1.5 billion initial public offering were inadvertently sent by the bank to about 175 institutional clients.

Overall this demonstrates the critical requirement for enterprises to employ a centralised email data management tool. Without such a solution companies run the risk of losing control over their important business records and are unable to retrieve valuable information.

Mimecast is exhibiting at Storage Expo 2008 the UK’s definitive event for data storage, information and content management. Now in its 8th year, the show features a comprehensive FREE education programme and over 100 exhibitors at the National Hall, Olympia, London from 15 - 16 October 2008 www.storage-expo.com

Source: StoragePR