Save or toss?

Key considerations when archiving e-mail

While employees are complaining about the volume of e-mail they have to wade through, most IT managers are reaching for the antacid as they tackle e-mail management. Today, with the exponential growth of e-mail databases, regulations such as HIPAA and Sarbanes-Oxley, and increased scrutiny from regulatory organizations such as the Securities and Exchange Commission, e-mail management policy -- or a lack thereof -- has weighty implications for the IT environments and businesses they serve.

One thing is certain: There are timeliness, content and format requirements that must be met to comply with these regulations. Without policies and tools in place, simply leaving it to employees to use their best judgment can make it extremely difficult to satisfy the law. As employees store correspondence on myriad local drives, they make files inaccessible. And without periodic backups, the risk of damage to these files grows.

When it comes to policy, there are several factors to consider: the priorities spurring the need for policy, accessibility issues, deciding what to archive, and storage capabilities.

The all-important "Why?" Consider what's driving the need for e-mail archiving. If an industry guideline or regulatory body is determining compliance, work with a vendor that is knowledgeable about those specific regulations, and involve your legal counsel to help determine archiving policies.

Regulatory guidelines may dictate format. For example, the SEC expects everything to be on CD and in duplicate. If you have a tiered solution, how easy, fast and costly will it be to move data to the acceptable format, and can you recover data rapidly enough to respond within audit time frames?

Even as we talk about guidelines, the lack of clear definitions for some regulatory requirements is becoming legendary. While businesses can spend too much time and money discussing ideal scenarios instead of trying to understand set guidelines, some of the guidelines are still very fluid. Industry groups and your legal counsel may be helpful in explaining how other businesses like yours are addressing the gray areas of e-mail compliance.

Whatever the purpose for pursuing an e-mail archive solution, knowing what must be kept vs. what might be useful to keep could save your business millions of dollars in the long term.

Accessibility. Your policy needs to address access, including who needs to review content and who can access e-mails once they are archived. The answers to this question will guide you in flagging and defining enforcement rules.

E-mail availability is another consideration. Does your archiving policy and architecture allow access to content originating from multiple clients and protocols -- for example, from mobile devices and the Web? These factors, along with regulatory requirements, impact archive architecture. Although a centralized model is often the most cost-effective and simplest to implement, answers to the questions above could determine that your organization would benefit from some degree of distributed archiving.

Want to read more about e-mail archiving? See Retrieval Realities.

One best practice is to identify the people who will be affected most (by the compliance issue or another force driving your e-mail archiving initiative) and then collocate their mailboxes as much as possible. For example, if you have teams of financial traders, you may want to run against as few servers and databases as possible to minimize impact on server performance. Of course, performance must be evaluated against the business risk of a loss, and collocation determined accordingly.
Deciding what to archive. While Microsoft Exchange Server 2003 has archiving capabilities, it's not designed to discern what should or should not be archived. Legal counsel can help determine what must be retained and what can be eliminated. For some companies, e-mail archiving initiatives are not about regulatory demands at all, but simply the desire to clean out databases or the need to offload data from Exchange servers. The decisions are no less significant. Once content is stored, the archive can't be altered.

Storage. There are plenty of products to address the storage aspect of e-mail management. Reliable, cost-effective tools for near-line and off-line e-mail archiving are available from a wide range of vendors, including CommVault Systems, EMC, IXOS Software, KVS, Legato Software and StorageTek. Plan storage for the long term, and plan storage that can help with recovery in the event of an audit. But understand how any technology -- near-line, off-line or online -- will affect both the user base and your IT staff, and plan accordingly.
There is no single best policy or method for e-mail management. Regulatory compliance, cost, IT staffing and user requirements are just a few of the many considerations. However, this complex decision will be easier if you start by answering the most fundamental questions: why (the reason for the archive) and who (the people affected). Use these answers to help guide you in choosing the right partners and technology to fit your business and IT objectives.
Christopher Burry is technology infrastructure practice director and a fellow at Avanade Inc., a Seattle-based integrator for Microsoft technology that's a joint venture between Accenture Ltd. and Microsoft. Meredith Carrol is infrastructure architect at Avanade. Comments or questions can be sent to

Copyright © 2004 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon