Retrieval Realities

E-mail archiving is suddenly a priority, with companies motivated by rising volume, regulatory pressures and the threat of litigation to set policies and find effective technology.

When Hurricane Isabel struck the East Coast last September, it flooded the first floor of Dan Roche's Baltimore-based Web design company and threatened to leave him without access to e-mail.

"We do everything through Exchange ... all communications, sales. We do negotiations, and our whole corporate calendar is on there. You need that audit trail. I'd be devastated if something happened to my e-mail," says Roche, CEO of E.magination Network LLC, which generates about 100,000 e-mails per week.

Corporate executives understand that e-mail is no longer just the means by which company picnics are announced—it's the medium for much of their organizations' real business. They also know that government regulators see electronic communications as potential evidence that must be preserved. Yet e-mail archiving policies are often as arbitrary as requiring IT administrators to save everything on a server and then delete it after two years.

In a recent poll of 1,018 companies of all sizes by Kahn Consulting Inc. in Marietta, Ga., 84% of respondents said they used e-mail for forward-looking business planning, but only 37% said they managed e-mail relative to its content.

Not only is a delete-all e-mail policy bad for business, but regulatory agencies are also requiring many industries, such as financial services and health care, to spend IT dollars on e-mail archiving technologies that allow quick search-and-retrieval capabilities.

"All those rules that told you to keep records when you were working in a paper world now apply to e-mail," says Randolph A. Kahn, founder of Kahn Consulting, a firm that specializes in legal compliance, policy and risk management issues in IT.

Compliance Hits Home

The inability to search and retrieve e-mails in a timely fashion is what led the U.S. Securities and Exchange Commission to fine five Wall Street brokerages a total of $8.25 million in December 2002. The firms included Morgan Stanley, Goldman Sachs & Co. and Salomon Smith Barney Inc.

The SEC, the New York Stock Exchange and the National Association of Securities Dealers all require brokerages to retain e-mail traffic. The brokerages that were fined failed to preserve the e-mails for three years and/or to preserve them in an accessible place for two years.

The SEC's shot across Wall Street's bow was heard throughout the entire financial services industry.

"We were getting hints from [the legal department] that the SEC regs were going to apply to the banking side as well," says Jeff Theiler, vice president of direct banking at Hancock Bank in Gulfport, Miss.

In December, Theiler rolled out an internal e-mail archiving product for his Exchange server environment from start-up ZipLip Inc. in Mountain View, Calif. Theiler says his Exchange servers could store e-mail but couldn't keep up with the volume that a bank with 100 branches and 1,900 employees generates. "One of the requirements was that a regulator needed to be able to come in and, without a whole bunch of extra codes and steps, sit down behind a terminal and point to a file and get to it," Theiler says.

John Mancini, president of the Association for Information and Image Management in Silver Spring, Md., argues that even businesses not covered by one of the new regulatory standards should be looking at e-mail archiving to manage litigation exposure.

But companies that want the ability to search and retrieve large numbers of e-mails are finding their old direct-connect server infrastructures lacking.

EMC Corp., IBM and other storage vendors are pushing the idea of information life-cycle management (ILM), or the ability to capture unstructured data such as e-mails and manage it through a policy engine from cradle to grave.

For example, retrieving e-mail from tape storage can be an arduous task that, depending on the information's age, can cost anywhere from thousands to millions of dollars. That leads some businesses to settle lawsuits out of court rather than foot the bill for discovery if it would require retrieving old e-mails, Mancini says. But keeping e-mail staged on online disk arrays for years instead of days can speed search-and-recovery time from days or months to seconds.

E-mail archival technologies generally include an appliance with journaling software that stores all incoming and outgoing e-mails, an indexing tool and the ability to search by content, user or header.

Another feature important to any e-mail archival technology is single-instance backup, according to Peter Gerr, an analyst at Enterprise Storage Group in Milford, Mass. It ensures that duplicate attachments, such as memory-hungry PowerPoint documents, are stored only once, which saves space.

Buy or Outsource?

Purchasing e-mail archiving hardware and software can cost millions of dollars, so E.magination Network's Roche decided to outsource the company's e-mail archiving system to Evergreen Assurance Inc. in Annapolis, Md. Evergreen uses a server on the customer's site to mirror an exact duplicate of the e-mail environment, kept in a remote data center.

Evergreen Assurance's data center backs up all of its incoming and outgoing customer e-mail messages, as well as address books and contact lists. Evergreen guarantees e-mail recovery within 15 minutes after a service outage.

"I don't think we could have built what Evergreen offered. They built up fairly sophisticated systems in terms of replication, the fail-over piece and recovery," says Roche. "We had water come through the roof of our building but didn't suffer any damage other than power outages. It was nice that I had my e-mail on my BlackBerry that was chugging along."

In contrast, Hancock Bank's Theiler says he chose to build an in-house archival system because he had concerns about complying with recent privacy legislation if he chose to outsource.

"When considered alongside all the consolidations taking place among outsourced vendors and some of the security lapses (i.e., third-party credit card vendors who have servers mysteriously disappear from their data centers), we felt it was best to have an in-house solution—so control and security was definitely a consideration," Theiler explained via an e-mail message.

Theiler says that he wanted only the bare minimum level of technology needed to meet regulatory requirements for archiving e-mails, but he also wanted the ability to expand features later in order to include encrypted e-mail for sending bank statements to customers or implement remote Internet access to e-mail accounts for internal users. He says he also liked the price he got from ZipLip. Hancock Bank currently uses ZipLip's Unified Archival software product, which starts at under $15,000 for 25 mailboxes and supports Microsoft Exchange, Lotus Domino and other major e-mail and instant-messaging systems. ZipLip sells a gateway appliance that captures all the e-mails being generated on a server and transmits them using Secure Sockets Layer encryption to a storage-area network (SAN) or network-attached storage device, based on predetermined policies.

The retention policy can be based on a domain, user or group of messages, and end users or systems administrators can determine the length of time e-mails are archived prior to deletion.

In-house With ILM

OSF Healthcare System in Peoria, Ill., purchased an EMC Centera array for e-mail archiving as part of an 80TB multitiered storage architecture. The e-mail portion of the SAN cost hundreds of thousands of dollars but will serve an infrastructure burdened by 6 million e-mails a year, says Jim Doedtman, technical planning manager at OSF.

As part of a comprehensive IT infrastructure change-out that began two years ago, Doedtman says, he wanted an e-mail archiving system that could be indexed, eliminate duplicate copies of attachments and automatically manage e-mails and other documents from creation to deletion for 7,000 users on a Windows 2000/Exchange environment.

Doedtman is building an ILM system that will automatically move e-mail from high-end EMC Symmetrix arrays to midrange Clariion arrays to Centera servers, based on age, origination and content.

Doedtman has set a one-year e-mail retention policy, and he says an internal service-level agreement requires e-mail restores within four hours. But if a full server restore is required, it can take up to 14 hours using the current tape backup system. "We're talking 30GB to 40GB worth of data per restore. And right now we have 1TB online across 10 Exchange servers," he says.

Last year, Doedtman evaluated Legato Systems Inc.'s EmailXtender but decided to purchase an e-mail archiving product from KVS Inc. in Arlington, Texas. KVS's flagship product, Enterprise Vault, offers policy-based archiving for Microsoft Corp.'s Exchange, SharePoint Portal Server, Office System 2003, instant messages and file servers.

Doedtman plans to cap all users at 100MB of e-mail storage on Exchange servers. When users reach 90% of that limit, KVS's software will move older e-mails to the SAN. He expects a 70% reduction of storage currently on Symmetrix arrays and tape libraries, because e-mail will be stored on Centera arrays, which will automatically replicate to duplicate arrays in a disaster recovery site.

Doedtman says he's focusing on compliance with the Health Insurance Portability and Accountability Act, which will require health care providers and insurers to protect patient information and ensure its availability even after a patient's death.

"We are going to be doing journaling of e-mails, and we purchased the e-mail discovery module from KVS that, in the hands of the legal team, gives insight into all Exchange information in a very easy way," says Doedtman. "We positioned ourselves very well with this."

The Regulatory Pinch

Governments are increasingly demanding transparency, security and accountability in organizations' archival processes. Here are a few of the laws and regulatory bodies that are driving e-mail archiving technologies:

Data Protection Act (regulates the export of personal data from the European Union)
MoReq (EU requirements for managing electronic records)
eSignature Act
U.K. Metadata framework
SEC 17A (on electronic document retention)
Dublin Core/Document Management & Electronic Archiving (government information management requirements)
DOD 5015.2 (mandatory standards for records management applications)
Canada's Uniform Electronic Evidence Act
Austria's Evidence Act
The U.K. Public Records Office
Document Management & Electronic Archiving (Germany)
Source: Association for information and image management

What to Look For

When you're evaluating e-mail archiving technology, look for a system that can do the following:

Automatically capture all incoming and outgoing messages and all internal messages between employees, index their full text and archive them.
Identify each message and attachment individually, while eliminating duplicate records sent to multiple users.
Give end users the ability to search the archive via a Web client or other user interface, with a customized lexicon of specific words, terms or phrases.
Perform automated data migration of certain records based on policy to the appropriate storage device (disk, tape or optical, for example).
Allow personal e-mail stores, such as Exchange or Outlook .pst files (personal folders), to be migrated to the archive store as needed. This helps by relieving users of the need to do .pst file archiving and management while still allowing them to search for and retrieve their own e-mails.

Copyright © 2004 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon