E-mail and compliance

Data center managers increasingly find themselves wrestling with the challenge of effectively – and cost-effectively – storing and managing e-mail while conforming to corporate and regulatory requirements for archiving and compliance.

Many companies rely on their e-mail servers for storage, but 59% use a storage-area network (SAN), according to “Secure Messaging for a Changing World,” a new benchmark research series from Nemertes. Surprisingly, 5% say they rely on client devices for e-mail storage. To comply with The Sarbanes-Oxley Act of 2002 and other laws, companies must be able to retrieve individual messages on an as-needed basis (typically to satisfy investigations and legal proceedings).

No wonder companies with even moderate e-mail traffic can find themselves with a storage headache quickly. A SAN can help take the burden off e-mail servers and improve performance, but there are other ways to ease the burden, too.

* Avoidance

Some IT executives decide that the best approach is avoidance. Many tell us their company’s policy is to delete e-mail after seven days (and not to archive instant messages at all). One company we know in a litigation-prone industry deletes e-mail after just 48 hours. But while this can certainly solve the storage problem, it may raise others in its place. Because most users need to access e-mail older than a week, you can bet end users will store their messages on their PCs – and that consumes storage on those client devices. It also raises compliance issues of its own because the messages still exist; IT execs just don’t have ready control of them.

One solution: C2C’s Archive One Policy software, which interfaces with Private Storage Files, which is often where users store messages on their own PCs. When users log on to the network, Archive One Policy automatically finds these files, then integrates them back into the archives on the network.

* Compliance help

Companies serious about messaging compliance should consider using compliance-specific software. C2C’s Archive One Compliance lets e-mail administrators set policies for groups and individual users, and interfaces with popular storage devices from HP, Computer Associates and the like.

Avecho’s MailVault is a seven-year online archive, which stores and lets users access messages with regulatory compliance in mind. The U.K.-based company is set up to help companies comply with British regulations, but it’s preparing services for the U.S. market. In the meantime, its offerings should serve most American companies’ needs because the MailVault service meets even contradictory requirements. (For instance, in the U.K., companies must store e-mail messages for a given period of time, and yet they must also erase all personal information on former employees at the employees’ request. MailVault ensures messages are saved for seven years, but it can restrict corporate access if a former employee makes such a request.)

* Outsourcing

Most companies are reluctant to outsource e-mail, which they consider a tactical technology with strategic importance. But in fact, outsourcing is a viable option for most businesses. Security is often better than it is for in-house e-mail implementations, with built-in anti-virus, anti-spam and redundancy, and off-site storage takes that headache away. The cost savings can be significant, too.

What’s more, big names are in the game. In May 2004, AT&T and Accenture announced a partnership to market and deliver their new Enterprise Messaging Service, which includes hosted messaging services based on the latest Microsoft Exchange Server platform; future optional, advanced capabilities will include enterprise-class secure instant messaging and unified communications, according to the companies.