Adoption of Office 365 continues to grow rapidly, adding 50,000 customers a month, with Exchange email remaining the number one workload. At the same time, increasing regulation, litigation, and operational drivers necessitate the need for speedy, accurate and complete access to email data.
Email archiving has long been recognized as a key mechanism to meet these needs. Historically this was achieved on-premise alongside the mail server, but more recently has started to shift to the cloud in order to achieve economic and operational benefits. As email moves to the cloud, organizations must consider how to appropriately protect their data. Remembering that it’s their data, and responsibility ultimately sits with them to safeguard it, is critical.
With over 16% of Mimecast customers now using Office 365 for email, we’re often asked about what to look for in an email archive – specifically for protecting critical Exchange Online data. The following six critical considerations summarize the advice we give.
1. Email data should be immutable by default
All inbound and outbound mail, including detailed metadata, should be captured and stored automatically for all users – without the need for manual or scripted processes. A true enterprise-grade email archive should be designed from the outset as a long term, compliance-driven archive with immutable (WORM) storage and strong chains of custody. In this case, data cannot be modified or removed until the pre-defined retention period is reached.
A suitable archive allows for an independent, always-on, verifiable copy of data to be stored outside of the operational Office 365 infrastructure.
While Office 365’s in-place or litigation holds may satisfy some organizations’ requirements to preserve mailbox data, both were conceived to provide data preservation for active, ongoing litigation – not as a long-term immutable archive.
Mailboxes are not placed on litigation or in-place hold automatically - this is a manual task and can get inadvertently forgotten or misconfigured. Any mailbox content not on hold can be tampered with or deleted.
2. Search speed and consistency
The explosion in the amount of data stored by most organizations along with stricter regulation and increased litigation requires a suitable storage architecture to ensure rapid and accurate archive search results. A dedicated, cloud-based grid storage architecture is best suited to this task so that archive searches benefit from the aggregate power of all servers in the storage grid, together with a unified index, to deliver consistent results at superfast speed.
There should be no limit to the number of mailboxes that can be searched and the number of searches that can be run concurrently. E-discovery searches should not be impacted by email system downtime.
With Exchange Online, users are connected to a single server and data store. Large deployments likely mean multiple servers and data stores – each with its own index. Mailboxes are spread automatically across servers.
As a result, e-discovery searches could require access to hundreds of servers and indexes – potentially liable to inconsistent search results, e.g. server busy, server down, and incomplete index (e.g. unsupported file types, indexing errors).
Search speed is limited by individual Exchange server performance – each with multiple competing workloads. There are limits on both the number of mailboxes (10,000) and the number of e-discovery searches that can be run at the same time.
3. Minimize and limit specialized and manual admin tasks
Initial setup and ongoing administrator actions should all be managed through a single web-based graphical user interface (GUI). This negates the need for manual scripting which is more likely to result in misconfiguration and command errors that can result in significant data loss. Remember, humans are often the weakest link in the chain.
Organizations should also ensure that no single administrator should be able to change key archive policies such as retention duration. This could increase the chances of accidental or malicious actions having a potentially devastating impact.
There are certain admin actions in Office 365 that can only be achieved through PowerShell commands, such as applying a litigation hold to all mailboxes at once, or in-place hold to more than 500 mailboxes. Misconfiguration and errors are arguably more likely in these manual processes.
A single Exchange administrator can remove a hold.
4. Auditing must provide the details needed
Audit logs are vital to check and prove historical actions for both operational and legal purposes. Logs should be enabled by default and retained in perpetuity in order to ensure a complete record. The details logged must also be sufficient for the purposes they may be needed for. The logs should be held in a secure location accessible only to those with appropriate privileges.
In Office 365, auditing of admin actions is enabled by default and cannot be switched off. However, these logs are only kept for 90 days by default and do not include some actions, such as when messages are accessed or deleted, or the client or source details.
Mailbox audit logs must be manually setup and enabled per mailbox using PowerShell. These logs are stored in the target mailbox and could be deleted if the mailbox is deleted.
5. Seamless employee archive access from anywhere
The amount of critical data in email is growing rapidly, with archives increasingly used by employees as their primary repository to save and access important information. In fact, Gartner estimates that by 2019, 75% of organizations will treat archive data, including email, as an active data source.
Seamless and rapid access to this archive data from any device is, therefore, critical. Consistent access should be available via Outlook, the web, and mobile devices. Archive searches must be virtually instant to satisfy employee expectations. Almost 200,000 archive searches a month are made by Mimecast customer employees using the Mimecast Mobile app alone, demonstrating the importance of having easy access to archived content when out of the office. Mimecast offers an industry leading 7-second search SLA.
Microsoft provides archive access via Outlook, Outlook on the web, Mac and iPad only. There is currently no support for iPhone or Android – the two most popular smartphone platforms globally. There is no Office 365 archive search SLA offered.
6. Avoid mailbox lock-in
When archive data is held in a separate platform and location to operational email data, not only does this support compliance and regulatory requirements, it means that the primary mail platform can be changed without the roadblock of finding a viable way to extract data first (or risk losing it). It also provides continuity of access during mailbox migration projects.
Ask yourself. Will a move to Office 365 be the last time you change mailbox providers? Unlikely.
Office 365’s inline archive stores primary and archived mailboxes in the same single environment. With all email data in Office 365, it becomes more difficult to switch to another email environment – essentially leading to Office 365 lock-in. Tony Redmond, a Microsoft MVP and leading commentator expands on this situation in his article ‘Getting data into Office 365 is easy; not so straightforward to retrieve’.
Microsoft gives you 90 days to extract all your data before its permanently deleted following expiration or termination of an Office 365 subscription.
 Gartner Magic Quadrant for Enterprise Information Archiving, Nov 2014
You would be hard-pressed to find a CIO that does not understand the importance of archiving company data. Beyond just records management and compliance, archived data serves as a critical piece of an organization’s corporate memory and identity. And yet, the commonly used method of archiving data – doing it on-premise – is fundamentally flawed.
Arguably, this approach was doomed from the start, considering enterprises have no choice but to spend hundreds of thousands of dollars each year preserving their legacy archiving solutions and the email, data and records housed within them. Unfortunately, there is no sign of these costs reducing, with today’s data demands only expanding, and employees continuing to rely on their email as a storage mechanism (just think of how often you resort to an inbox search when looking for a file!). The natural next question becomes: is it worth it? In short, yes. That is, assuming the data housed within on-premise archiving solutions is correct.
Consider, for example, the route of an outbound email that contains a Word attachment. Once it passes through the organization’s Microsoft Exchange Server, it is automatically archived for retrieval, if needed, by the organization weeks, months or years down the road. The original email continues on and passes through the organization’s security and hygiene layer, where a set of pre-defined policies designed to protect the business may automatically change that attached Word document to a PDF, or strip it of the attachment completely. A different version of the original email reaches the recipient, and there we have it: that email does not resemble the one held in the archive.
As one can imagine, this creates a serious problem for highly-regulated industries that depend on reliable, irrefutable data in order to avoid litigation and compliance violations. Standing up in a court of law and stating that you “think” the email in your archive from five years ago matches what was actually sent won’t hold much weight.
This is where Mimecast comes in.
For an organization that leverages Mimecast, outbound email travels through our cloud-based Unified Email Management (UEM) platform, and the archiving functionality housed within it, after the customer’s hygiene layer. This allows an organization to not only eliminate their costly, cumbersome, on-premise archiving solutions, but ensures the true transmission data is captured with all archived emails – including a date and time stamp from the receiving server. But, what about the emails and other company information already housed within the organization’s legacy archiving solution?
Today, Mimecast announced a partnership with Nuix to address exactly this. Thanks to this new partnership, Mimecast can now bypass the traditional API access methods and target the archive storage directly, ensuring customer data is easily and safely migrated from on-premise archiving solutions to Mimecast in no time. In addition, Nuix’s advanced filtering capabilities also allow us to assist our customers, if needed, in migrating only relevant email, guaranteeing that only valuable data is made available to the organization and its employees for improved productivity and decision-making.
Customers can finally rid themselves of on-premise archiving solutions, and through a fast and efficient migration path to the cloud, quickly reap the many benefits of a modern pain-free archive.
Email is still the dominant form of communication in businesses today. It pervades almost every system and transaction and still remains a quick, casual form of communication. Email has become a mission critical application within businesses because of the importance of the data transacted through, and stored in, email environments.
A decade or so ago, as IT departments began to recognize the growing importance of the corporate email environment, they started to add supporting services and platforms around the core server environment, which is predominantly Microsoft Exchange. Appliances, applications and services to protect and store email were added, usually driven by business problems as well as changing corporate governance requirements.
Email archiving was one such platform, and remains of critical importance today. Email archiving systems were first added to our networks in the mid to late 1990s, initially designed to solve storage management problems, but more recently utilized to enable businesses to retain a complete record of their corporate knowledge and intellectual property. Long term retention of email nowadays is invariably driven by a need to respond to legal obligations under subpoena or eDiscovery request, or mitigate against the threat of data loss due to disaster or accident.
The advent of Cloud Computing in the same timeframe has disrupted these traditional on-premise email archiving markets. Cloud Computing has permeated almost every industry in ways even the most forward thinking IT departments could never have imagined. The result is a paradigm shift in modern computing. The rise of the Cloud could even be described as the dawn of a new computing age.
Those old on-premise archives are being eclipsed by the capabilities of a new type of Cloud-based email archive, an Interactive Archive.
The Interactive Archive, driven by the Cloud, is a more useful, valuable and interactive archiving platform for business users. The Interactive Archive allows users to leverage the archive and data therein for business intelligence, as well as end user productivity, ubiquitous access, and the corporate governance and compliance requirements that underpin the archive itself.
The concept of an Interactive Archive delivered from the Cloud requires a new way realizing value in a computing platform. The Interactive Archive is one that will be deployed from the Cloud, but not all Cloud archives are created in the same way. Simply archiving email in the Cloud only removes the local storage overhead and expenditure, while giving the users a degree of flexibility in terms of access – in fact, most Cloud archives are still about storage and eDiscovery.
The Interactive Archive is about much more - it's about extending beyond this ‘simply-storage’ model by offering to leverage more of the value in the archived data. It's a platform that puts the productivity benefits of using email back in the users’ hands by making their personal archives available in many ways - as well as including sources of information that would otherwise need a change in work flow for end users.
The Interactive Archive is one that acquires and consolidates the user’s desktop applications as a source of information - their web applications and services, their corporate information flows in platforms like email and mobile platforms - then provides a central and single copy under management. Importantly a single view of all these information streams also gives the business a concise, forensic and complete repository for eDiscovery, compliance and business intelligence use. The important concept of ‘interactiveness’ comes from the end users and the business can make use of the data; platforms such as Outlook, SharePoint, mobile devices and APIs all bring new ways to leverage the accumulated data. Delivering business intelligence back to the organization by leveraging the data-exhaust of the Interactive Archive now becomes possible too; in short making the data within the archive worth more than simply an eDiscovery tool.
To find out more about Mimecast's vision for the Interactive Archive, download our Whitepaper - "Is your Email Archive a Goldmine or a Black Hole?"
Email archiving, in particular, used to be expensive and hard to do well - specially for organisations the size of News Corp. Customers had to buy horrendously expensive systems and pay exorbitant maintenance to keep them going. So it's not surprising that companies opted for the safest, cheapest and easiest way to manage this problem: deletion. However, this problematic solution is no longer necessary now there are low-cost, seamless archiving solutions for business email.
Following TechCrunch’s recent post ‘The Only Reason Companies Delete Emails Is To Destroy Evidence’, I joined many commentators discussing the various reasons why businesses might (or should) delete or archive their email in light of the News Corp revelations. Whereas it used to be time consuming and costly to retain emails, primarily due to the cost of storage, today no such constraints exist. In fact, there is no longer any technical reason whatsoever to delete email. Interestingly, corporate tendencies seem to differ across the pond: I have found that Americans delete, whereas Europeans hoard.
TechCrunch’s post does, however, point out how useful it can be to have certain communications saved, particularly when retrieval of a conversation is required in the pursuit of justice:
“The News Corp. phone-hacking scandal continues to spiral out of control […] A paper copy of a deleted email found in a crate ties deputy COO James Murdoch directly to the events under investigation.”
Clearly, archiving is crucial in order to maintain transparency within a business. So it’s really more a question of "Should emails be deleted at all?"
With an email archive where you are storing the only copy of the email, you can ensure an email is permanently deleted instead of residing in hundreds of places on the LAN. But how do you decide what to delete and when? On the one hand, companies are often fearful of compliance (like HIPAA, SOX or FSA) or they can be afraid of litigation.
Key to TechCrunch’s post, which commentators seem to forget, is the rules around retention. In the US, for example:
"[if] you can reasonably anticipate legal action on these emails then you are bound by FRCP to hold those documents in anticipation of a possible discovery. Destruction of emails once you know a legal hold is necessary could expose an organization (public or private) to court sanctions for spoliation."
It's a fine line to tread, but there is a way forward with well-designed retention policies.
In addition, we see completely different attitudes on the two sides of the Atlantic: in the US, there is a desire to delete everything as quickly as possible to reduce discovery costs and potential litigation. Whereas, in Europe we are much more likely to see a "keep everything" attitude.
As archiving improves, surely there is a legitimate reason to keep everything if you can reduce the discovery costs and avoid these issues, because -- certainly, in News Corp.’s case -- the deletion seems over-zealous.
Customers of Mimecast don't have to pay exorbitant fees or suffer bad infrastructure to retain everything they want to, because they outsource it to the Cloud. Those who want to implement deletion policies can do the same; ensuring the right information is deleted at the right time and removing human error from the process.