February 22, 2017Crippling financial penalties and strict new privacy rules have grabbed most of the EU General Data Protection Act (GDPR) headlines so far. This is no surprise, given the sweeping nature of the act, but ahead of the May 2018 implementation date, it’s important to look at some of the more detailed compliance requirements, especially for email.
A key tenet of the GDPR – that organizations must respond in a timely manner to Subject Access Requests (SARs), inquiries from EU residents about the location and processing of their personal data, as well as to requests that it be erased – will likely force a sea-change in how organizations manage all data, personal or otherwise.
In the meantime, little’s been said about the challenges of overhauling privacy in the current era of phishing and ransomware. The two developments – growing regulatory burdens and the increasingly volatile threat landscape – put organizations in a double bind. The GDPR emerged in part as a response to the growing cybercrime threat, yet its directives to retool organizational policies, processes and structures stand to compound the burdens of well-intentioned organizations.
To manage the dual risks of GDPR compliance and cybercrime, you need to focus on email security and governance. Here are some guidelines for formulating such a strategy:
Review your email infrastructure
Over 90 percent of phishing cybercrime exploits begin with email, making it the single biggest threat vector to organizations and the data they manage. Furthermore, not only are emails a common vehicle to share and exchange personal data, email servers are prime repositories for such data as names, email addresses and associated contact information.
Managing GDPR risk starts with securing your data and infrastructure against the litany of email threats mentioned above.
Implement strong search and e-discovery
To suit GDPR mandates for reporting on and deleting personal data upon request, your email infrastructure needs to streamline search and e-discovery. A robust complement of case management tools – early case assessment, search and saved search, legal hold application, retention adjustments, and export, to name a few – will also expedite your ability to respond effectively to requests.
Educate and inform your mailbox holders
One careless click can undermine even the most capable security or governance infrastructure. This makes social engineering exploits such as phishing and impersonation attacks so devastatingly effective. A well-informed workforce is an essential component of an effective GDPR compliance strategy. Every user in your domain must be vigilant against the onslaught of email-based attacks, and play a vital role in notifying your Data Protection Officer (DPO) of any suspected privacy breaches.
Bear in mind that the guidance above addresses compliance issues related specifically to email. To manage GDPR, you’ll need to transform your privacy and governance operations wherever personal data is stored or processed: customer records, databases, CRM systems, and ERP platforms, etc. But chances are good you’ve already considered these repositories; it’s email that’s often overlooked in the compliance conversation. In reality, nearly all email servers and archives contain personal data.
No matter where your organization is based, if you manage or process personal data associated with EU residents, you will be impacted by the GDPR. Managing against GDPR penalties involves securing and tightly controlling your email servers and archives. The countdown to prepare has begun.
To help inform your journey to GDPR compliance, download the Osterman Research White Paper, GDPR Compliance and its Impact on Security and Data Protection Programs.
Is your archiving solution out of date?Can we be honest? Most email archiving platforms in use today are obsolete. The way we use email today has completely changed, and these platforms no longer do what you need them to do.
Archiving solutions need to preserve data and simplify search and e-discovery. Most archiving platforms use the familiar on-premises architecture based on software, server and storage. Like most on-premises architectures, there’s a disaster recovery layer, usually a backup-and-recovery platform.
This architecture was designed in the early 1990s. At the time, the World Wide Web was in its infancy. Payphones were everywhere. And email was a text-based store-and-forward messaging medium.
Today’s email is everything and everywhere
Fast-forward to 2017: what does the world look like now? First, email has far surpassed phone as the primary business communication medium. The average user sends and receives over 122 emails each day. Second: mobility. BYOD is our new normal. And third: 86% of workers recently surveyed say they use email to share files.
Email is a collaboration tool, a workflow tool, and a file management system.
You can probably see where I’m going with this, right? So many of us are vainly trying to force 2017 email into a 1990s archiving architecture. This makes archiving costly and labor-intensive. It requires constant software upgrades, hardware refreshes, and storage expansions.
What about search and e-discovery? These take forever, bogged down by the deluge of messages and attachments that this architecture never set out to address.
Mobility? Nope. Not in the original scope.
The remedy: true cloud archiving
Here’s what you need archive effectively in a today’s email-dominated business world: an independent, immutable cloud archive layer. One that leverages true cloud scale and cloud economy. With dedicated resources for threat scanning, applying retention policies, running search and e-discovery, and all the other specialized archiving functions.
Now what do you get? Excellent cost profile. Excellent search – average completion times under 2 seconds and a 7-second SLA. And mobility by design, with native apps for Android, iPhone, Blackberry, and Windows Phone.
A secure, cloud-based archive that’s separate and independent from production email.
What’s the bottom line? One of our customers, a large retailer, tells us they save $70K annually in TCO compared to their previous archiving platform, and 15% in the time they need for email maintenance. And – something you likely won’t hear about from other archiving solutions – a law firm reports a 66% improvement in end-user productivity. This firm requires all of its attorneys and support staff to run Mimecast on their desktops and their smartphones.
These are the reasons you need Mimecast archiving to properly manage email, the single most essential resource you rely upon.
The question remains: where are you in your archiving journey? Download your complimentr copy of the 2016 Gartner Magic Quadrant for Enterprise Information Archiving report.
December 7, 2016We’re honored and humbled by Gartner’s recognition of Mimecast Cloud Archiving in its 2016 Magic Quadrant for Enterprise Information Archiving. With this year’s recognition, Mimecast has been named as a Leader for the second year in a row.
Moreover, for the first time, we placed highest within the Leader Quadrant for both Ability to Execute and Completeness of Vision. This momentous recognition offers an occasion for reflection on the nature of information archiving and our place in the market.
A Breakaway Moment
The range of archiving use cases we now help you address has multiplied as well, from regulatory compliance and legal risk mitigation to end-user enablement, mailbox management, and layered protection against the scourge of ransomware.Thanks in part to this transformation, we at Mimecast find ourselves in our own, corporate breakaway moment. We’ve grown rapidly on the heels of last year’s IPO. We continue to innovate aggressively on our platform and across the customer experience.Gartner’s EIA Magic Quadrant report sheds light on a breakaway moment. The state of archiving has clearly morphed. Freed from the confines of costly and labor-intensive premises-based infrastructures, today’s cloud-based solutions offer streamlined administration, fast search performance, and end-user value, in addition to affordability.
Finally, businesses and organizations now face their own breakaway opportunities, applying next-generation archiving technologies to master today’s myriad business challenges.
Documenting an Archiving Inflection Point
Like other recent analyst research reports, Gartner’s latest EIA MQ installment bravely captures a transition point in the fast-evolving archiving market. As I noted in an earlier post, the current roster of cloud archiving vendors have gotten here via a diversity of paths, including social media, search engine, backup-and-recovery, and enterprise content management (ECM), among others.
What brings us together? Three major business trends:
- Email’s primacy as a business resource
- More rigorous compliance requirements
- Increasing exposure to costly litigation
This lends the EIA market a “gene pool” that’s remarkably rich, which is both good and bad for businesses and organizations that seek the archiving solution best suited to their particular needs. Good in the sense that, no matter the set of use cases you seek to fulfill, the chance that the right solution is out there is quite high. Bad in the sense that finding that right solution can be challenging.
In this context, we applaud the work of Gartner. Gartner’s systematic assessments of vendors’ specific capabilities and strengths – and, by extension, these vendors’ long-term viability as solution partners – is invaluable for organizations who need to fully leverage technology while minimizing investment risk.
All Due Appreciation
On behalf of everyone on the global Mimecast team, I’d like to extend our deepest appreciation to the archiving analyst team at Gartner. We’ve thoroughly enjoyed working with you, into 2017 and beyond.
Special thanks to our customers, especially those who took the time to talk to Gartner analysts about your experiences before and after you began archiving with us. There’s nothing we appreciate more than your willingness to share your ideas with us and with the larger community.
Finally, thanks and kudos to my Mimecast teammates around the world! This recognition belongs to you. It’s a great mile marker in the wake of another big milestone, our one-year anniversary as a public company.
The just-released The Forrester WaveTM: Information Archiving Cloud Providers, Q4 2016 provides a fascinating touchpoint on the rapid evolution of the State of Archiving. We hold Forrester Research in high regard as a global leader in research and advisory services.
The report is based on service demos and interviews with both vendors and users. It’s an honor just to be included in this report, let alone to have earned Forrester’s recognition as a “Strong Performer.” We’re delighted to have our archiving business recognized in this way.
As a snapshot of the archiving market, we feel the report offers three key insights worth reflecting upon.
TAKEAWAY #1: THE FORRESTER WAVE REPORT PUTS MIMECAST IN THE COMPANY OF AN INTERESTING MIX OF VENDORS
We fully expected to see some familiar rivals in this report, and in this Forrester analysts didn’t disappoint. Yet there were a few surprises as well. Certain vendors that our customers frequently ask about somehow didn’t make the report.
On the other hand, there were some vertical-market specialists that rarely if ever come up in customer conversations, or even in other analysts’ archiving market research. We were also a bit surprised to see some well-known Enterprise Content Management (ECM) specialists in the mix.
TAKEAWAY #2: THIS REPORT SAYS A LOT ABOUT THE FLUID STATE OF ARCHIVING
Mimecast was founded in 2003 as an archiving SaaS provider. Archiving is in our DNA.
Understandably, other vendors bring their own unique origin stories. Those included here include companies with roots in records management, instant messaging, and content workflow automation. There are vendors here who rose to success by focusing on call center customers, financial services providers, law firms, and other verticals.
What brings us all together? The domination of knowledge work, the emergence of information retention regulations, and the spiraling legal exposure that all organizations face.
TAKEAWAY #3: WE DO WHAT WE DO THANKS TO OUR CUSTOMERS
We developed our proprietary Mime|OS both to leverage cloud economies and to overcome cloud scale, performance, and other challenges. Then, as we all know, the web matured, and with it, cybercrime. As these threats morphed and mushroomed, our customers’ needs expanded.
In responding to these needs, we found that Mime|OS provided the ideal foundation for delivering new categories of security and continuity services. More recently, our Mime|OS and unified cloud architecture have proven a boon for simplifying the buildout of our API library, which in turn will let us accelerate the pace of service expansion.
Further, without our customers, there’d be no Legendary Customer Success.
THANKS FOR THE PRIVILEGE
So again, we’re indebted to the analyst community for recognizing our hard work and accomplishments. We also recognize the contributions of our partners, for teaming with us, and sharing our successes. Finally, infinite thanks to our customers. You keep us focused and offer vital course-correction in this fast-paced world.
We wouldn’t have it any other way.
The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave™ are trademarks of Forrester Research, Inc.