The rapid growth of email threatens to overwhelm today’s enterprises. While email plays an essential part in improving workforce productivity, it also creates a glut of information for most organizations and a storage nightmare for IT departments. This article looks at why enterprises should establish a resilient framework for the efficient retention and retrieval of email and other information assets.


Today’s pain points
The ubiquity of email has created three pressing problems that affect organizations of all sizes-
l. Escalating storage requirements. According to a 2004 survey conducted by Osterman Research, 62 percent of organizations consider growth in messaging storage alone to be a “serious” or “very serious” problem, second only to the problem of spam.

2. Growing security threats jeopardize stability. Email provides convenient access for customers, partners and others into an organization. It also provides a point of attack for viruses, ‘phishing’ schemes, hackers and other threats to the IT infrastructure. The recent Internet Security Threat Report indicates that organizations received an average of 13.6 attacks per day during the last six months of 2004. While anti-virus and anti-spam are standard additions to corporate email servers, the awareness of all types of threats – including ‘phishing’ schemes, bots, worms and more – and a conscious effort to keep out the threats while letting in the friends must be part of a company’s email infrastructure.

3. Regulations and legal discovery drive storage decisions. More stringent statutory requirements for data retention and increasing requirements to extract data to support legal discovery have a direct impact on IT departments. Records must be retained in a manner that prevents damage or intentional modification, while at the same time those records must be available for inspection whenever regulators require them. For example, the Sarbanes-Oxley Act, enacted in 2002, doesn’t specify new data retention requirements, but it does establish severe and potentially burdensome penalties for non-compliance. In other words, when regulators ask for the data, you must be able to find it and present it quickly.

In light of these developments, analyst firm Gartner called on companies to address their email retention and management needs immediately:
Gartner’s April 2005, Magic Quadrant for Email Active-Archiving Market report says, “Waiting until the company defines a plan for electronic records retention or for email active-archiving technology to mature could place your business at risk, given the regulatory requirements and escalating demands for electronic discovery.” The legal risk has been underscored rather dramatically in recent years thanks to several high-profile court cases-

l.In March, a Florida judge hearing a $2.7 billion lawsuit against a multinational financial services firm issued an “adverse inference order” against the company for “willful and gross abuse of its discovery obligations.” The judge cited the organization for repeatedly finding misplaced storage tapes of email messages long after the company had claimed that it had turned over all such tapes to the court.

1. An investment banker at a large international bank was convicted and sentenced to prison for instructing his staff to delete email and instant messages shortly after his firm received a grand jury subpoena.

Key capabilities for retention, retrieval and recovery
Email will continue to be a critical component in business operations, so the issues that come with maintaining email data won’t just disappear. However, the pain points can be minimized with a fully resilient email infrastructure. In the simplest terms, a resilient email infrastructure contains four primary elements-

1.Effective policies and procedures to ensure the safety of email and the data distributed via email.

2.The ability to rapidly and completely block threats that may enter the organization via email and quickly remove threats that do slip through.

3.Efficient storage and retrieval of email, including a clear understanding of what must be retained and for how long based on the regulations pertinent to the organization.

4.The ability to rapidly restore email data should an emergency arise (including anything from a natural disaster to a user error).

5.The goal is to securely protect, retain and recover data in such a way that it can be both fully exploited and “expired” when it is no longer required.

Such a framework calls for an organization to create record retention policies for email servers and implement a data management solution that adheres to these policies.

Organizations must track retained information through the entire information lifecycle – in this case, from the time an email passes through a server to the time the last backup of that email is eliminated – and assign differing levels of access to this data for different users. In addition, an audit trail of all changes to the archived email is necessary.

Key to an effective framework is the ability to backup, archive and recover information rapidly. This calls for the right combination of both disk and tape-based backup to ensure cost-effective archival storage and rapidly recoverable backups.

Monitoring gives IT personnel a more complete view of the easiest, fastest way to access information when needed, including stored email. Such a framework should also maintain flexibility as laws and regulations are added or amended.

On a practical level, organizations should be able to rely on resilient email infrastructure to-
1.Block potential threats
2.Maintain a current working state for the email environment.
3. Flexibly store archived email content
4.Reduce storage via compression and “single-instancing” of identical items
5.Automatically index content for rapid and targeted retrieval
6.Utilize user authentication security controls

Conclusion
In today’s networked world, the free flow of information is essential to success. Information has become the currency of our age and is a costly affair to lose. Unlike a disk or laptop, it cannot be easily replaced. As the pace of business evolution continues to accelerate and email remains a cornerstone of business communication, organizations will face new challenges in securing, managing, and making available this valuable asset.
To prepare for and address these evolving challenges, organizations must build an IT infrastructure that seamlessly links security, storage, data, and application service management. Understanding, controlling and maintaining email is a critical part of that overall infrastructure, which must have the ability to secure, protect and recover information.

As storage requirements grow, data types proliferate, regulatory pressures increase, and demands for electronic discovery escalate, organizations must carefully examine their email retention and retrieval framework. A resilient framework is required for easier and more straightforward access to information and the assurance that data can be identified and retrieved when needed. Ultimately, a resilient framework is the best bet for protecting an enterprise’s critical information.