Arcmail Tecnology - Importance of Email Archiving

The Growing Need to Archive Email

‘Email archiving’ is one of those terms that evokes a variety of responses from messaging managers. Individuals in heavily regulated companies, such as broker-dealers, see it as a critical element of good messaging management in order to satisfy regulatory requirements. Others see it as a ‘nice to have’ feature that might provide some additional value to their organization. Still others see it as undesirable because of the potential for preserving incriminating evidence that could harm an organization during a legal action or regulatory audit. This white paper is intended to address all three groups. Its goal is to help you understand the wisdom of at leastconsidering the deployment of an email archiving system. The white paper discusses the various benefits that such a system can provide and why archiving email for long periods can provide more benefits than detriments for just about any organization. This white paper also discusses the value proposition offered by ArcMail Technology, providers of an appliance-based email archiving system that is designed for organizations of up to 5,000 users.

Why Organizations Should Consider Archiving

There are a variety of reasons that any organization should consider deploying an email archiving system. In some organizations, one reason will suffice; in others, there will need to be a combination of benefits to help sell the notion that email archiving is a best practice and a sound business decision.

Regulatory Compliance

There is a mindset among many messaging managers and other decision makers that there are ‘regulated’ and ‘unregulated’ industries. Regulated industries would include broker-dealers and others who deal in securities trading, since these organizations face stringent requirements; while unregulated industries would include virtually everyone else. That is clearly not the case. In reality, there are heavily regulated industries, such as broker-dealers and investment advisors, and less heavily regulated, which includes just about everyone else. Virtually all employers in all industries face varying degrees of regulation. For example:

• Broker-dealers must comply with a variety of retention and supervisory regulations, including SEC Rules 17a-3 and 17a-4; NASD Rules 2210 and 3110; NYSE Rules 440, 342 and 472; and NFA Rule 2-9.

• Registered investment advisors must comply with new email retention provisions of Rule 204-2 contained in the Investment Advisers Act.

• The Investment Dealers Association of Canada imposes email retention and supervisory requirements on Canadian investment dealers through IDA By-law 29.7.

• Other data retention requirements focused on the financial services space include NCUA Part 749, 12 CFR 226.25, 17 CFR 270, 17 CFR 275 and 17 CFR 240.
  

• Large, public companies face regulatory requirements from statutes like Sarbanes-Oxley, specifically Sections 404 and 802.

• Organizations that manage healthcare-related information must satisfy statutes like the Health Insurance Portability and Accountability Act (HIPAA), the Medicare Conditions of Participation. Further, Medicare and Medicaid reimbursement to rural health clinics requires that these clinics maintain medical records for six years.

• Contractors to the US federal government must satisfy provisions of the Federal Acquisition Regulation (FAR).

• Almost all organizations, depending on the jurisdiction(s) in which they operate, are subject to regulations like the Gramm-Leach-Bliley Act, California’s SB 1386, the Americans with Disabilities Act, the Patriot Act, the Toxic Substances Control Act, the Civil Rights Act of 1964 and the Personal Information Protection and Electronic Documents Act (Canada), to name but a few of the many regulations that include data retention provisions. The consequences of failing to comply with data retention regulations, as well as legal discovery requirements (as discussed later in this document), can be severe. Consider the following:

• Ronald Perelman sued Morgan Stanley in a case in which Perelman alleged that Morgan Stanley did not uncover fraud at appliance maker Sunbeam. Because Morgan Stanley did not provide to the court emails that it was ordered to produce, the judge in the case told the jury that Morgan Stanley’s failure to produce the emails was ‘an act of bad faith’ – Perelman won a $1.7 billion judgement. Further, in February 2006, the SEC fined Morgan Stanley $15 million because of their inability to produce the required emails in this case.

• In March of 2004, Bank of America was fined $10 million by the SEC for failure to a) continue to retain email records regarding a recent merger and b) for taking too long to comply with regulatory requests. The SEC charged that Bank of America misled regulators and took too long to produce evidence in an investigation of improper trading by employees at its securities brokerage. The bank complained that it would be “too much work” to produce certain archived emails – it took the bank nearly two years to produce all of the emails that had been requested.



• In December 2002, Salomon Smith Barney, Morgan Stanley, Piper Jaffrey & Hopwood, Deutsche Bank and Goldman Sachs were fined a total of $8.25 million because of their failure to adhere to SEC Rule 17a-4 which requires broker-dealers to preserve electronic data on non-rewritable, non-erasable storage. While most of the regulations that include provisions for data retention do not specifically require email retention, there are two important things to consider in this regard. First, the increasing proportion of corporate records that are sent through and stored in email necessitates an archival capability that can manage records in this native format – printing copies of email for retention is unwieldy, prone to error and very expensive. Second, email constitutes a written communication that carries the same formality and weight of a certified letter. It is important, therefore, that organizations of all sizes and
  in all industries assess their regulatory requirements with regard to the preservation of email. These requirements exist at the Federal and state levels and, in some cases, at the county or city level. Also, the various countries in which an organization operates typically impose some level of record retention requirements with which organizations must comply.

Legal Discovery and Litigation Support

From a legal standpoint, data retention is an increasingly important component of a good messaging management strategy for one simple reason: email is increasingly included in legal discovery orders. Courts are increasingly finding that email contains valuable content that can be of value in legal discovery proceedings. Further, the case of Zubulake vs. Warburg has become the ‘gold standard’ in legal discovery arguments, since the case makes it more likely that a defendant will have to bear the costs associated with legal discovery if a plaintiff can demonstrate that an email system contains information that is likely to be valuable.

For an organization that must produce information from its email system during legal discovery, the primary value that an archiving system can offer is a dramatic reduction in the cost of this activity. An organization faced with the cost of satisfying a legal discovery order using nothing but backup tapes faces potentially major costs to satisfy the order. Because recovery servers must be set up, the contents of backup tapes read into live storage, and then the requested information must be found, the process of discovery can be time-consuming, extremely expensive and disruptive to IT staff members who typically must stop other activities to perform this work. An email archiving system can dramatically shorten the amount of time required for legal discovery and can cut the costs of discovery to just a fraction of what they would be otherwise.

Another issue to consider is the potentially severe consequence of not being able to produce email in a timely fashion in response to a discovery order. Emails that cannot be produced in response to such an order may be presumed to be incriminating – the Perlman case noted above is an example of the type of inference that may be drawn by a judge and jury from such an inability to satisfy a discovery order.

In addition to legal discovery, an email archiving system can assist an organization in assessing its position at the beginning of a legal action. An organization faced with a wrongful termination lawsuit, for example, can quickly go through an archive for all emails and other information that might be relevant. If the organization finds that its position is untenable, the organization’s legal counsel can push for a quick settlement in order to minimize its losses. If, on theother hand, an examination of the archive reveals that the lawsuit is without merit, it can leverage this knowledge, as well.

From a legal perspective, one of the arguments against email archiving is that it preserves ‘smoking guns’ that could serve to harm an organization during a regulatory audit or legal discovery. Many believe that deleting all email on a regular basis can insulate an organization from liability by removing potentially incriminating evidence that might be introduced during a legal action, for example. However, there are two arguments against deleting email as a means of protecting an organization:

• Deleted email is never completely deleted. While your organization may delete all copies of email, external recipients of email still likely have copies of it stored in their archives, on backup tapes, or in local .PST files. Employees likely have copies of email on their laptops, PDAs, home computers, USB keychain devices, etc. In short, while email can be deleted from servers and backup tapes, there are many other locations in which copies may be found.

• Deleting email on a regular basis is no guarantee that an organization will not be held liable for producing email during a regulatory audit or during discovery.

Storage Management and Storage Optimization

Most organizations impose mailbox size quotas in order to ensure a good compromise between email server performance and usable mailbox sizes for end users. Osterman Research has found that the median mailbox size among organizations that impose such quotas is 100 megabytes. If mailbox sizes are allowed to grow larger, email server efficiency can suffer, message delivery times can slow and restoration after a server crash can take longer. If quotas are made smaller, users will spend more time cleaning out their mailbox in order to stay within their quota limitation, reducing their productivity.

An appropriately configured email archiving system can automatically move content from users’ mailboxes to the archive while still making it available to users on a long term basis. From an operational standpoint, then, an email archive can provide the best of both worlds: IT can impose fairly strict quota limitations in order to maintain optimal email server performance, while users can employ a mailbox that appears to be infinitely large because content is automatically archived.

Knowledge Management

Osterman Research has found that the typical email user spends about one-third of his or her day using some aspect of an email system: sending and receiving emails, looking for attachments, creating or looking up contacts, managing tasks and so forth. Coupled with the fact that email systems have become the primary file transport mechanism and repository for most organizations, there is, therefore, an enormous quantity of information stored in email systems that users can employ in doing their work. Osterman Research has found that more than 90% of email users refer to old email when composing new email.

An email archiving system can serve as an effective knowledge management tool by making older email content available to users through an easy-to-use search interface. While knowledge management is unlikely to be the primary reason that an organization implements email archiving, it is an important additional benefit that an organization can realize.

Disaster Recovery

It almost goes without saying that disasters happen. Hurricanes, tornadoes, floods, earthquakes – as well as the odd leaky water pipe above a server room – can all render an email system inoperable. While backup tapes are useful in bringing an email system back online, perhaps using a secondary set of servers at another location, there can still be substantial data loss incurred. For example, if an email server goes down due to some sort of serious problem at 4:00pm on a Wednesday afternoon, typically the most recent backup tape that would be available would be one from the night before, resulting in a loss of all email data generated by employees on that Wednesday. An email archiving system, on the other hand, can be configured to archive data in near real-time, resulting in comparatively little data loss.

The ArcMail Technology Value Proposition

ArcMail Technology’s Defender is a self-contained appliance that provides a complete archiving solution for organizations of up to 5,000 users. The appliance is easy to deploy and manage, and provides a complete archiving solution that satisfies the requirements discussed above:

• Compliance
  
  Defender fulfills the message storage requirements of the various regulations noted above. Data is stored with MD5 identification, an encryption algorithm designed to verify the integrity of data, to guarantee that the data has not been modified.

• Legal discovery

Defender can quickly produce all related documents. Often, showing the context in which an email was written can refute a single apparently damaging email taken out of context.

• Storage management

With access to an extremely large archive, users no longer need to tie up large amounts of storage on their desktops or the company mail server(s).

• Knowledge management

Defender offers an easy-to-use interface that allows users to rapidly identify and recover messages. Users may retrieve their messages from their own archive, reducing the need for IT staff to be involved in recovering deleted or missing emails. Defender also provides a number of other benefits, including:

• A very affordable archiving capability that can be deployed for as little as $10 per user.

• Real-time archiving, not batch archiving. This is extremely important in the context of regulatory and legal compliance, since a batch archiving system allows users to delete email between archiving cycles.

• Non-intrusive archiving that imposes no requirement on individual users to identify the records that need to be retained and those that can safely be deleted.

• An ‘edge’ form factor, completely independent of the email server, so that mail server performance is unaffected by archiving operations.

• The ability to restore email content to a newly created mailbox so that individual users can be investigated independently of their normal day-to-day use of email.

• On-line search capablities, including email and mailbox restoration, eliminating the need for tape-based systems.

• Protection of intellectual property through both outbound content filtering and supervisory search capabilities.

• Defender serves as the basis for a robust disaster recovery and business continuity solution
  

Summary and Conclusion

Email archiving is a critical component of an overall messaging management capability that can provide a number of important benefits for organizations of all sizes in all industries. Among these benefits are:

• Regulatory compliance

• Legal discovery and litigation support

• Storage management and storage optimization

• Knowledge management

• Disaster recovery

For smaller organizations, an easy-to-deploy email archiving solution is an important tool that can reduce an organization’s costs, make it more responsive to information requests during regulatory audits or legal discovery, make its email servers more efficient and make its users more productive.

Storage Area Network Basics! SAN Management Overview

The storage area network (SAN) centralizes enterprise storage by interconnecting storage devices and subsystems through a dedicated high-speed network fabric, such as Fibre Channel, FICON OR ESCON. A SAN can also extend beyond the local data center, connecting storage systems at remote geographic locations through WAN links like ATM or SONET. Once implemented and configured, the SAN's storage resources can be managed centrally, allowing administrators to organize, provision and allocate that storage to users or applications operating on the network across an organization. Centralization also allows administrators to monitor performance, troubleshoot problems and manage the demands of storage growth. If you're new to storage area network technology, or just need to refresh the basics, this guide covers the essential concepts of configuration, provisioning, performance and capacity management, and monitoring and troubleshooting. SAN hardware leaders include StoreVault, Snap Server 700i Series and the Nexsan Technologies Company.

RAID configuration
RAID technology serves two purposes in the disk array or server; it can be used to improve storage I/O performance through striping, and it can bring redundancy to the RAID group through mirroring and parity techniques. When implementing RAID, it's necessary to select an appropriate RAID level and specify a RAID group size (the number of disks committed to the group). For example, use RAID 1 when top performance is essential. This mirrors the contents of one disk to another but uses twice the number of disks. Other RAID levels protect disk groups by striping parity information across each disk in the group. RAID 5 uses one additional disk for parity data, while RAID 6 uses two extra disks, allowing the loss of two drives simultaneously. RAID 6 has become more prominent in recent years due to the popularity of SATA drives, which are high-capacity drives that take longer to rebuild.

Rebuild time is a serious issue when configuring RAID arrays. When a disk fails, it takes time to rebuild the failed disk's contents. During a rebuild, the RAID group is inaccessible or operates at reduced performance. But as disk capacities have burgeoned, rebuild times have become problematic. Now that SATA disks are routinely at 750 GB with 1 TB drives available, failures can take hours to rebuild. Such long rebuilds expose the RAID array to a greater potential for multiple disk failures and data loss. Look for disk arrays that offer fast rebuild times and predictive fault features that can start a rebuild to a spare disk before a complete disk failure occurs.
Another issue comes in changes to the RAID setup. Traditionally, a RAID group was a static entity once a level and group were selected. To change a RAID level or group size, the group would have to be rebuilt from scratch using the new size and level, and then reloaded from a backup. An increasing number of RAID platforms support dynamic RAID groups, allowing administrators to change levels and group sizes on the fly.

SAN provisioning
To centralize storage on a SAN while restricting access to authorized users or applications; the entire storage environment should not be accessible to every user. Administrators must carve up the storage space into segments that are only accessible to specific users. This management process is known as provisioning. For example, some amount of data center storage may be provisioned for an Oracle database that might only be accessible to a purchasing department, while other space may be apportioned for personnel records accessible to the human resources department.

The major challenge with provisioning relates to storage utilization. Once space is allocated, it cannot easily be changed. Thus, administrators typically provision ample space for an application's future use. Unfortunately, storage capacity that is provisioned for one application cannot be used by another, so space that is allocated, but unused, is basically wasted until called for by the application. This need to allocate for future expansion often leads to significant storage waste on the storage area network. One way to alleviate this problem is through thin provisioning, which essentially allows an administrator to "tell" an application that some amount of storage is available but actually commit far less drive space -- expanding that storage in later increments as the application's needs increase.

Provisioning is accomplished through the use of software tools. Tools typically accompany major storage products. For example, EMC's Celerra NAS family includes Celerra Manager software for provisioning. The issue for administrators is to seek a provisioning tool that offers heterogeneous support that covers the storage platforms currently in their environment. Otherwise, IT staff will need to use multiple provisioning tools, increasing management difficulty.
SAN performance and capacity management
SAN performance can be adversely affected when storage runs low, resulting in application performance problems and service level issues. Many IT organizations guard against this threat by overbuying and overprovisioning storage, but this frequently results in wasted capital since the additional storage investment is not necessarily utilized. Organizations are embracing performance and capacity planning practices to avoid unexpected storage costs and disruptive upgrades. The goal is to predict storage needs over time and then budget capital and labor to make regular improvements to the storage infrastructure.

In actual practice, SAN performance and capacity planning can be extremely difficult. It's virtually impossible to predict the storage needs of an application or department over time without a careful assessment of past growth and a comprehensive evaluation of future plans. In fact, many organizations forego the expense and effort of a formal process unless a mission-critical project or serious performance problem demands it. Organizations choosing to sustain an ongoing performance and capacity planning effort will need either comprehensive storage resource management (SRM)-type tools, or a capacity planning application.

SAN monitoring/troubleshooting
SAN problems can be particularly difficult to isolate -- further complicated by the complex configurations and interrelationships between the servers, switches and storage platforms that often populate a storage area network. A working SAN is a digital ecosystem unto itself and seemingly innocuous changes in one place can have a catastrophic impact on another.
The best SAN troubleshooting is typically proactive and usually involves establishing a performance baseline of critical characteristics before problems ever arise. It's then a simple matter to compare a current baseline against a "known good" baseline. This often reveals problems quickly and can identify any performance changes as the result of upgrades or reconfigurations.

Another key to effective SAN troubleshooting is comprehensive change management policies. By tracking changes and restricting change activities to authorized IT personnel, an administrator can avoid unexpected trouble and quickly correlate help requests with recent SAN changes.