10 tips for effective email archiving

emailarchiving

While companies with unlimited storage, tiers of redundant servers, and high-speed WAN links may want to provide unlimited online storage for their users, the rest of us have to contend with budgets, hardware limitations, and bandwidth that is never enough. Combine this with users’ tendencies to use PSTs, hard drives that crash, and the chance of receiving a subpoena, and you find that you need something between the limits of your small Exchange farm and the dream of unlimited online storage. Enter email archiving.

Email archiving is a solution that offers great flexibility for the email admin. You can literally archive every single email in and out of your company if you wish, simply log things like sender, recipient, and subject, or anything in between. If you want to implement an email archiving solution, here are ten tips for ensuring you have all your bases covered.

1. Enable Auditing

Good email archiving solutions offer an auditing function that stores logs in a tamper proof fashion. If you are involved in a legal action, these logs can be submitted as evidence of the existence of, or the non-existence of, any particular email.

2. Locate the archiving system at a central point

Small companies may have only one egress point, but larger companies may have a distributed network and site server that can send or receive email. Set up your archiving so that all mail is caught no matter which site is involved. Use SMTP routing queues if necessary to enforce this.

3. Create sensible policies

Users will send and receive personal email. There isn’t anything wrong with that as long as your policies clearly define what is acceptable and what is not, and inform users that archiving is in use. You might also consider creating archiving rules that will archive all emails to or from client, partner, and vendor domains, but ignore emails from other domains.

4. Consult with HR

Make sure you work with your Human Resources department when publishing your written policies, to ensure you are in compliance with company policies, and that user notification is in place.

5. Consult with Legal

Also involve your legal department (or corporate counsel) to make sure your archiving meets any contractual requirements or legal orders.

6. Consult with Audit

Email archiving can factor into external audit reports for things like SAS70, or can be invoked into meeting requirements for Sarbanes-Oxley. Work with your auditors to take advantage of, and to make sure you are supporting, any requirements for certification or accreditation.

7. Migrate existing PSTs into the archiving system

And then use a GPO to disable the ability to create PSTs. Not only do PSTs present the risk of lost data, they can severely impact network performance.

8. Provide users easy access

Whether that is through a snap-in in Outlook, or a web based interface, make sure users have a ‘self-service’ option to search for and find archived emails and to recover deleted messages.

9. Make sure the solution works in your environment

Appliances may be the right choice for some, but many companies are moving towards virtualisation. Whether that is with VMware or Microsoft’s Hyper-V, make sure your solution works with your platform of choice.

10. Ensure there isn’t any way around the system

Audit and discovery are great, but if a user has a way to circumvent the archiving solution, that could bring the logs into question. Make sure the firewall blocks outbound SMTP from anything other than systems that are a part of the email infrastructure, and the proxies block access to personal webmail sites.

With these ten tips, you have plenty to consider when evaluating email archiving.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone

Emmanuel Carabott CISSP heads security research at GFI Software. He has over 12 years’ experience in the security field and is a regular contributor to several websites and blogs. For more information about the benefits of using email usage reporting.