When it comes to archiving, organisations should take a two-pronged approach, to reduce the risk and retain corporate knowledge. Firstly, users should be frequently educated about email retention policies. In addition, an archiving solution should enable administrators to remove items from usersí mailboxes based on administrator-configured options such as the age or size of a message. Administrators should be able to control, retain and backup the email files, by consolidating the information stored in email files whilst ensuring that users are prevented from simply creating new emails.
Organisations must plan for the inevitable request to recover data from backups and archives. For the most critical users, such as company executives, many administrators have turned to slow, expensive brick-level backups to provide quick restoration of data to a select few. However, with the onslaught of regulations dictating email retention policies, organisations need to have a comprehensive recovery plan for their entire organisation. For example, Bank of America was fined $10 million USD in March 2004 when it failed to turn over messaging data to the U.S. Security and Exchange Commission (SEC) in a timely manner (currently interpreted as only 36 to 72 hours). Faced with this challenge, the traditional method of restoring lorry loads of backup tapes to find all the communications that fit specific criteria is extremely time consuming, and not entirely accurate.
An email recovery solution must allow for individual, message-level items, including; messages, appointments, tasks, contacts, and attachments to be quickly restored from regular backups and information stores without setting up a dedicated recovery server.
A large risk to email data within the enterprise is unlawful access to highly sensitive mailbox information. Without a method to both secure and audit this access, there can be no guarantee that data is in fact secured. This can be any link in a lengthy chain, all the way from the administrator resetting, and therefore knowing, the CEOís password through to proving that some other party had access to his/her mail account. Authentication and mailbox data security are both constant battles that need to be monitored closely to ensure that the critical data contained within the email system is available only to those for whom itís intended.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.