Storing of the actual email data includes physical storage, logical storage, archiving systems as well as backup and recovery solutions. The biggest security threat to any email storage system is the potential for mail data to be lost. Most organisations see this threat as existing in the datacentre and spend many millions of pounds on securing it. In fact, the threat is most likely to come from lost or stolen hardware, such as laptops containing offline email files. When you consider that the number of employees working remotely is growing, including those who only work away from the office periodically, email security on laptops becomes more significant. Providing a managed method of archiving and controlling this data is therefore essential.

When it comes to archiving, organisations should take a two-pronged approach, to reduce the risk and retain corporate knowledge. Firstly, users should be frequently educated about email retention policies. In addition, an archiving solution should enable administrators to remove items from users’ mailboxes based on administrator-configured options such as the age or size of a message. Administrators should be able to control, retain and backup the email files, by consolidating the information stored in email files whilst ensuring that users are prevented from simply creating new emails.

Organisations must plan for the inevitable request to recover data from backups and archives. For the most critical users, such as company executives, many administrators have turned to slow, expensive brick-level backups to provide quick restoration of data to a select few. However, with the onslaught of regulations dictating email retention policies, organisations need to have a comprehensive recovery plan for their entire organisation. For example, Bank of America was fined $10 million USD in March 2004 when it failed to turn over messaging data to the U.S. Security and Exchange Commission (SEC) in a timely manner (currently interpreted as only 36 to 72 hours). Faced with this challenge, the traditional method of restoring lorry loads of backup tapes to find all the communications that fit specific criteria is extremely time consuming, and not entirely accurate.


An email recovery solution must allow for individual, message-level items, including; messages, appointments, tasks, contacts, and attachments to be quickly restored from regular backups and information stores without setting up a dedicated recovery server.

A large risk to email data within the enterprise is unlawful access to highly sensitive mailbox information. Without a method to both secure and audit this access, there can be no guarantee that data is in fact secured. This can be any link in a lengthy chain, all the way from the administrator resetting, and therefore knowing, the CEO’s password through to proving that some other party had access to his/her mail account. Authentication and mailbox data security are both constant battles that need to be monitored closely to ensure that the critical data contained within the email system is available only to those for whom it’s intended.