Pack-Rats by Law: A Message Archiving Primer

Monday May 24th 2004 by Paul Rubens

With the Sarbanes-Oxley Act, messaging archives have gone from a voluntary tic among pack-rat users to a regulatory necessity. Here's how to crate up the correspondence without overloading your LAN.

What have the iPod mini and an e-mail archiving application got in common? The answer is that both are must-have products that everyone who hasn't already should have on the shopping list.

iPod minis are just a bit of fun, but there's an important reason for implementing an e-mail archiving system this year: the Sarbanes-Oxley Act of 2002, designed to improve the accuracy and reliability of corporate disclosures, specifies severe punishments for company officers who fail to keep business documents. Although e-mail is often trivialized by its use for personal messaging, the courts regard e-mail (and attachments) - and the even more informal instant messaging - as business documents which must be retained for regulatory compliance. Sarbanes-Oxley specifies that business records should be kept for five years, and those related to audits and business reviews must be kept for seven years.

Even without Sarbanes-Oxley, e-mail and instant messaging archiving is important because any business, of any size, could face litigation, and e-mail is becoming increasingly important in litigation. The American Institute of Certified Public Accountants estimates about 10 percent of US companies had been ordered by courts to produce employees' e-mails by 2001. Tracing e-mails without a comprehensive archiving system can be extremely time consuming and very expensive: It can cost as much as $10,000 per hard disk to recover deleted e-mails, which may be demanded in court.

The American Institute of Certified Public Accountants estimates about 10 percent of US companies had been ordered by courts to produce employees' e-mails by 2001.

From a network administrator's point of view, there's another good reason to archive e-mail: storing it in an archive is far cheaper per gigabyte than storing it on a mail server. "Archiving is much lower cost because it is designed so that messages can be written once and maybe never read again. They have to be available, but they certainly don't need to be instantaneous," says Mark Levitt, analyst at IDC. If you're sick and tired of telling users to reduce the size of their mailboxes, giving them the chance to shunt most of their cache of e-mails and attachments to an archive will make your life easier and reduce storage costs.

So what do you need to think about before installing an archiving system?

A first step is to find out if employees are using instant messaging clients. Tools to do this are available from vendors such as Akonix, FaceTime and IMlogic. If they are, then it's probably best to prohibit their use, and to switch to an enterprise messaging system which can be more easily controlled and archived using any of the leading products.

Next you'll have to evaluate the products available, from companies including IBM, Tumbleweed, KVS, EMC/Legato, Educom TS and others.

You'll also have to review your IT infrastructure and look at the feasibility of consolidating your messaging systems onto the minimum number of servers possible, to reduce the cost and complexity of implementing a single archiving system.

But more importantly, you'll have to consider the actual storage you propose to use. In a large company it's entirely reasonable to expect to have to store billions of e-mails and instant messages - for periods of up to seven years. You may wish to use an existing SAN, or, more commonly, use a dedicated and expandable storage system just for e-mails, instant messages and attachments. The key things are to look at the cost per terabyte for storing the information, the expandability of the storage system, and the costs.

Continued on Page 2: Considering the client

Continued From Page 1

Then there is the issue of client-side software. Some of the archiving systems on the market need no client software at all, while others may offer enhanced functionality and better user message retrieval if a plug-in for Outlook or other desktop software is installed. In a large company, especially one with users which are widely geographically dispersed, client-side software may be more trouble than it is worth to install, maintain and support. Keeping it simple is often the best policy.

Another thing to keep an eye on is bandwidth - specifically, the amount of extra bandwidth an archiving system is likely to consume. That's because with an archiving system in place, messages make a double journey: Not only do they go to their recipients, but a copy is also sent to the archive. This may be done in a batch overnight, or may happen in real time. However it's done, if you run your messaging server and archive system in-house, message traffic on your LAN will double. This is probably not a huge problem for most companies, as e-mail will usually only take up a small proportion of LAN traffic, but problems could occur at the height of virus outbreaks - when vast amounts of unwanted e-mail and attachments may overload a network - or if you employ packet shaping on your network to ensure the quality of service of bandwidth-intensive applications like video conferencing and make only a small proportion of your bandwidth available for messaging.

Of course you may decide to use an ASP that offers an archiving service, in which case e-mails destined for storage will be passing over an external link to the service provider. Depending on your network topology this may mean that the impact on your LAN is negligible. The usual precautions should be taken before signing up to an ASP service - be sure that the company and your message archive is secure.

The actual implementation of most archiving systems is fairly straightforward. A dedicated server needs to be set up and storage has to be connected, but this shouldn't take more than a day or so. The hardest part, which may require outside consultancy as well as close co-operation with compliance officers within your organization, is setting up the archiving policies to ensure that the right messages are stored for the right amount of time - in accordance with regulatory requirements. Equally important is keeping storage costs to a minimum, by avoiding storing messages from less business critical departments for unnecessary lengths of time.

And once you have got your messaging archiving system up and running and configured to meet the stringent requirements of Sarbanes-Oxley and any other regulatory authorities, don't forget to treat yourself to that iPod mini.

Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved