While many organizations implement e-mail archiving for regulatory compliance or evidentiary discovery purposes, Paul Veeneman, chief technology engineer for Hawkins Chemical, had an entirely different reason: he wanted to protect one of his company's most business-critical applications: its Microsoft Exchange database.
Veeneman had been protecting his Exchange 5.5 server with daily, weekly and monthly full backups. While he had backups of Exchange that he kept for a year, from time to time he might lose e-mail between backups.
"We wanted to look at scenarios that could cause potential harm to the users or business unit if data was lost," he says. "E-mail is one of the most important applications to our organization and we wanted to move it to an archival platform."
The company also wanted to be able to archive more than a year's data.
"Being publicly traded, we wanted to do due diligence to our shareholders and ensure that our data is archived or backed up in the best fashion," Veeneman says. "Although we don't have the same requirements as a company with a trading desk, and we aren't burdened with finding the irrefutable truth for litigation, being able to recover e-mail has come in handy when someone lost a message."
Veeneman chose Intradyn's ComplianceVault, an e-mail archiving and recovery appliance. ComplianceVault connects to the Ethernet network and is bundled with Sony AIT tape drives, where e-mail data is archived. A rules-based engine allows Veeneman to decide when e-mail is migrated and archived and how it can be recovered.
Veeneman says being compliant wasn't completely a matter of out of sight, out of mind.
"With Sarbanes-Oxley, we are definitely being held to a higher standard in protecting the data and making sure the data is available even if the user or system loses data," Veeneman says.
He says setting up e-mail archiving also involves determining which users have the ability to recover messages. In Hawkins' case, Veeneman chose a limited set of individuals.
"We don't give end users the ability to get in and retrieve their own data - that creates a Pandora's Box," Veeneman says. "What we have done is gone through a secure hierarchy of two to three users who can access e-mail - IT, human resources and two for the desktop IT group."
"There's a potential for malicious activity, and giving human resources access protects us from that," he says.