And as if the spam, the many bugs, and the fraud attempts were not annoying enough, your e-mail could also become evidence, subject to subpoena in a legal investigation.
For some real-life anecdotes of what could happen if your company fails to submit -- or is too slow in submitting -- that evidence, check out this article published last August by Symantec. Reading the whole thing isn't a bad idea, but the juicy stuff is at the end of the first section. And if you think that lightening never strikes twice the same spot, check out what just happened to Morgan Stanley, under scrutiny again this month for failing to preserve e-mail.
However unfortunate, similar episodes have nevertheless proved lesson No. 1: conventional data protection methods, such as backups to tape, are inadequate for archiving e-mail. The second lesson learned is that you may need to extend the retention time for e-mail messages.
For example, from a business perspective, you may regard last year's e-mail as a useless waste of space, but a judge called to rule on, say, a sexual harassment case, would find those old messages very valuable. And here's where lesson No. 3 comes into play: You need fast, reliable search tools for archived e-mail.
Not surprisingly, companies often realize they don't have enough resources in-house to accommodate the additional storage and management requirements of e-mail archiving and look for outsourcing solutions.
"Fortiva is an e-mail archiving outsourcing provider," explains Rick Dales, vice president of product management at Fortiva. "When we started in 2005, we focused on giving our customers a truly secure [e-mail archiving] environment. Many of our customers were uncomfortable having e-mail messages stored outside [of their company], but we were able to address that."
To assuage customers' fears, Fortiva implements what the company calls DoubleBlind Encryption, with an appliance installed on customers' premises that intercepts Microsoft Exchange messages and encrypts them before forwarding them over the WAN to a remote vault.
Interestingly, customers' search criteria go through the same appliance and are encrypted in a similar fashion, which enables queries while maintaining the confidentiality of e-mail messages.
Postini, a company that you may already know as a defender from spam and other malignant messages, has also entered the e-mail archiving outsourcing arena.
That seems to be a logical extension to the company's primary service: According to Andrew Lochart, senior director of marketing at Postini, the company is already filtering e-mail for 8.6 million users. Lochart adds that only 12 percent of the 500 million messages Postini processes every day are actually delivered to customers -- the rest being spam or unsafe malware.
"We don't have to install hardware at customer premises," Lochart explains. "The way we approach archiving is by configuring the e-mail server to route a copy of each message to Postini over a secure connection."
Today, Postini supports Microsoft Exchange and common relay gateways such as sendmail and qmail, but the company plans to add archiving support for Lotus Domino and Novell GroupWise in 2006.
Will these two outsourcing solutions help your company better manage e-mail archiving? Certainly, and so will any of the other products from various vendors out there. Be sure to do a thorough analysis before going the outsourcing route, though. For example, if your company is on the smaller side and the number of messages you need to manage is relatively small, outsourcing your e-mail archiving could cost more money than it's worth. Also consider your organization's and industry's confidentiality requirements, and make sure your outsourcer's encryption and data security technologies are airtight and mesh with your own policies.
If you still want to keep your message archives in-house, pay careful attention to those three lessons I mentioned above:
Lesson No. 1: Conventional data protection methods, such as backups to tape, are inadequate for archiving e-mail. For in-house archiving, a type of CAS (content addressed storage) automatically fed from the e-mail servers is a must-have. HP's RISS (Reference Information Storage System) uses a storage grid for that (keep an eye out for InfoWorld's review of RISS in early March).
Lesson No. 2: You may need to retain e-mail messages far longer than you first expected. The e-mail archive doesn't need to be updated every time a new message is sent or received, but every message should be archived. It's also important to prove that tampering with the archive (such as deleting, changing messages or attachments - but also losing or misplacing messages) is difficult or impossible.
Lesson No. 3: You need fast, reliable search tools for archived e-mail. If you can't find a message, and can't find it relatively quickly, it's almost as bad as not having it at all.
Don't forget that there's much more than e-mail archiving when it comes to achieving full compliance. For example, if your company uses instant messaging as a routine business tool, you'll likely need to track and archive those messages too -- and you should consider implementing IM archiving services such as those offered by Iron Mountain. Of course, there are plenty of other compliance requirements that dig even deeper into your applications, database systems, and storage resources. But that's another column.