Current trends in the email archiving marketplace [part 1]
March 5, 2008 at 4:53 pm (archive email, business, domino, e-discovery, eDiscovery, electronic discovery, Email Archiving, email compliance, email retention, email security, exchange, exchange 2007, GroupWise, Malaysia, message archiving, news, score card, thoughts)
In this entry I am going to take a look at a handful of email archiving press releases from over the past month and see if I can ascertain a general market direction. Without naming any companies directly, I am going to provide a summary of the press release and a link if you wish to take a further look.
-Company A presents an email archiving score card for businesses to make it easier to help clients identify the right email archiving product for their specific environment.
-Company B offers a low cost email archiving solution to help meet eDiscovery requirements.
-Company C provides a free email retention policy starter kit.
-Company D releases an enhanced product with better email security.
-Company E publicly announces the acquisition of a major player in the email archiving community.
-Company F drafts a press release citing market analysts that they provide the best eDiscovery capabilities for an email archiving solution.
-Company G introduces its email archiving solution to the European market.
-Company H releases a new version of its email archiving solution that supports all the major servers on the market (exchange, GroupWise, domino).
-Company I distributes its email archiving solution in Malaysia.
Let’s break this down.
Company A releases a free email archiving score card to help other businesses choose an email compliance solution. What is company A trying to accomplish? They are trying to simplify the process of email compliance through education. Some of this ties into the concept of “professional respect,” which I will discuss in more detail later on in this entry.
Company B offers a low cost email archiving solution to help meet eDiscovery requirements. What is company B trying to accomplish? They are using cost as a measure to gain market share.
Company C provides a free email retention policy starter kit. What is company C trying to accomplish? They are reaching out to businesses that are undecided on integrating an email archiving solution. Company C (much like company A) is trying to simplify the process of email compliance through education.
Company D releases an enhanced version of their product which strengthens email security and enhances policy management capabilities. What is company D trying to accomplish? They are using upgrades in technology as a measure to gain market share.
Company E publicly announces the acquisition of a major player in the email archiving community. What is company E trying to accomplish? They will likely enhance the operational capabilities of their acquisition.
Company F drafts a press release citing market analysts that they provide the best eDiscovery capabilities for an email archiving solution. What is company F trying to accomplish? They are trying to use market research as a PR tool.
Company G introduces its email archiving solution to the European market. What is company G trying to accomplish? They are using geographic location as a measure to gain market share.
Company H releases a new version of its email archiving solution that supports all the major servers on the market (exchange, GroupWise, domino). What is company H trying to accomplish? Much like company D, they are using technological advances as a measure to gain market share.
Company I distributes its email archiving solution in Malaysia. What is company I trying to accomplish? Much like company G, they are also using geographic location as a measure to gain market share.
Now, what is the big picture here? Education. Cost. Simplicity. Technology. Expansion. Market research. Geography. These 7 factors are what email archiving providers have been pushing in the last month.Some of these press releases focus on similar things, but you will have to stay tuned for part II to see how it all fits together in an analysis of current market trends. Stay tuned.
The boundaries of email archiving: Bush draws the line?
March 3, 2008 at 9:22 pm (5095152, archive email, business, data retention, electronic communication, electronic privacy, Email Archiving, email backup, email management, email retention, esi, George Bush, legal, message archiving, Missouri Sunshine law, news, personal stuff, politics, president, privacy, thoughts, white house)
Mitch Ratcliffe of Zdnet Rational Rants reports that President Bush was quite insightful in providing information about his administration’s email retention policy. “I don’t want you reading my personal stuff,” President Bush told the press when asked about why his administration has failed to comply with records-retention laws during his time in office. Ratcliffe then adds: “Unfortunately, Mr. President, nothing you can do at your desk, or in the airplanes, cars and buildings we give you to use as president, is ‘your personal stuff.’ It is the property of the people. As voters, we must demand greater accountability of the next president.”
I think Ratcliffe is right on. There is a fine difference between the use of personal records and public records. Electronically stored information (ESI) which relates directly to the President and his job as head of the United States, is PUBLIC information. I am sure there are limited exceptions and so on and so forth, but his “personal stuff,” the way he phrased it, is not at all accurate. Email archiving solutions, especially in the case of political activity, are truly important measures to have in place to make sure that there is nothing going on that shouldn’t be. Governot Matt Blunt of Missouri has made the news recently in EXACTLY the same way. I agree with Ratcliffe that we cannot let this kind of activity slide. It is time that email archiving be taken seriously.
White House still under scrutiny for email retention policy [part 2]
March 3, 2008 at 5:55 pm (archive email, bill clinton, business, data retention, electronic communication, Email Archiving, email backup, email compliance, email management, email retention, email storage, George Bush, governance, legal, national archives, news, politics, thoughts, white house)
Richard Koman of Zdnet reports that a “primitive” email archiving system could be largely responsible for the missing white house emails. When president Bush first took control of the white house, Koman writes, he disposed of an Automatic Records Management System which was used by the Clinton administration under court order. What did the president replace the system with, you might ask? Well, not a whole lot. According to Zdnet, the email retention policy implemented by Bush was teeming with security issues. “In mid-2005, a critical security issue was identified and corrected. During this period it was discovered that the file servers and the file directories used to store the retained email were accessible by everyone on the EOP network.” In the years after this, Koman adds, “the national archives tried repeatedly and failed to get the white house to comply with archival regulations.” Now in 2008, Congressional staffers recently submitted a memo to the House Oversight Committee (PDF) detailing a “mind-boggling scenario that smacks of willful violation of laws requiring presidential email archiving, IT incompetence and a strong whiff of intentional destruction of evidence.”
What goes on behind the scenes really is amazing sometimes, even though this situation has been in the making for many years. How did it not go public that the file directories used to store the retained email were accessible by everyone on the EOP network in 2005? Roles based permission access is a serious facet of any quality email archiving solution, especially in our nations highest political facility. How could the white house just refuse so many warnings and requests to update their system? How could the president just disregard laws that COMPEL him to archive email? Perhaps the best quote is right here: Stephen McDevitt, an official in the presidential CIO office, “told the committee that a new e-mail archiving system that would have addressed the problems was ready to go live on Aug. 21, 2006. But CIO Theresa Payton canceled the new system in 2006, because it would have required modifications and additional spending.” What? It was canceled for modifications and additional spending? Email archiving is a critical item for the president that is necessitated by law. It is nothing short of wild that Payton gave modifications and additional spending as a reason against its implementation.
Hospitals get ready for HIPAA security compliance [part 3]
February 29, 2008 at 6:29 pm (archive email, business, cms, corporate, data retention, electronic communication, electronic document retention, electronic privacy, Email Archiving, email backup, email compliance, email management, email retention, email security, email storage, health care, health information, health records, healthcare, HIPAA, hipaa compliance, hipaa privacy, hipaa security, medical records, message archiving, news, privacy, thoughts, tony trenkle)
Ellen Messmer of Network World reports that lately hospitals have had more to worry about than just preparing for upcoming HIPAA security audits. “Health care organizations feel under increasing attack from the Internet,” Messmer writes, “while security incidents involving insiders and disappearing laptops with sensitive data are piling up.” Dr. John Halamka, CIO at both Beth Israel Deaconess Medical Center and Harvard Medical School in the Boston area, was quote as saying: “there is definitely an uptick in attacks. Privacy is the foundation of everything we do. We don’t want to be the TJX of health care.” She then turns to Don Jackson, researcher at Atlanta-based security services firm SecureWorks, who says: “health care organizations store a lot of valuable personal, identifiable information such as Social Security numbers, names, addresses, age, in addition to banking and credit-card information.” Jackson explains how cyber attacks are potentially beneficial to the pockets of criminals who obtain health insurance credentials to use in the “counterfeit document racket, especially in Central and South America.”
At least in terms of electronic communication, it might be time for some hospitals to turn to outsourced email archiving. Encryption, security, and access are all issues for health care providers right now, and these are three issues that email archiving services are well equipped to handle. It is time for hospitals to address the quality and success of their electronic patient data backup and protection. With HIPAA security audits right around the corner, the time to wait before integrating an email compliance solution is really over.
Companies begin reflection on FRCP eDiscovery and email archiving experiences
February 28, 2008 at 10:21 pm (archive email, business, e-discovery, e-discovery amendments, edd, eDiscovery, electronic communication, electronic data discovery, electronic discovery, electronic document retention, Email Archiving, email litigation, email retention, email storage, foxhollow technologies, frcp, governance, legal, message archiving, news, politics, thoughts)
Paul Korzeniowski of Byte and Switch reports that at least a few small to mid-sized businesses are ready to reflect on eDiscovery and the steps they have taken to successfully comply. Writing about the current state of eDiscovery preparation in American industries, Korzeniowski says: “while many firms, particularly SMB’s, continue to struggle with the FRCP mandate, the ones who’ve managed to institute policies and procedures for the speedy and accurate retrieval of electronic information have a lot to say about what works — and what doesn’t.” Korzeniowski included a section about how medical device supplier Foxhollow Technologies Inc. was forced to integrate an email archiving solution when they became involved in a federal law suit. I am posting an excerpt of this section below because I think it is an important learning opportunity for all U.S. Businesses that are on the fringe of turning to email archiving.
“When IT pros at Foxhollow Technologies Inc., a startup medical device supplier, looked to install email archiving three years ago, management forced the project to the back burner, despite a general lack of email control. “There were users who saved everything and had gigabytes – or more – of email messages,” noted Chuck Arconi, system administrator at the company. At the time, Foxhollow had about 600 employees, but its email system chewed up 400 Gbytes of storage.
Then the other shoe dropped when the company became involved in a law suit. Suddenly, funding for the email archiving project was no longer a contentious issue. ‘The legal department had no problem finding the capital needed to pay for the entire project. In fact, they gave us more than twice as much money as we needed. Before, a paralegal would have to spend two to four hours trying to find the right messages in each mail box. Now the work is done with a click of a button.”
Last month I wrote a blog entry on email insurance and I mentioned the concept of “professional disinterest.” I provided the quote of “when it happens to me, I’ll deal with it.” Foxhollow Technologies illustrates this point loud and clear, as many U.S. Companies are perfectly content waiting for something bad to happen to them before making something important a top priority. Why do they do this? I think it just really takes a wake up call to force people to make decisions most of the time. I think individual case studies are one of the best ways to get people to pay attention and I will try and provide many more of them. Stay tuned.
Email archiving in public school raises serious issue of electronic privacy
February 27, 2008 at 7:36 pm (archive email, business, data retention, electronic communication, electronic privacy, Email Archiving, email retention, governance, message archiving, news, politics, privacy, public school, salem news, school committee, thoughts)
Stacie N. Galang of the Salem News Online reports that Peabody Public School “will start archiving all e-mails — including those by teachers and other staffers — beginning March 3rd as state officials warn public agencies they must store such public records.” School Committee members have received adequate warning as Superintendent C. Milton Burnett has “circulated a memo to all staff about the change affecting the district-based email system.” Burnett said, “all staff is advised NOT to utilize Peabody Public Schools e-mail or Peabody Public Schools Network Systems for any correspondence relating to student or staff personnel issue or personal items.” However, citing the new email archiving policy as frustrating, fear-inducing, and counterproductive, a large number of school related personnel are seeking to have the law overturned.
Why are people so upset here? Are they wrong? Justified? What sensitive spot is email archiving hitting? Well, I want to start off by saying I firmly believe email archiving laws are raising significant questions regarding public knowledge and what should be made available for industry regulators to see. People are upset here because they believe that this is an issue of their “right to personal privacy” being taken away. In the same article I referenced above, The Salem News quoted a woman as saying: “the law seemingly makes no distinction between a true public record and a personal document.” It also mentioned “criticism by Committee members concerned that information discussed about students or School Department personnel could reach public view.” These are both valid points that should be taken seriously. There are unquestioned benefits to archiving email, such as the ability to prove or disprove conflicting evidence at a later date. It is also a way to prevent conspiracies and under the table dealings from manifesting into reality. However, where is the line of privacy drawn? Which electronic communications should be allowed to be kept private? What if personal information about a student really did manage to leak out into the open? Is that right? What does the public have a right to know? I think that is the biggest question here. Email archiving and email retention policies really could be a serious plus for society if managed the right way. However, there must be more attention paid by academics to the reasons behind new legal implementations, as well as detailed explanations by law makers about the specifics of regulations.
Next generation email archiving? [part 1]
February 26, 2008 at 4:12 pm (archive email, business, corporate, data retention, disaster recovery, e-discovery, e-discovery amendments, edd, eDiscovery, electronic communication, electronic data discovery, electronic discovery, electronic document retention, Email Archiving, email compliance, email litigation, email management, email retention, email storage, exchange 2007, frcp, governance, legal, message recovery, news, politics, thoughts)
I came across an interesting article earlier today on Computer Technology Review regarding the current & future expectations of an email archiving solution in light of modern FRCP eDiscovery requirements. William Tolson has compiled an expert list of capabilities to be considered when choosing an email archiving solution that I feel all U.S. Businesses should review. I am posting an excerpt of his writing below along with the capabilities he feels are pertinent in meeting the demands of regulatory and legal compliance:
“Email archiving solutions should address critical customer requirements around email information archiving, eDiscovery, regulatory compliance, business continuity, and storage optimization. Enterprise-class solutions provide legal search work flow, immediate mailbox and message recovery, disaster recovery, email archiving, and self-service search and access in one solution. By leveraging cost-effective storage, these solutions also optimize email storage and reduce overall infrastructure costs. Next generation email archiving solutions deliver rapid, comprehensive search across millions of emails for litigation ready production and provide the following capabilities:
Rapid eDiscovery: Auditors and legal staff must be able to quickly perform sophisticated search and discovery across centrally managed mailboxes to meet compliance requirements.
Automated, Exchange Disaster Recovery: Reliably protect Exchange information through non-invasive, continuous application shadowing. This process preserves the consistency and integrity of Exchange data and enables “one-click” full email data and service recovery when needed.
Mailbox Storage Management: Reduce storage requirements on the Exchange Server by migrating or “extending” attachments based on policies of age, document size, or mailbox size.
Self-service search of archived data: Seamless self-service access to end-user archived data, enabling them to find potentially lost or deleted messages without IT assistance.
Enhanced support for Exchange 2007: Live Communication Server (IM) and 64 bit Servers – extends content management to include instant messaging and takes advantage of new Exchange 2007 features for disaster recovery, folder level retention, and mailbox level journaling.
Automated PST File Archiving: New “crawler” automatically searches and retrieves PST files from servers, desktops, and laptops based on administrator-defined policies.
Active Directory Integration: Leverages roles defined in Active Directory and provides a version history of Active Directory, including distribution lists. Contents of distribution lists are viewed as they appeared when an email was originally sent or received.
Public Folder Archiving: Performs archiving and continuous data protection for Public Folders and allows auditors to search all Public Folder content and re-create chain-of-custody for compliance and legal discovery.
Scalable Storage & Reduced Archive Storage Requirements: Designed to deliver improved scalability and performance for the archive server with support for multiple databases and extensible storage volumes.
Each of the above criteria is highly relevant in ensuring a smooth email litigation process should such a situation arise. However, does relevancy equal necessity? Which of these factors are truly “business critical”? How essential is having support for Exchange 2007? Does a company need public folder archiving? When does storage really become a problem? Are the above capabilities best used in an in-house or an outsourced email archiving solution? I believe it is important for a business to understand what they need to comply with corporate regulations and legal requirements without spending money and time on things that are simply not necessary. What are the intricate parts of an email archiver that you truly NEED to satisfy compliance? I would like to address this topic in full soon. Stay tuned.
White House still under scrutiny for email retention policy
February 22, 2008 at 5:25 pm (archive email, business, citizens for responsibility and ethics, Colleen Kollar-Kotelly, company email policy, corporate, data retention, electronic communication, electronic document retention, Email Archiving, email backup, email compliance, email management, email retention, email security, freedom of information act, Kollar-Kotelly, legal, message archiving, news, politics, white house)
Brian Fonseca of Computerworld reports that “District Court Judge Colleen Kollar-Kotelly this week issued an order enabling the Washington-based Citizens for Responsibility and Ethics watchdog group to perform limited questioning of White House officials.” The group had filed suit against the White House Office of Administration last May “seeking access to White House e-mail under the federal Freedom of Information Act.” The discovery ordered by Kollar-Kotelly was issued to “determine whether the Office of Administration is subject to the Freedom of Information Act.” This will be a situation to keep an eye on as the office contends “it is not subject to FOI requests.” Additionally, Fonseca provided insight from Mike Osterman, president of Black Diamond, Wash.-based Osterman Research Inc., who said: “many businesses operate under the false assumption that e-mail is not a business record. A lot of people are not implementing e-mail archiving [processes]; they’re saving e-mail, but not in a cohesive or consistent way. Companies can say ‘Yes, we need to archive,’ but [the process] must be policy driven and taken out of users’ hands.”
Even though I probably shouldn’t, I still find it fairly remarkable that the White House simply cannot respond about the whereabouts of many missing emails. With the advent of internet technology there seems to be this general attitude that electronic communication does not have to be held up to the same standard as traditional paper documents. Many corporate executives and government officials seem to think they can pretend conversations never happened by simply deleting email backup tapes. In theory paper copies could just be burned up, but it seems that the ease of conveniently “losing” emails is what makes it so much more noticeable. It does not require a lot to act as if nothing ever happened. However, with industry regulations and legal expectations tightening the grip on corporate behavior, abusing the age of email messaging is only going to get harder to do. It is high time for all organizations to integrate an email archiving solution, especially when the center of the American universe is being thrown into the grand spotlight for this exact reason.
Does an employees use of email affect compliance with Sarbanes-Oxley?
February 21, 2008 at 9:09 pm (archive email, business, company email policy, corporate, data retention, Email Archiving, email compliance, email retention, email security, email surveillance, legal, message archiving, news, politics, sarbanes-oxley, sox, thoughts)
According to an article written by Paul Chen for the Sarbanes-Oxley Compliance Journal, the answer is absolutely. Chen discusses how “with regulations like SOX in place, organizations must take special precautions to ensure their employees do not send and receive damaging emails via their workplace account.” However, citing a recent survey on corporate email usage conducted by Harris Interactive, Chen says that “nearly half the people polled say they have sent or received jokes, comical pictures/videos, and stories of a questionable tone, while one in five say they have sent or received a password or log-in information via email.” Amazingly, Chen says that the survey also found that “92% of these employees do not have believe that they have ever sent a risky email, which demonstrates that there is a substantial discrepancy between perceived and actual risks posed by email exchange.”
The Sarbanes-Oxley (SOX) act, as described by Chen, requires all public companies to retain their business records, including email, for at least five years. Since Sarbanes-Oxley does NOT specify which documents are relevant and which are not, it makes the practice of email retention significant for all public companies. Businesses cannot afford to preserve only select electronic communications. But with that being said, I have several questions in regards to the survey conducted by Harris Interactive. If the survey results are truly accurate, what does this say about company email policies? Are organizations effectively communicating the use of business email for personal reasons? How about what language is considered proper? Or how about the tolerance of humor? And if a company DOES have this policy circulating around, then why are so many employees ignoring it? Apathy? No fear of consequences? The survey results say that nearly all the employees polled do not believe that they have ever sent a risky email. Therefore it seems that most employees are not even aware that they are doing anything wrong. I believe that companies need to lay out specific rules within the employee email policy and hold review sessions to make sure that the rules are being followed. Additionally, I think that consequences are necessary and should be mandatory to enforce the rules. With SOX email compliance such a crucial item on the business agenda, more companies should be taking the time to make sure that their employee email policy is stringently regulated.
Hospitals get ready for HIPAA security compliance [part 2]
February 18, 2008 at 6:11 pm (archive email, business, cms, data retention, electronic communication, electronic document retention, Email Archiving, email audit, email compliance, email management, email retention, email security, health care, healthcare, HIPAA, hipaa compliance, hipaa privacy, hipaa security, legal, message archiving, news, oig, politics, thoughts, tony trenkle)
According to report on patient privacy (RPP), the industry’s most practical source of news on HIPAA patient privacy provisions, the compliance reviews which began last month “are separate and unrelated to audits being conducted by the HSS Office of Inspector General (OIG).” Tony Trenkle, director of the CMS Office of E-Health Standards and Services, told RPP that “the focus is broader than just hospitals, although they are included. In the future we may work with OIG, but these are two separate proceses.” Trenkle’s senior policy advisor, Lorraine Tunis Doo, added: “we will interview the people who are appropriate to the documentation and policy and procedures that we need to evaluate. Whoever is relevant will need to be there. It could be different at every review.” In regards to the 283 security complaints logged by the CMS as of December 2007, Trenkle said: “the majority of allegations are of inappropriate access and risk of inappropriate disclosure.”
Well, as the Centers for Medicare and Medicaid Services (CMS) start to integrate the compliance review process there are a bunch of pertinent questions that come to my mind. Firstly, how will the CMS reviews impact the current state of electronic patient health care data and email management? Would a serious HIPAA violation change the way that electronic information is managed by health care providers? What is the difference between a HIPAA security compliance review and an OIG audit? Would the agency doing the testing (OIG or Office of E-Health Standards and Services) impact the stringency required for the security and privacy of an email archiving system? Will the OIG and CMS Office for E-Health Standards and Services be working together in the future? If the answer is yes, would this create a uniform policy and method for testing electronic patient health care data? Would the OIG merely be setting the stage for Tony Trenkle by doing preliminary investigation work? How many entities will be reviewed? What other health care providers and facilities will be subject to HIPAA email compliance regulations besides hospitals? Stay tuned for updates.
Simplicato's Weblog 