– Balaji Srinivasan, director of microsoft exchange products at Sherpa Software (www.sherpasoftware.com), says:
The amount of electronic data flowing through organizations is growing at an incredible rate. Much of this information is collected and stored. According to a whitepaper published by Osterman Research, 75 percent of the information end users need to do their jobs is stored in email. The consequences of this are numerous, and include typical data management issues such as the cost of storage and difficulties with backup and recovery. In today’s heavily regulated environment, there are more significant challenges associated with ensuring all corporate data meets relevant organization and industry requirements and is accessible for legal and eDiscovery purposes.
Where is all this data coming from? Email has been an ongoing culprit. Despite the rise of other methods of communication, email remains the primary means of corporate communication and continues to grow and generate the vast amount data being retained and managed by IT departments. In a recent report, Osterman Research found that the average email system message store size had increased by more than 25 percent during the past 12 months for nearly half of organizations. The firm further estimated that storage-related issues such as increasing message size, increasing backup and restore times, and lack of messaging-related disk space constitute three out of the five leading problems in managing messaging systems.
These issues, in particular the “slowness” of email, has created a need for a more immediate means of communication, resulting in the rise in use of instant messaging and social media. However, corporate information shared over instant messages and social networks is subject to the same regulatory and compliance requirements as email and other corporate data. As organizations grapple with the right corporate social media strategy, the fact remains that it is turning into another area through which information is distributed and warrants monitoring.
The drop in the cost of storage devices has led to another trend. Rather than taking the time to clean up their environment, individuals and organizations seemingly retain more and more, potentially unneeded, data. With the increased adoption of document management applications such as Microsoft SharePoint, duplication of data across multiple repositories, such as files stored both in network shares and also in SharePoint, is steadily on the rise.
Security is another obvious concern when looking at managing large volumes of data across multiple repositories. Although data leakage has received a lot of attention recently through the activities of Wiki Leaks, it is an age-old problem. With all the different avenues for easily extracting and sharing information – from physical media such as thumb drives to technologies such as email, instant messaging and social media outlets – there are an increasing number of ways for information to leave an organization.
While organizations have been dealing with many of these challenges for a number of years, the sheer volumes of data involved makes managing them a daunting task. Recent regulatory changes such as updates to the Federal Rules of Civil Procedure (FRCP) and other more industry-specific requirements such as HIPAA covering healthcare, the Sarbanes-Oxley Act (SOX) covering publicly traded companies, and the US Securities and Exchange Commission rules covering the financial industry, organizations have eliminated unpreparedness as an excuse for not meeting data collection and retention requirements. The consequences for failing to produce information can be crushing.
The remainder of this article will provide strategies IT administrators can use to alleviate some of this burden and better prepare their organizations to proactively meet these challenges. The first step is defining corporate policies around information management. This task certainly falls under the cliché of easier said than done, but it cannot be emphasized enough that this is absolutely necessary. A policy provides the framework for an information management strategy. It also justifies the actions IT will need to take to control corporate data.
There is plenty of information available on creating corporate policies. Depending on the size of the organization, this process should involve members from several departments within the organization. A clear and thorough policy definition makes for easier compliance and enforcement; so spend the necessary amount of time in this phase.
Under threat of repercussions that can be as severe as termination, corporate policies can be used to force employees’ adherence to corporate policies. For instance, a policy could require that no company information be shared on social media sites. Although difficult to monitor, the policy provides the cover to take appropriate action when a failure to comply is detected.
Given today’s eDiscovery and regulatory requirements, relying on users to comply with corporate policies is often not good enough. IT administrators need to have systems and processes in place to proactively manage corporate data. As has been well documented, the exponential growth of email isn’t showing signs of lessening. Although hosted email solutions seem to be gaining some steam, a majority of organizations still host and manage their own email infrastructure. The burden of management rests with the internal IT department.
When investigating an email policy enforcement system, exploring native tools is a good place to start. Most email platforms include some basic management capabilities. Microsoft Exchange, for instance, going as far back as Microsoft Exchange Server 5.5, has included a utility called Mailbox Manager to help enforce elementary retention policies. With each new version of the Exchange, there have been improved management capabilities, with Exchange 2010 incorporating some of the most advanced built-in capabilities to date. In situations where the built-in capabilities are not sufficient or are unable to meet an organization’s management needs, there are products available from third-party vendors that specialize in email management and can be used to augment or fulfill these needs.
On the topic of managing email, especially in Microsoft Exchange environments, one cannot ignore PST files. PST files are local archives created by end users of server-based email using the Microsoft Outlook email client. Since these are created locally, access to them, and quite often even their very existence, is beyond the purview of the IT administrator. Locating, managing and investigating the content within PST files can be a monumental task.
If your organization currently uses or has used PST files, it is wise to consider the use of a third-party email management product to assist with the task of identifying and locating all PST files across the company’s network storage and users’ desktops. Once located, you can use native or third-party tools to enforce your company’s email policy. If your policy calls for eliminating PST files from your environment, there are group policy options available to prevent the creation of PST files and to prevent addition of email data to existing PST files. Third party solutions can also assist in other areas such as ensuring compliance with corporate instant messaging policies.
If use of instant message is approved and necessary within your organization, it is advisable to deploy an approved corporate-wide instant messaging solution such as Microsoft Lync (formerly called Office Communicator) and IBM Lotus Sametime and disallow the use of other instant messaging options. This can be fairly easily enforced at the corporate network level to ensure compliance. Most corporate instant messaging solutions offer options to archive and store communication transcript history, providing a mechanism to capture and retain that information to comply with your organization’s messaging policy requirements.
If disabling the use of public instant messaging is not an option, capturing information transmitted across these channels will be a challenge. Here is where third-party solutions can assist. They are typically deployed as an appliance at the perimeter of the corporate network, which collects all instant message traffic and provides the data in several formats that can then be ingested into data repositories.
Hoarding of data on network file shares and in document management systems such as SharePoint is another place where data can accumulate and hide. There are a number of network storage devices that include advanced capabilities such as deduplication and enforcing user quota limits. Although these technologies assist in limiting data overload, mining the content in these collections is another challenge entirely. There are a number of search and indexing solutions available including some built into the native platforms that could alleviate the burden of managing this data. However, an obstacle encountered by a number of administrators is the need to perform a consistent search across all sources of data in an organization. Third-party archiving and eDiscovery solutions are an excellent solution to these types of business challenges.
IT administrators are well aware of many of these challenges. To address information overload, the best place to start is by creating a comprehensive and clear corporate policy regarding data storage and retention. It is important to investigate the native capabilities of the data platforms. Where these fail to meet the requirements of organizational policy guidelines, consider third-party solutions to augment these capabilities. Good luck!
For more information, visit www.sherpasoftware.com.