Email and compliance: How not to blow the storage budget?
Commentards, we need your input
Compliance. Was there ever a word to strike such terror into the heart of the average techie? (OK, “Audit”. But don’t blame us, we didn’t want to say it…)
Juggling the often conflicting requirements of your budget and compliance is enough to give anyone a headache. So help us out with a question, if you would be so good.
Email, as you know, clogs up your storage boxes like nothing else. And if your policy is “hang on to it, you never know when you might need it” you could find yourself buying storage like it is going out of fashion. But is any other policy safe?
To sum up: Data retention is an increasingly complicated area. How do you make sure you are covered, without blowing your storage budget?
If you have some useful thoughts, please share them in the comments. If you don’t have any ideas, perhaps you’ll vote for the comments you think are best. We’ll be in touch with the “winner” to get a more in depth view.
Think you can help? Get thee to the comments…
Work out the maximum fine you could be hit with for non-compliance, then see how much it would cost to comply. If the cost of sticking two fingers up to the regulators is lower than the cost of complying, then choose the former.
Stop using HTML for email. That will solve quite a few storage/retrieval issues right there.
If you want proper auditing, then the documentation should come through a verified channel requiring password/certificate and date-time stamps.
It's not an IT issue.
This is a cultural issue, not a technical one.
Basically, if you're doing things properly, you shouldn't need the emails.
Most of the documents people are looking for should be stored somewhere else other than email. A document management system, a network share - whatever works for that team/group/organisation.
But email is attached to a person. Just because Bob closed the Acme sale, should you have to keep Bob's email forever? Even after he's left? No, the documentation for that sale - the terms, the contract, etc. - should be somewhere that ISN'T BOB'S MAILBOX.
However, people are lazy feckless ****holes who just don't get this, so we end up having to rummage through their crazy personal filing system to find a document that should have been stored somewhere properly.
The best, easiest way to reduce your email storage costs - for both compliance purposes and otherwise - is to follow three simple steps:
1. Make it easy to get stuff out of email and to somewhere secure, shared and useful.
2. Have low quotas.
3. Single-instance on commit to the compliance archive, to reduce storage costs.
If, for legal purposes, you have to keep every message for n years, your storage costs are always going to be high - because you'll be grabbing everything at the router, rather than relying upon backups from the user mailbox.
From-the-router style compliance archiving, even with single instancing, is ruinously expensive - and you should probably look at systems like Centera for the belt and braces you'll need.
For anything less, the solution is simple - get the stuff out of email. Make it gross misconduct (a sackable offence) for employees not to be doing that.
Your problem will then be document management / information management, but that's a nicer problem to have than "there's an email we need, might be one of these eight people, we think it was sent in 2008, why would you need an exact date?".
Make the cultural change, it'll save you loads of money.