Electronic Message Archiving and Risk Management
By James Geis
Director - Sorage Solutions
Forsythe Solutions Group, Inc.
According to a recent survey conducted by the ePolicy Institute in conjunction with the American Management Association, electronic message misuse is an increasingly serious business problem. In the United States, one out of five companies has experienced litigation, fired an employee or suffered a security breach because of electronic messaging misuse. And some industry estimates suggest that more spam is sent than legitimate messages.
From a business perspective, exercising control over this widely misused medium needs to be a key element of proactive risk management. Fortunately, electronic message archiving and management software and appliances are among the best risk mitigation tools available for information management. They decrease administrative overhead, automate the audit trail and discovery retrieval processes, establish safeguards to monitor and protect an organization’s information, and relieve high-end computing resources from the burden of processing unnecessary messages. These tools can easily control misuse-related security issues, from the inbound and outbound transfer of company information (e.g., price lists or other confidential content) to the sharing of intellectual property (whether yours or your client’s). They also stop viruses, spam, phishing and a host of other e-fraud. Best of all, implementing an archiving solution tool can be one of the easiest initiatives for an organization to implement.
But, as with any form of information management, the first step must be to establish a policy that covers employee usage of electronic messaging mediums as well as the storage of messages. Let’s face it; some people think laws are made to be broken. Effective policies provide clear and concise guidelines for sometimes vague or ambiguous directives. Any policy program should have a defined owner, formal communication and education processes, an enforcement and remediation plan, and a constant feedback loop for review from start to finish. It also must be documented and published, and designed in such a way that it can be monitored (real-time) and audited (retroactive review). An appropriate use of electronic assets policy would define to whom messages can be sent (the end-user cannot control from whom they receive messages) and what can be contained within the message (e.g., business purpose, correct grammar, attachments, language, business etiquette).
The next step is to develop management guidelines regarding the creation, access, retention and deletion of electronic messages and other digital information. Such guidelines dictate storage, location, replication, backup and restoration, security, archiving, disaster recovery and business continuity requirements. In turn, these requirements will dictate operational and capacity requirements for the supporting technology.
Management guidelines must be based on a definitive understanding of what exactly constitutes a business record and how all electronic message mediums should be used. What messages should be kept, for how long and on what storage tier? What business reasons (regulatory, litigious or otherwise) dictate file deletion? What are the legal requirements for saving messages and for finding and providing the right messages within a certain time frame? How complex is the task currently and how simple does it need to be?
Some organizations choose not to allow mailboxes to be stored on laptops, PDAs or cell phones to mitigate risk if a device is stolen or lost. In addition, centralizing the organization’s information on one platform can make it more cost-efficient to build the underlying technology infrastructure and to coalesce the management of that information, including storage, backup, recovery and security, into existing operational processes.
Fundamentally, you want to put the electronic messaging policies, management guidelines, operational procedures and tools in place that will best defend your organization against possible risk. By proactively taking control of electronic messaging before a problem occurs, your business can reap cost benefits as well as the benefits of more secure information, and, thus, a more secure reputation.
James E. Geis is director of storage solutions for Forsythe Solutions Group, a Skokie-Ill.,-based provider of technology infrastructure solutions. Geis developed Forsythe’s unique information management framework – the roadmap Forsythe uses for information and storage consulting engagements.
To learn more about Forsythe, visit www.forsythe.com. To read more information management articles or to learn more about Forsythe’s information management solutions, visit http://www.forsythe.com/Forsythe/infraservices/storage/index.jsp
|
