O'Neill, Shane. E-mail archiving service offers 'limited liability'. SearchStorage.com. Aug. 10, 2004.
Amerivault E-mail Archiving Service announced earlier this month spawned this (possibly vendor-sponsored) article ... interesting discussion of liability in compliance-related litigation ... is the outsourced archival vendor liable in any way? Mention of Iron Mountain, KVS, Zantas, Connected and others.
Older article I just stumbled across ... talks about Microsoft's Information Rights Management (IRM) integration into Microsoft Office to effectively provide control over e-mail forwarding, printing, etc. by recipients.
Posted by P0stmaster at 12:29 PM
I've just recently found out about another blog on e-mail compliance being run by Christopher Byrne ... this is an outstanding blog focused on corporate governance, business controls and reporting, internal controls and other e-mail compliance issues from a Lotus & Domino perspective. Some great resources that are applicable to Exchange environments as well. Congratulations, Christopher, on passing your Certified Information Systems Auditor (CISA) Exam!
Posted by P0stmaster at 10:24 AM
Sengupta, David. Factors to Consider in Implementing an Exchange Compliance Solution. Aug. 25, 2004.
Have been thinking about blogging this for awhile. There's alot of buzz in the industry about storage management especially as it pertains to compliance in Microsoft Exchange (and other) environments. Typically this tends towards archival, and alot of the information available in the public corpus is actually written by or commissioned by archival vendors. That said, let's take a step back and look at what I consider the four key areas that a company needs to address as part of a comprehensive storage management strategy to do with Microsoft Exchange. 1. Online Exchange Storage - first of all, companies need to manage what's stored in their production Exchange Infrastructure. From a compliance perspective, this means understanding content in message bodies and attachments stored throughout (a) mailboxes, (b) public folders, and (c) web storage system across the entire enviornment. 2. Exchange Archives - secondly, many companies have or are deploying an archival solution for Exchange. They need to manage their archives in order to understand what's there from a (a) message body and (b) attachment perspective. 3. Offline Exchange Storage - thirdly, companies need to address data that's in offline locations, notably in (a) PST files, (b) OST files, (c) mobile devices (i.e. blackberries, phones) and (d) other locations. While companies would typically like to turn a blind eye to these data storage locations, ignoring them implies substantial risk. From a compliance perspective, you absolutely need to think of PSTs as part of your overall messaging system. Do you know where all your PSTs are? Do you know what percentage of your overall corporate e-mail data storage exists within PSTs? Do you know who is storing e-mail within PSTs on a regular basis? Do you have a way of controlling PST usage? 4. Backups - finally, companies need to address backup media as part of their compliance solution. (a) If companies must retain certain e-mail content, and if backups are their only means of retaining e-mails, then they need to ensure that they're not overwriting backup tapes as part of a regular tape rotation. The vast majority of organizations do not think this through, and are in fact knowingly deleting corporate data that they need to be retaining. (b) Companies need to ensure backups are available when needed, meaning cycling tapes offsite needs to be part of the retention strategy. (c) Companies need to ensure they can actually access data on their backup media, meaning that regular 'fire drills' to test restorability of backups is essential to avoid recovery failures. (d) And finally companies need an agile and fast solution for searching for e-mail or attachment content across multiple backup media so that they are ready to respond to compliance-related investigations and can do so without substantial effort and cost. Companies that take a comprehensive approach to storage management in their Exchange environment will rest assured that they have the breadth of visibility into e-mails and attachments stored across their infrastructure to enforce appropriate retention and destruction policies and to respond to inquiries as they arise.
Posted by P0stmaster at 2:13 AM
SAIF is currently in court over mis-handling of public records. The former president of SAIF - Katherine Keene - testified that she cleaned out her Inbox by deleting all e-mails at the end of each business day, which was in violation of legislation requiring all public officials to keep most of their e-mail. Think about this some ... are you (i) aware of all the requirements for retention/destruction of e-mail that impact you personally in your role working for whatever organization you're with? (ii) which industry legislation applies to you? (iii) do you adhere to these regulations or are you in violation? (iv) what would the impact be on you personally and/or on your organization if this were to go to court? Scary but important to think this through.
Fowler, Tom. Probe Aims At Top: Investigators say Royal Dutch-Shell officials in sights. Aug. 25, 2004.
More on the SEC investigation of Shell. Part of the investigation centered around an e-mail written in October 2002 by the CEO of the exploration and production business at the time (Walter van de Vijver) in which he indicated there was a problem with Shell's disclosures. This highlights the challenge associated with SEC-type inquiries. Could your company find an e-mail from October 2002 with just knowledge of the subject line or keywords in the body? Where would you look? Exchange mailboxes? E-mail archive? Backup tape? PSTs? .MSGs in the file system? As you think through this you'll see the complexity and massive cost associated with these types of investigations. In many cases investigators will spend literally months restoring tape after tape and searching contents for items of interest. A solution like Recovery Manager for Exchange can drastically simplify this work as it relates to backup media but making sure you understand what's entailed and have a strategic plan in place to address forensic discovery is absolutely essential to mitigating risk, not to mention understanding your obligations in terms of retention and destruction of e-mail and/or documents per industry regulations.
Posted by P0stmaster at 2:04 AM
SEC investigation of Shell results in $150 million fine. SEC saild Shell failed to adequately train and supervise employees responsible for estimating and reporting proven reserves. Shell says they're spending $5 million onan internal compliance program as a result.
Posted by P0stmaster at 1:55 AM
Semilof, Margie. Microsoft keeping next Exchange data store on layaway. SearchExchange.com. Aug. 18, 2004.
Some interesting quotes from David Thompson (Microsoft VP Exchange). Discussion of Microsoft Best Practices Analyzer for Exchange. Mention of Microsoft "abstracting the storage layer" in future Exchange versions.
Posted by P0stmaster at 11:24 PM
Discussion of inappropriate use of e-mail and how this can affect intellectual property or pose liabilities for business. Many companies have appropriate usage policies but few monitor policy adherence.
Posted by P0stmaster at 3:23 PM
Discussion of growth in e-mail archiving marketplace and drivers including retention regulations. Quotes Ferris Research Marc Lueschner to say the trend in archival will continue to grow for the near future. Also compares adoption rates of archival systems in the U.S. vs. ROW (Rest of World).
Posted by P0stmaster at 3:20 PM
Murray, William F. and Roland C. Goss, Esq. Current Issues In Electronic Discovery. Jorden Burt LL. Mondaq's Article Service. July 27, 2004.
Discussion of case in which former investment banker Frank Quattrone was convicted of obstructing justice and witness tampering based on e-mail sent by Quattrone to colleagues encouraging them to destroy files.
Posted by P0stmaster at 12:45 AM
FYI the new Microsoft Exchange Server Assistance Center has been launched and represents a central point of contact for you to find information on Microsoft Exchange Server. The Exchange Assistance Center is intended to help connect Exchange users with Exchange-related resources from Microsoft and the broader Exchange community.
Posted by P0stmaster at 10:21 AM
Scott Nathan, an attorney specializing in cyber law and online privacy, delivered a session to CIOs at TechTarget's recent CIO Conference ... Nathan stressed the importance of developing a strategic plan to manage e-mail and instant messaging if companies are to avoid risk embarassment and/or legal issues.
Posted by P0stmaster at 10:10 AM
Interesting product called "Changing Mail" allows content of e-mail messages to be changed dynamically within recipients' mailboxes. Example given was of an e-mail containing a weather forecast that adjusts content while in recipient Inboxes as the forecast changes.
Posted by P0stmaster at 2:48 AM
Interesting "e-mail thread" on faith, playing on C.S. Lewis' The Screwtape Letters (which is also well worth the read). Well written so thought I'd digress and blog ...
Posted by P0stmaster at 2:46 AM
Examination of 1968's Wiretap Act (Chapter 119 of Title 18) and one of its amendments, 1986's Electronic Communications Privacy Act, demonstrating that these Acts actually deny privacy protection in e-mail communications specifically in a way that is contrary to the privacy protection afforded in other forms of personal communication.
Posted by P0stmaster at 2:09 AM
Gundling. Mike. What Every Company Should Know About Email Management for Sarbanes-Oxley Compliance. Sarbanes-Oxley Compliance Journal. July 1, 2004.
Simple overview of what companies need to know about Sarbanes-Oxley to assist in navigating the crowds of lawyers, consultants, analysts and vendors all clammoring to provide solutions or advice.
Posted by P0stmaster at 8:09 PM
Casey, Mike. Sarbanes-Oxley and how it applies to e-mail archiving. SearchStorage.com Ask the Expert. March 29, 2004.
Discussion of the relationship between the Sarbanes-Oxley Act and e-mail archiving.
Posted by P0stmaster at 8:07 PM
Hayes, Frank. E-mail Answers to "E-mail glitch exposes private data in California". Computerworld. Aug. 2, 2004.
E-mail Answers - Computerworld Great list of reader responses on avoiding sending confidential e-mails outside of the corporate firewall & e-mail policy. Responses were to Dan Verton's July 6th article (here) and Frank Haye's subsequent July 12th commentary (here).
Posted by P0stmaster at 12:51 PM
Many companies who have deployed e-mail archival solutions in response to compliance issues are reaping additional benefits from their archival solution. This article expands on this value add.
Posted by P0stmaster at 4:08 PM