2004-08-31

Kawamoto, Dawn. Veritas buys UK firm. ZDNet UK News. Aug. 31, 2004.

News on Veritas Software's acquisition of KVS Inc. announced earlier today.

2004-08-26

O'Neill, Shane. E-mail archiving service offers 'limited liability'. SearchStorage.com. Aug. 10, 2004.

Amerivault E-mail Archiving Service announced earlier this month spawned this (possibly vendor-sponsored) article ... interesting discussion of liability in compliance-related litigation ... is the outsourced archival vendor liable in any way? Mention of Iron Mountain, KVS, Zantas, Connected and others.

2004-08-25

Microsoft Operations Manager 2005 RTM

A colleague of mine just pointed me to this blog posting ... Microsoft Operations Manager (MOM) 2005 has been released to manufacturing (RTM) ... you can also find more information on the MOM team's blog here:

Hermida, Alfred. Microsoft backs e-mail controls. BBC News. Oct. 21, 2003.

Older article I just stumbled across ... talks about Microsoft's Information Rights Management (IRM) integration into Microsoft Office to effectively provide control over e-mail forwarding, printing, etc. by recipients.

Another Blog on E-Mail Compliance & Business Controls

I've just recently found out about another blog on e-mail compliance being run by Christopher Byrne ... this is an outstanding blog focused on corporate governance, business controls and reporting, internal controls and other e-mail compliance issues from a Lotus & Domino perspective. Some great resources that are applicable to Exchange environments as well. Congratulations, Christopher, on passing your Certified Information Systems Auditor (CISA) Exam!

Sengupta, David. Factors to Consider in Implementing an Exchange Compliance Solution. Aug. 25, 2004.

Have been thinking about blogging this for awhile. There's alot of buzz in the industry about storage management especially as it pertains to compliance in Microsoft Exchange (and other) environments. Typically this tends towards archival, and alot of the information available in the public corpus is actually written by or commissioned by archival vendors. That said, let's take a step back and look at what I consider the four key areas that a company needs to address as part of a comprehensive storage management strategy to do with Microsoft Exchange. 1. Online Exchange Storage - first of all, companies need to manage what's stored in their production Exchange Infrastructure. From a compliance perspective, this means understanding content in message bodies and attachments stored throughout (a) mailboxes, (b) public folders, and (c) web storage system across the entire enviornment. 2. Exchange Archives - secondly, many companies have or are deploying an archival solution for Exchange. They need to manage their archives in order to understand what's there from a (a) message body and (b) attachment perspective. 3. Offline Exchange Storage - thirdly, companies need to address data that's in offline locations, notably in (a) PST files, (b) OST files, (c) mobile devices (i.e. blackberries, phones) and (d) other locations. While companies would typically like to turn a blind eye to these data storage locations, ignoring them implies substantial risk. From a compliance perspective, you absolutely need to think of PSTs as part of your overall messaging system. Do you know where all your PSTs are? Do you know what percentage of your overall corporate e-mail data storage exists within PSTs? Do you know who is storing e-mail within PSTs on a regular basis? Do you have a way of controlling PST usage? 4. Backups - finally, companies need to address backup media as part of their compliance solution. (a) If companies must retain certain e-mail content, and if backups are their only means of retaining e-mails, then they need to ensure that they're not overwriting backup tapes as part of a regular tape rotation. The vast majority of organizations do not think this through, and are in fact knowingly deleting corporate data that they need to be retaining. (b) Companies need to ensure backups are available when needed, meaning cycling tapes offsite needs to be part of the retention strategy. (c) Companies need to ensure they can actually access data on their backup media, meaning that regular 'fire drills' to test restorability of backups is essential to avoid recovery failures. (d) And finally companies need an agile and fast solution for searching for e-mail or attachment content across multiple backup media so that they are ready to respond to compliance-related investigations and can do so without substantial effort and cost. Companies that take a comprehensive approach to storage management in their Exchange environment will rest assured that they have the breadth of visibility into e-mails and attachments stored across their infrastructure to enforce appropriate retention and destruction policies and to respond to inquiries as they arise.

Rose, Michael. Review of SAIF Starts with Public Records. StatesmanJournal.com. Aug. 24, 2004.

SAIF is currently in court over mis-handling of public records. The former president of SAIF - Katherine Keene - testified that she cleaned out her Inbox by deleting all e-mails at the end of each business day, which was in violation of legislation requiring all public officials to keep most of their e-mail. Think about this some ... are you (i) aware of all the requirements for retention/destruction of e-mail that impact you personally in your role working for whatever organization you're with? (ii) which industry legislation applies to you? (iii) do you adhere to these regulations or are you in violation? (iv) what would the impact be on you personally and/or on your organization if this were to go to court? Scary but important to think this through.

Fowler, Tom. Probe Aims At Top: Investigators say Royal Dutch-Shell officials in sights. Aug. 25, 2004.

More on the SEC investigation of Shell. Part of the investigation centered around an e-mail written in October 2002 by the CEO of the exploration and production business at the time (Walter van de Vijver) in which he indicated there was a problem with Shell's disclosures. This highlights the challenge associated with SEC-type inquiries. Could your company find an e-mail from October 2002 with just knowledge of the subject line or keywords in the body? Where would you look? Exchange mailboxes? E-mail archive? Backup tape? PSTs? .MSGs in the file system? As you think through this you'll see the complexity and massive cost associated with these types of investigations. In many cases investigators will spend literally months restoring tape after tape and searching contents for items of interest. A solution like Recovery Manager for Exchange can drastically simplify this work as it relates to backup media but making sure you understand what's entailed and have a strategic plan in place to address forensic discovery is absolutely essential to mitigating risk, not to mention understanding your obligations in terms of retention and destruction of e-mail and/or documents per industry regulations.

Blum, Justin. U.S., Britain Fine Shell $150 Million. Washington Post. Aug. 25, 2004.

SEC investigation of Shell results in $150 million fine. SEC saild Shell failed to adequately train and supervise employees responsible for estimating and reporting proven reserves. Shell says they're spending $5 million onan internal compliance program as a result.

2004-08-23

Semilof, Margie. Microsoft keeping next Exchange data store on layaway. SearchExchange.com. Aug. 18, 2004.

Some interesting quotes from David Thompson (Microsoft VP Exchange). Discussion of Microsoft Best Practices Analyzer for Exchange. Mention of Microsoft "abstracting the storage layer" in future Exchange versions.

Hulme, George. E-Mail Is Risky Business. InformationWeek. Aug. 18, 2004.

Discussion of inappropriate use of e-mail and how this can affect intellectual property or pose liabilities for business. Many companies have appropriate usage policies but few monitor policy adherence.

Brunelli, Mark. Retrieval is the real trick of e-mail archiving. SearchExchange.com. Aug. 11, 2004.

Discussion of growth in e-mail archiving marketplace and drivers including retention regulations. Quotes Ferris Research Marc Lueschner to say the trend in archival will continue to grow for the near future. Also compares adoption rates of archival systems in the U.S. vs. ROW (Rest of World).

2004-08-06

Murray, William F. and Roland C. Goss, Esq. Current Issues In Electronic Discovery. Jorden Burt LL. Mondaq's Article Service. July 27, 2004.

Discussion of case in which former investment banker Frank Quattrone was convicted of obstructing justice and witness tampering based on e-mail sent by Quattrone to colleagues encouraging them to destroy files.

2004-08-05

Microsoft Corporation. Microsoft TechNet: Exchange Server Assistance Center Launched! Aug. 3, 2004.

FYI the new Microsoft Exchange Server Assistance Center has been launched and represents a central point of contact for you to find information on Microsoft Exchange Server. The Exchange Assistance Center is intended to help connect Exchange users with Exchange-related resources from Microsoft and the broader Exchange community.

Parry, Ed. E-legal and IMbarassing - CIOs must help tame e-mail beast. CIO News. Aug. 2, 2004.

Scott Nathan, an attorney specializing in cyber law and online privacy, delivered a session to CIOs at TechTarget's recent CIO Conference ... Nathan stressed the importance of developing a strategic plan to manage e-mail and instant messaging if companies are to avoid risk embarassment and/or legal issues.

[Vendor Press Release: Changing Mail] Change E-mail Even After It Has Been Read. Aug. 3, 2004.

Interesting product called "Changing Mail" allows content of e-mail messages to be changed dynamically within recipients' mailboxes. Example given was of an e-mail containing a weather forecast that adjusts content while in recipient Inboxes as the forecast changes.

Forest, Jim. E-Mail from Hell. Sojourners Magazine. September 2004

Interesting "e-mail thread" on faith, playing on C.S. Lewis' The Screwtape Letters (which is also well worth the read). Well written so thought I'd digress and blog ...

Yegyazarian, Anush. Is Your Personal E-Mail Really Private? PCWorld.com - Tech.gov. Aug. 4, 2004.

Examination of 1968's Wiretap Act (Chapter 119 of Title 18) and one of its amendments, 1986's Electronic Communications Privacy Act, demonstrating that these Acts actually deny privacy protection in e-mail communications specifically in a way that is contrary to the privacy protection afforded in other forms of personal communication.

2004-08-04

Gundling. Mike. What Every Company Should Know About Email Management for Sarbanes-Oxley Compliance. Sarbanes-Oxley Compliance Journal. July 1, 2004.

Simple overview of what companies need to know about Sarbanes-Oxley to assist in navigating the crowds of lawyers, consultants, analysts and vendors all clammoring to provide solutions or advice.

Casey, Mike. Sarbanes-Oxley and how it applies to e-mail archiving. SearchStorage.com Ask the Expert. March 29, 2004.

Discussion of the relationship between the Sarbanes-Oxley Act and e-mail archiving.

2004-08-03

Hayes, Frank. E-mail Answers to "E-mail glitch exposes private data in California". Computerworld. Aug. 2, 2004.

E-mail Answers - Computerworld Great list of reader responses on avoiding sending confidential e-mails outside of the corporate firewall & e-mail policy. Responses were to Dan Verton's July 6th article (here) and Frank Haye's subsequent July 12th commentary (here).

2004-08-01

Crossman, Penny Lunt. A Lemon That Makes Tasty Lemonade. Transform Magazine. July 2004.

Many companies who have deployed e-mail archival solutions in response to compliance issues are reaping additional benefits from their archival solution. This article expands on this value add.