Sengupta, David. Factors to Consider in Implementing an Exchange Compliance Solution. Aug. 25, 2004.

Have been thinking about blogging this for awhile. There's alot of buzz in the industry about storage management especially as it pertains to compliance in Microsoft Exchange (and other) environments. Typically this tends towards archival, and alot of the information available in the public corpus is actually written by or commissioned by archival vendors. That said, let's take a step back and look at what I consider the four key areas that a company needs to address as part of a comprehensive storage management strategy to do with Microsoft Exchange. 1. Online Exchange Storage - first of all, companies need to manage what's stored in their production Exchange Infrastructure. From a compliance perspective, this means understanding content in message bodies and attachments stored throughout (a) mailboxes, (b) public folders, and (c) web storage system across the entire enviornment. 2. Exchange Archives - secondly, many companies have or are deploying an archival solution for Exchange. They need to manage their archives in order to understand what's there from a (a) message body and (b) attachment perspective. 3. Offline Exchange Storage - thirdly, companies need to address data that's in offline locations, notably in (a) PST files, (b) OST files, (c) mobile devices (i.e. blackberries, phones) and (d) other locations. While companies would typically like to turn a blind eye to these data storage locations, ignoring them implies substantial risk. From a compliance perspective, you absolutely need to think of PSTs as part of your overall messaging system. Do you know where all your PSTs are? Do you know what percentage of your overall corporate e-mail data storage exists within PSTs? Do you know who is storing e-mail within PSTs on a regular basis? Do you have a way of controlling PST usage? 4. Backups - finally, companies need to address backup media as part of their compliance solution. (a) If companies must retain certain e-mail content, and if backups are their only means of retaining e-mails, then they need to ensure that they're not overwriting backup tapes as part of a regular tape rotation. The vast majority of organizations do not think this through, and are in fact knowingly deleting corporate data that they need to be retaining. (b) Companies need to ensure backups are available when needed, meaning cycling tapes offsite needs to be part of the retention strategy. (c) Companies need to ensure they can actually access data on their backup media, meaning that regular 'fire drills' to test restorability of backups is essential to avoid recovery failures. (d) And finally companies need an agile and fast solution for searching for e-mail or attachment content across multiple backup media so that they are ready to respond to compliance-related investigations and can do so without substantial effort and cost. Companies that take a comprehensive approach to storage management in their Exchange environment will rest assured that they have the breadth of visibility into e-mails and attachments stored across their infrastructure to enforce appropriate retention and destruction policies and to respond to inquiries as they arise.