Navigation * Home / News / Is E-mail A Monster? ------------------------------------------------------------------------------------------------------------------- Is E-mail A Monster? Tony Lock ------------------------------------------------------------------------------------------------------------------- In the English language the saying "You can't see the wood for the trees" is usually interpreted as meaning that some things can become so frequently used and accepted that they effectively disappear. In many ways e-mail has managed just this trick in just about every business. Unfortunately, this “out of sight” acceptance of electronic mail must not be allowed to become confused with “out of mind”. Various laws, both national and international, and the requirements industry regulations and compliance initiatives will not allow this type of attitude to hold sway for long. Indeed, the very fact that the status of e-mail documents has now been established to be comparable with legally binding documents in many jurisdictions makes this stance no longer tenable. Indeed at a recent conference staged by Corporate Internet on Email Retention and Forensic Compliance, Stephen Mason, a leading barrister and author of “E-mail and the Internet at Work” gave a very enlightening presentation on the many and varied legal implications that surround the use, storage and deletion of e-mail messages. Frankly the shear number of regulations that apply to all organisations and across many different areas of business, from contract law to liable, is bewildering and occasionally downright contradictory making life potentially very awkward for IT staff. The fact that many e-mail messages may contain mixed types of information, including business details, contractual information and the purely personal simply adds to the confusion. Each separate class of data will have different retention and compliance requirements potentially requiring both the retention and deletion of the same message. The entire area of compliance and operational risk management is one that is currently a major concern to the end user community and is therefore a focus of attention for many IT vendors. Certainly every supplier of storage management software has something to offer but the Cryoserver solution available from Corporate Internet takes slightly different approach to typical e-mail archive solutions. Based on the premise that neither archiving nor document management alone provide sufficient protection, Cryoserver is an appliance-based tool that seeks to provide organizations with a “Forensic Compliance System”. The software operates on server hardware platforms from the company’s partners such as IBM and Sun Microsystems. In operation the Cryoserver system is capable of trapping all e-mail that is sent to, from or around an organization effectively creating an audit copy of all electronic mail. Each and every mail message may be stored, in an encrypted, compressed manner with the data digitally signed, including any attachments. Policies set by the organization then prevent a message being deleted within a specified retention period. The system supports most of the major e-mail platforms, including Microsoft Exchange, Lotus Notes, Novell GroupWise and Sun. Cryoserver comes complete with sophisticated Indexing and reporting capabilities making it relatively quick and simple to search through the stored archive to retrieve information based on a wide range of search criteria. Whilst each mail user may search through their own stored mail, only privileged users can search across all of the system. It is important to note that each instance of such a search is audited with nominated “Data Guardians” notified of the details of the search, who carried out the inquiry and the reasons for it. There are already several well documented cases of organisations suffering significant financial consequences and reputation damage from e-mail abuse it is clear that each organisation needs to ensure that it has appropriate e-mail usage policies in place to inform employees of what they are permitted to do with their corporate e-mail access. It is also essential that the policy refers to the potential need to audit the mail repository, who may perform such searches and under what conditions. Good process is at the heart of all compliance initiatives but appliances such as Cryoserver can support and simplify such efforts. |
|
|