Jamie Davis, VP, Education, Product Management and Quality Control | Safe Systems
Whether it’s an internal request from management or an official court subpoena, the need to locate specific emails or email chains is a very real concern in today’s landscape. When it comes time to review specific email messages there seems to be confusion as to what options exist.
Without an email archival solution any email retention is dependent largely on the end user and finding or reviewing all email is nearly impossible. Should an employee’s email need to be reviewed or documented, then an administrator cannot depend upon the message to still reside on the email server itself or exist at all in email server backup repositories. Moreover, neither of these options offer a usable way to search for emails, nor do they guarantee that any given email will be available to review. Email archival is the only way to ensure an email can be located and reviewed if the need arises.
Oftentimes, the terms backup and archival are thought to be two sides of the same coin, but each satisfies a unique business need. Below are some of the key characteristics of email backups and email archival. By highlighting the areas where these two concepts diverge, this article aims to clarify why backups really can’t be reliably used for email retrieval and why archival is not a substitute for email backups.
- Email backups run on a scheduled basis
- Typically as often as every 2 hours and a little as once a day
- Backups keep email located in the inbox, sent, or deleted items at time of backup
- Retention is essentially defined by end user
- Backups are kept for a defined period of time
- Typically as little as 15 days or as long as 90 days
- Restoring specific email(s) may be difficult and time consuming
- Searching for specific email(s) in a backup may be very difficult, time consuming, or impossible
- Individual does not have ability to find or restore their own email
- Intent of email backups is to restore a specific email from a given location on a given date or an exchange database in the event of a server crash
- Email backups keep track of the status of the email
- Which folder the email belongs to, if it is in sent or deleted folder, etc
- Keeps a copy of every inbound and outbound message
- Retention defined by institution
- Does not rely on email to be in the users email mailbox at a specific time
- All emails are typically kept for as little as 1 year and as long as 7 years
- Retrieving a specific email is very easy
- Searching through an employee’s emails is very easy
- Can be done via review of all email or search for specific characteristics
- Individuals may be granted the right to search and restore their own email
- Intent of email archival is to provide an institution or individual the ability to find and/or review any email sent or received during the retention time frame
- Does not replace backups as email archival has no knowledge of which emails the users wants to keep, delete, etc. It also does not know to which folder the emails have been moved or in which they have been arranged
In the end, what are your email needs? What kind of history/logging do you want or need? All comprehensive security policies should account for data backups, but archival may be deemed a non-critical luxury by some institutions. The key is to make sure everyone understands what’s in places so no one has unreasonable expectations when they ask for an email that is no longer available.