Microsoft has provided email archiving for Outlook since the introduction of MS Exchange 2010 but, for many organizations, it is not an ideal solution. Microsoft´s email archiving for Outlook does not have a backup and restore facility by default, archived email can only by accessed via an Outlook plugin, and multiple copies of the same email, email content or attachment are saved in the archive folders – quickly using up storage space and depleting the resources available to the Exchange server.
Although Microsoft offers a premium cloud-based solution to overcome storage space issues, this too is not ideal. Microsoft´s solution fails to consider that organizations may want to enforce enterprise-wide archiving policies or retention policies. The cloud-based solution has been criticized for its latency, the inability to conduct more than two searches concurrently, and for limiting default end-user search results to 250 emails. Naturally, the solution fails to support any email service other than Outlook and you have to pay for the number of mailboxes, not the number of active users.
There is also a major compliance issue. Both Microsoft´s on-premise and cloud-based solutions for email archiving for Outlook fail to protect emails in the archive from being altered or tampered with. There are no tamper-evident audit logs to identify when archived emails have been accessed, meaning that an organization cannot prove an email contains original, immutable content. Basically if you are looking for compliant email archiving for Outlook, you need to look at third-party solutions.
The Importance of Tamper-Evident Audit Logs for GDPR Compliance
The EU´s General Data Protection Regulation (GDPR) was introduced in May 2018 with the objective of giving EU citizens more rights over how their personal data is obtained, process, shared and retained. Among the articles relating to data privacy and security, Article 2 states “businesses must protect personal data against accidental or unlawful destruction or accidental loss and to prevent any unlawful forms of processing, in particular any unauthorized disclosure, dissemination or access, or alteration of personal data.”
Without tamper-evident audit logs, it will be impossible for a business to identify whether or not personal data has been accessed or altered without authorization – exposing the business to potential fines for non-compliance. The restrictions on searches and search results could also prove to be a stumbling block if businesses retain large databases of data relating to EU citizens, who now have the right to request access to data and for their requests to be attended to within thirty days.
Several other areas of GDPR compliance should be of concern to businesses using Outlook for email archiving. For example, the minimum necessary rule and the rule stipulating personal data should only be retained for as long as there is a lawful basis for retaining it will affect how businesses apply archiving and retention policies. These policies need to be GDPR-compliant in order to pass GDPR audits and mitigate the consequences should a breach of personal data occur.
How Email Archiving for Outlook Should Work
Email archiving for Outlook should make life easier for IT teams and administrators rather than the opposite. It should copy all inbound and outbound emails that pass through an organization´s mail server, and remove duplicated content before indexing and compressing the data. The archives should be accessible to authorized users from any Internet-enabled device, and “stubs” of archived emails should remain on the mail server to enable quick and accurate searches.
A system of delegated access should be in place to ensure business-critical email is only accessible by authorized personnel and to prevent employee data theft. There should be a simple method for applying and enforcing enterprise-wide archiving policies and retention policies, and reporting mechanisms in place so that administrators can monitor access to archived items and identify any unusual or client-specific activity.
Most importantly, email archiving for Outlook should be compliant. It is not just Microsoft´s inability to prevent the unauthorized alteration of emails that is of concern. Organizations relying on Microsoft´s email archiving for Outlook as part of a disaster recovery plan are going to be very disappointed when they find out they needed to deploy and configure Exchange-aware, VSS-based backups in advance. Naturally, the backup software fails to support any email service other than Outlook.
Key Features to Achieve the Objectives of Email Archiving
Depending on the nature of your organization, the industry it operates in and its size, you may have several different objectives of email archiving. Some organizations will aim to reduce the load on their mail server, others will want to use the features of email archiving for Outlook to increase productivity or to centralize email distributed across multiple servers in one location. However, in order to maximize the effectiveness of an archiving solution, it should include the following key features:
- Deduplication and stubbing to maximize the speed at which searches are conducted.
- Delegated access to set permission levels and mitigate the risk of email data theft.
- Tamper-evident auditing to ensure the integrity of archived email data.
Unless organizations have a justifiable reason for choosing on-premise email archiving for Outlook, all emails should be archived in the cloud. It is always in an organizations best interests to ensure the destination data center has a security rating of IL4 or higher, and that all communications between users and the data center are conducted by mandatory TLS protocols. This level of security will ensure that email data are not at risk from “Man-in-the-Middle” attacks or other interceptions.
ArcTitan: Compliant Email Archiving for Outlook from WebTitan
ArcTitan is a cloud-based email archiving solution from WebTitan that ensures compliance with industry regulations. ArcTitan is an ideal solution for email archiving for Outlook as it allows administrators to define their own retention policies to suit the organization´s regulatory and compliance needs. It also includes the three key features organizations need to achieve their objectives of email archiving.
ArcTitan is compatible with multiple exchange servers and multiple exchange stores. In addition to supporting Outlook via a browser-based portal or Outlook plug-in, the solution also supports numerous other email services and applications including Google, Zimbra, AXIGen, Neon Insight and iMail. ArcTitan can be integrated with LDAP, Active Directory and NetIQ to set permission levels quickly and easily.
ArcTitan is also very fast. It is capable of deduplicating, indexing, compressing and archiving up to 200 emails per second. It can search a database of 30 million emails within a second and scales up to 60,000 users with no loss of performance. Searches can be saved or automated, and a choice of options exists for the retrieval of emails. Extensive journal reporting can also be exported in PDF or TIFF formats. Ail data is stored securely in the cloud on Replicated Persistent Storage on AWS S3 with the archive automatically backed up. ArcTitan is a set and forget solution that acts as a black box flight recorder for email. When you need to access emails in the archive, you can do so quickly and easily and can be sure that emails will never be lost.
If your organization is concerned about the shortcomings of Microsoft´s email archiving for Outlook, contact us today and speak with our team of Sales Technicians about a free demo of ArcTitan. Our team will be happy to schedule a convenient time for you and your team and answer your questions about seamlessly deploying ArcTitan.
ArcTitan Product Overview
Click to Download PDF