Exchange Server 2019, 2016, 2013, and 2010 all come with native archiving capabilities, but if you want to make sure your organization is compliant with all privacy and data protection laws, regulations and policies, it’s much better to opt for a custom-built archiving solution than relying on Exchange archive software.
Despite modern technologies, email remains one of the most widely-used channels of business communication. At the same time, these messages contain sensitive and valuable data, such as contracts, agreements, invoices, and trade secrets, to name just a few. Due to the confidentiality and value of this content, different regulations have been put in place to ensure proper and safe data management, retention, and discovery.
In addition to that, there’s another issue that organizations have to deal with – growing data. IT departments have to find a solution for a rapid increase in data storage requirements and ensure the optimum performance of their email servers.
Key Reasons to Archive Your Business Email
There are different reasons why you should implement an email archiving solution, and some of the most important include:
- Regulatory compliance
- Safeguarding intellectual property
- Data and storage management
- Preventing data corruption
- Optimizing email server performance
Microsoft Exchange Native Archiving and Discovery Capabilities
To meet the need for email archiving solutions, Microsoft rolled out its native email archiving, retention, and discovery functionality with its Exchange Server 2010. These capabilities were improved and updated with subsequent Exchange Server 2013, 2016, and 2019 versions.
There are two archiving capabilities Microsoft Exchange server offers to its users.
- Using a large mailbox allows users to keep all their emails.
- In-Place Archiving, previously known as the Personal Archive feature, allows users to store messages in an additional, secondary mailbox, associated with their primary mailbox.
Users can move their email messages between primary and secondary mailboxes.
Users or the organization’s IT department can set different Retention rules. Also, as you move emails from your primary mailbox to the separate mailbox for archived emails, different rules can be implemented.
Some of them are: moving emails from the primary mailbox after a specified number of days to the archive mailbox; moving emails to a subfolder created in the archive mailbox after a specified number of days; or moving emails from the subfolder in the archive mailbox to the deleted items folder after a specified number of days. There’s also an option to permanently delete emails from the Exchange Server.
The IT department can create default rules while end users can modify these rules to fit their own needs. In case there’s no rule for a particular folder, a default rule applies.
Users can search their own folders in the archive mailbox and access any email just like it is in the primary mailbox. There’s also a user-friendly search interface for non-technical users such as legal and compliance officers who perform legal discovery searches. These users can also perform role-based multi-mailbox searches. Exchange 2019, for example, allows for a single search of up to 10,000 mailboxes.
In-Place Hold and Litigation Hold
Exchange Server 2019 offers two types of holds: Litigation Hold and In-Place Hold. You can enable Litigation Hold to place a hold on all items in the mailbox to stop end-users from editing, deleting, or altering in any way any email in both the primary archive mailbox. In-Place Hold is used to place hold only the items that meet the criteria of a search query defined by the In-Place eDiscovery tool. For both types of holds, it’s possible to specify the duration period.
|Related: Why Legal Hold Is a Must-Have Feature in Email Archiving|
Exchange Archive Software: Native Archiving Limitations
Even though Microsoft is on the right course when it comes to introducing archiving to its Exchange Server, this native solution still leaves a lot to be desired. The most important issue is that the end-user is in control of certain features, and that’s a big shortcoming in terms of regulatory compliance.
Since archiving is an important procedure, archiving policy decisions should be made by the top management. It’s strongly advised to archive all incoming and outgoing email messages across your organization. Another best-practice policy is that end-users shouldn’t be the ones to decide on which emails to archive and which to delete because:
- It’s time-consuming since such a decision needs careful consideration.
- They might make a bad decision and delete emails that should be saved and archived.
So, when an email is misplaced or accidentally deleted, end-users turn to the IT department for the recovery procedure. But, if you use the Exchange archive software, this problem can’t be solved. A lost or deleted email can’t be found because it has never been archived in the first place. And that’s why this archiving solution isn’t the best option.
Similarly, retention policies should be defined by the top management too. Taking into consideration the government and industry regulations, a retention policy should be implemented across the entire organization.
Since not all employees/users have sufficient knowledge or understanding of the constantly-evolving corporate regulatory requirements, it shouldn’t be their call to decide on whether and how long to retain email messages.
To avoid this, organizations should task legal and compliance departments with creating these policies and implementing them enterprise-wide.
|Related: Email Retention Policy Best Practices for 2022|
Role-based access control and multi-mailbox search are essential features of an effective archiving solution. Even though the Exchange archiving software offers these features, they lack some functionality. The purpose of discovery is to help with legal or information requests. But the thing is that the content has to be in a shareable format.
In case of litigation, emails could serve as evidence and therefore need to be submitted to the authorities. An information request refers to instances in which an institution has to give access to its emails to someone outside the organization.
The Exchange archive software doesn’t have a tool for sharing the content after it’s found through ediscovery.
|Related: Ediscovery and Email Archiving in 2022: Is Your Organization Ready?|
4. In-Place Hold and Litigation Hold
The Exchange archive software allows organizations to place Litigation Hold and In-Place Hold. However, although these features prevent end-users from deleting, modifying, or altering the existing email messages, the fact that they’re notified about a hold will let them know that their correspondence is being monitored.
So, if they’re engaged in any suspicious or illegal activities, this will be a signal for them to stop and refrain from using their email for this purpose. Needless to say, this will leave organizations or authorities without valuable evidence.
In other words, Litigation Hold isn’t something that end-users should be aware of.
Native Exchange Archiving Problems
Some essential features are missing even from the latest version of Microsoft’s Exchange archiving solution, which is why a third-party archiving tool is a must. Here are some features that every archiving software should have.
1. Audit trail
For organizations to meet strict standards of regulatory compliance, they need a tool that will help them keep audit logs of activities of a specific user. This feature allows compliance officers, HR managers, and authorities to see whether there was an attempt of unauthorized access to certain records, who viewed a particular document or tried to modify retention rules, or who attempted to override their authority.
2. Tags and comments
These features are useful since not every email found during the discovery phase will be relevant and shared with authorities, so that organization can provide an appropriate reason to document why a specific email is – or isn’t — handed over.
Tags are also used to streamline the process flow. Tags such as “to be reviewed” or “reviewed” indicate the place of an email in the process flow and make it easier for compliance officers to access them.
Automatic classification of email content has become an indispensable tool for organizations. With an email archiving solution, companies can quickly and easily organize and classify their emails, and if necessary share them with authorities in case of litigation.
4. PII redaction
Both ediscovery and open data / FOIA requests often require redaction of certain sensitive or personally identifiable information. Organizations using Exchange would need to rely on a separate redaction software for optimally handling such requests. Some third-party Exchange archiving solutions have an integrated redaction feature, which saves both time, money and effort needed to respond to requests and meet tight state-imposed deadlines.
Technical Shortcomings of Native Exchange Archiving Solutions
The Exchange Server will perform optimally only if its disk space and processing power are balanced. However, as the amount of stored email grows, disk storage space reduces and more processing power is necessary to complete various tasks, such as sending or receiving an email message. When this happens, it’s known as server bloat. Email server admins usually place a mailbox quota in order to limit the uncontrollable storage growth.
This brings us to another issue. Due to mailbox quotas that limit the size of their mailboxes, users back up and export their emails to .PST files and save them locally. In other words, the content of their emails is no longer located on the Exchange Server. This creates a whole series of compliance and management issues.
1. The problem with uncontrollable storage growth
There’s nothing wrong with .PST files other than the fact that the IT department can’t access and control them. These files aren’t backed up on the Exchange Server, which makes them inaccessible in case of a discovery request. This also means that you can’t place a litigation hold or apply the retention policy on them. Moreover, .PST files are susceptible to data corruption.
All this makes it very difficult for the IT department to extract vital information out of a .PST file. Microsoft tried to solve this problem by suggesting that users import their .PST files to their personal archive folders, but although this seems like a reasonable solution, it results in server bloat and a huge increase in storage price. This makes native Exchange archiving software a far from optimal solution.
2. Lack of single-instance storage (SIS)
Single-instance storage (SIS) makes sure that your files take as little as possible storage space. It refers to the functionality which allows the same attachment sent by two different users to be saved and archived as a single copy. The lack of this feature is one of the reasons behind such uncontrollable storage growth.
Besides offering the SIS feature, an effective email archiving solution should also offer the attachment deduplication feature. For example, a company logo that’s part of a signature in all company emails, shouldn’t be stored multiple times.
|Related: Email Archiver Features: Deduplication, Single-Instance Storage and Compression|
Email Archiving in Exchange 2007, 2003 and Older Versions
The only solution for the companies still using Exchange Server 2007 or an even older version is implementing a third-party archiving solution.
Microsoft Exchange Server 2007 and older versions lack a native email archive solution. However, these Exchange servers come with a journaling feature that many many third-party email archive tools use. This feature stores copies of all the incoming and outgoing emails into the so-called journal mailbox.
Once an archive solution is implemented, it will connect to the journal mailbox and archive all the emails.
Although Microsoft Exchange Server offers a powerful email infrastructure, their native email archiving capabilities do not meet modern business requirements, especially for organizations in regulated industries. Exchange still lacks some essential features that will ensure regulatory compliance, efficient ediscovery, and ease of use without hurting server performance. That’s why implementing a third-party archiving solution is a must.
Although Exchange is one of the most popular email servers and is embraced by top enterprises, it was not built for archiving purposes. On the other hand, third party email archiving solutions like Jatheon were built precisely with archiving in mind.
Their architecture supports storing large amounts of data and its fast retrieval. By leveraging storage reduction techniques like single-instance email storage, compression, and de-duplication, these solutions prevent server bloat. In addition, their search and indexing technology allows them to quickly process billions of emails and manage compliance and ediscovery with a lot more success and speed.
To learn more about how Jatheon’s email archiving solutions work with Exchange and how your organization can improve compliance, FOIA and lawsuit management using our tools, contact our team of experts or book a 1:1 demo.