Despite the innovation in communication technology, email still remains the world’s most widely used business communication channel and Microsoft Exchange is one of the biggest email server providers on the market.
But Exchange in itself isn’t specialized for archiving, leading to many things falling through the cracks when it comes to privacy and data protection.
And with compliance laws being so strict in recent years with sensitive and valuable data being sent through email, Exchange might not be the best option to archive your email for compliance.
This article will help you decide if Exchange is enough for you or if you should start looking for a better more specialized archiving solution.
Why Should You Even Archive Your Business Email?
There are different reasons why you should implement an email archiving solution, and some of the most important include:
- Regulatory Compliance – Archiving email is mandatory for you to abide by data retention laws like GDPR, HIPAA, and SOX.
- eDiscovery – Simplifies the process of searching and retrieving emails for legal purposes which saves you time and resources.
- Legal Protection – Archived emails serve as a valuable record in case of legal disputes or investigations, providing evidence and protecting your business.
- Data Recovery – Email archives ensure you can recover important emails in case of accidental deletion, data corruption, or system failures.
- Historical Reference – Access to archived emails aids in tracking the history of projects, decisions, and conversations.
- Data Security – Archiving protects sensitive information by keeping it in a secure, tamper-proof environment.
- Email Server Optimization – Archiving reduces email server load, enhancing system performance and reducing storage costs.
But how does the Microsoft Exchange archiving solution stack when it comes to providing you with security and ensuring your compliance?
Microsoft Exchange Native Email Archiving and Ediscovery Capabilities
To meet the need for email archiving solutions, Microsoft rolled out its native email archiving, retention, and discovery functionality with its Exchange Server 2010.
These capabilities were improved with each subsequent upgrade to Microsoft Exchange.
Currently, Microsoft Exchange email archiving offers four primary features.
Microsoft Exchange’s native email archiving lets users and businesses archive data in two distinct ways:
- Users can utilize their primary mailbox to store email for prolonged periods of time.
- In-Place Archiving uses one centralized archiving mailbox which takes email from the primary inbox and stores it. This process is automated and set up by the defined email retention policy.
Opting for the second option allows users to freely move email messages between the primary and archiving mailboxes allowing for basic archive management.
Microsoft Exchange offers the archive administrators (usually the IT department) the ability to set different retention email retention rules.
These rules move the emails from the primary to the archiving inbox depending on the rule with an option for manual movement.
Some of these rules can be:
- Moving emails to the archiving inbox after a specific number of days.
- Moving emails to a subfolder created in the archive mailbox after a period of time.
- Moving email from the subfolder in the archive to a deleted items folder.
- Permanently deleting emails after a period of time.
The IT department can create default rules while end users can modify these rules to fit their own needs. In case there’s no rule for a particular folder, a default rule applies.
Users can search their own folders in the archive mailbox and access any email just like it is in the primary mailbox.
There’s also a user-friendly search interface for non-technical users such as legal and compliance officers who perform legal discovery searches.
These users can also perform role-based multi-mailbox searches. Exchange 2019, for example, allows for a single search of up to 10,000 mailboxes.
In-Place Hold and Litigation Hold
Exchange Server offers two types of holds: Litigation Hold and In-Place Hold.
These features allow users to label certain emails not to be changed, deleted, or any type of edits for long periods in case of legal cases.
This feature works for both primary and archive mailboxes.
In-Place Hold is used to place a hold only on the items that meet the criteria of a search query defined by the In-Place ediscovery tool. For both types of holds, it’s possible to specify the duration period.
Microsoft Exchange Native Archiving Limitations
Even though Microsoft is on the right course when it comes to introducing archiving to its Exchange Server, this native solution still leaves a lot to be desired.
The most critical issue is the control given to the end-user which provides them with too much power to alter the archive, leading to non-compliance.
Besides this, there are four more big outliers:
Archiving policy decisions should only be made by the top management, never the end-user.
It’s also strongly advised to archive everything, both incoming and outgoing messages across your whole organization.
Another best-practice policy is that end-users shouldn’t be the ones to decide on which emails to archive and which to delete because:
- It’s time-consuming since such a decision needs careful consideration.
- They might make a bad decision and delete emails that should be saved.
So, when an email is misplaced or accidentally deleted, end-users turn to the IT department for the recovery procedure.
This is a huge issue when using Exchange archiving as most deleted emails can’t be found because they weren’t archived in the first place.
There’s no option that automatically archives every email, it’s all left to the end-user which is a huge risk.
Similarly, retention policies should be defined by the top management too. Taking into consideration the government and industry regulations, a retention policy should be implemented across the entire organization.
Given the dynamic nature of corporate regulatory requirements, users may not always possess the expertise to determine email message retention periods.
This means that they should never be able to decide for how long to retain emails on their own.
To avoid this, organizations should task legal and compliance departments with creating these policies and implementing them enterprise-wide.
|Related: Email Retention Policy Best Practices for 2022|
Role-based access control and multi-mailbox search are essential features of an effective archiving solution.
Even though Exchange offers these features, they lack the core functionalities of an ediscovery solution.
The purpose of ediscovery is to help with legal or information requests. But the thing is that the content has to be in a shareable format.
In case of litigation, emails could serve as evidence and therefore need to be submitted to the authorities. An information request refers to instances in which an institution has to give access to its emails to someone outside the organization.
The Exchange archive software doesn’t have a tool for sharing the content after it’s found through ediscovery.
Another huge drawback is Exchange’s limited search options, leading to long ediscovery times and big request backlogs.
|Related: Ediscovery and Email Archiving in 2022: Is Your Organization Ready?|
In-Place Hold and Litigation Hold
As mentioned, the Exchange archiving solution allows you to place litigation holds and in-place holds on email when needed.
However, although these features prevent end-users from deleting or modifyingthe existing email messages, the fact that end-users are notified about a hold will let them know that their correspondence is being monitored.
So, if they’re engaged in any suspicious or illegal activities, this will be a signal for them to stop and refrain from using their email for this purpose. Needless to say, this will leave organizations or authorities without valuable evidence.
In other words, Litigation Hold isn’t something that end-users should be aware of.
Important but Missing Features From Exchange
Exchange archiving is missing crucial features for a proper archiving solution, which holds it back from being the right choice for any organization.
Many third-party archiving solutions are much more equipped and have must-have features for you to stay compliant and perform ediscovery.
For an organization to meet the strict regulatory compliance requirements, everything needs to be stored, even the activities of users using the archive.
This means that an audit log is a must-have feature if you want to stay compliant.
It allows compliance officers and authorities to see whether there was an unauthorized attempt to access archived records, who viewed a particular document, and if they tried to modify them.
Audit logs can even be set up to notify archive managers of any unauthorized action which leads them to easily find out what’s going on.
Not to mention that everything being done in the archive is recorded and can be pinpointed to the person, date, and original state of documents.
Tags and comments
As not every email found during ediscovery will be relevant and shared with authorities, organizations can provide appropriate reasons why specific emails weren’t handed over.
This can easily be done with comment features, allowing users to leave comments on any email and why they didn’t send them over.
On the other hand, features like tags allow users to streamline their flow by marking emails with custom labels like “to be reviewed” or “reviewed”.
This makes it easy for users and compliance officers to know in which state the emails are and what needs to be done next.
Tags can also be used for non-compliance actions like organizing the archive or organizing emails for different cases by creating case-specific tags.
With email being so prevalent, nobody can stare at the screen 24/7 and decide if the email should be retained, deleted, or which category it belongs to.
These actions need to be performed automatically as emails come in or go out.
Most email archiving solutions let users create rules for emails that allow them to automatically organize and classify emails.
They don’t have to worry about deletion and retention as they can tell the solution how their retention policy looks like and it takes care of all the work.
When the retention period expires, and the email isn’t under legal hold, it gets automatically deleted (e.g. Delete email from the archive after 7 years.)
Both ediscovery and open data / FOIA requests often require the redaction of sensitive or personally identifiable information.
Organizations using Exchange would need to rely on a separate redaction software for optimally handling such requests.
On the other hand, some third-party Exchange archiving solutions have an integrated redaction feature, which saves time, money, and effort needed to respond to requests and meet tight state-imposed deadlines.
With all of these archiving limitations, you also need to consider Exchange’s technical limitations when considering a third-party solution.
Technical Shortcomings of Native Exchange Archiving Solutions
The Exchange server is fully capable of handling your emails for some time if they are being deleted in shorter timespans.
But here lies the problem, you can’t delete email or you won’t comply with data email compliance laws.
Without you deleting emails the number of stored emails grows, storage space reduces, and Exchange servers start to slow down.
It takes more and more time to complete various tasks like sending and receiving emails. This common issue is called server bloat.
This is why server admins usually place a mailbox quota in order to limit the uncontrollable storage growth and try to keep servers at optimal speeds.
But as said, if you can’t delete emails and there’s limited storage, what’s the solution?
Well, most users opt to export their email to a PST file and save them locally on their machines which brings with it a series of compliance and management issues.
The problem with uncontrollable storage growth
The biggest problem of storing email on personal machines besides it not being compliant is that the IT department can’t access them.
These files aren’t backed up on the Exchange Server, which makes them inaccessible in case of a discovery request.
Moreover, you can’t place a litigation hold or apply retention policies on them and if they are stored as PST, they are prone to corruption.
All of this makes it difficult for the IT department to extract vital information from a .PST file.
Microsoft tried to solve this problem by suggesting that users import their PST files to their personal archive folders, but although this seems like a reasonable solution, it results in server bloat and a huge increase in storage price.
This makes native Exchange archiving software a far from optimal solution.
Lack of single-instance storage (SIS)
Single-instance storage (SIS) makes sure that your files take as little as possible storage space.
It refers to the functionality that allows the same attachment sent by two different users to be saved and archived as a single copy.
The lack of this feature is one of the reasons behind such uncontrollable storage growth.
Besides offering the SIS feature, an effective email archiving solution should also offer the attachment deduplication feature. For example, a company logo that’s part of a signature in all company emails, shouldn’t be stored multiple times.
Although Microsoft Exchange Server offers a powerful email infrastructure, its native email archiving capabilities do not meet modern business requirements, especially for organizations in regulated industries.
Exchange email archiving lacks essential features that ensure regulatory compliance, efficient ediscovery, and ease of use.
This is why a third-party archiving solution is a must.
Email archiving solutions like Jatheon were built with archiving first in mind and have a whole suite of features to make email archiving easy.
It solves all of Exchange’s shortcomings:
- Automated email archiving, retention, and organization.
- Email file deduplication.
- Advanced ediscovery search filters.
- Audit logs and adequate administrative roles.
- Legal hold and litigation hold.
- Email labeling with tags.
|Learn more about Jatheon’s email archiving solution and how it works with your Exchange server. Keep your organization compliant, speed up your ediscovery, and improve your archiving process.|