If your business is looking for an effective, secure and compliant cloud-based email archiving appliance, you need to evaluate the options carefully. Not all cloud-based appliances for archiving emails are the same. Some lack the mechanisms to optimize performance, while others fail to ensure compliance with industry retention and audit regulations.
Naturally each business has its own motives for considering an email archiving appliance. Whether your business´s motive is compliance, the freeing of Exchange server resources, the enhancement of employee productivity or the addressing of concerns about unsecured intellectual property sitting idle on a mail server, we hope this article is of value to you.
Why a Cloud-Based Email Archiving Appliance?
The first option to evaluate is the deployment option. There are several different ways in which an email archiving appliance can be deployed – as an on-premise hardware appliance, as a virtual software appliance, as a cloud-based solution, or as a hybrid between all three. The trend at present is to select cloud-based appliances for archiving emails.
The reasons behind this trend are scalability, flexibility, performance, and compliance. A cloud-based email archiving appliance expands dynamically in storage capacity as your email data grows over time. Hardware and software appliances have their limits about how much email data they can store – limits that can be reached quickly if your business exchanges emails containing high-resolution images. Even if not, capacity can soon be exceeded. According to Gartner’s 2019 Email Report, the number of emails sent and received per day was predicted to reach 250 billion in 2019. For an organization with 200 users, that equates to around 1 TB of business critical data per year, and that information needs to be managed efficiently and compliantly.
Hardware appliances, software appliances and – to a degree – hybrid solutions are not ideal to use as part of a disaster recovery plan. Removable devices can be damaged or stolen, while virtual software appliances can be corrupted. By comparison, a cloud-based email archiving appliance stores archived emails securely in a data center where they are automatically backed up and virus scanned.
Other Compliance Issues to be Aware Of
While on the subject of disaster recovery plans, in order to be compliant with industry regulations relating to the retention of data, emails should be copied and archived at the same time as they enter or leave the mail server. A cloud-based email archiving appliance that only archives emails periodically will not capture an email that has been received/sent and deleted before archiving takes place.
Some cloud-based appliances for archiving emails have other compliance issues. Typically they lack a mechanism for delegating access to archived emails or an audit log to monitor access to archived data. These failings not only expose a business to the risk of data theft, but can lead to non-compliance in respect of retention regulations and laws relating to the unauthorized alteration of data.
Ideally, an email archiving appliance should protect vital email data by restricting access to just a few key employees and produce audit logs that identify when an email has been altered. In this respect, cloud-based appliances for archiving emails that can produce tamper-evident audit trails should be at the top of your list if your business operates in a regulated industry or is subject to the EU´s General Data Protection Regulation (GDPR). It is also essential for proof to be provided that an email has not been altered when complying with an e-Discovery request.
More about the EU´s General Data Protection Regulation
The EU´s General Data Protection Regulation applies to all businesses and organization that collect, process or maintain the personal data of EU residents – regardless of where businesses and organizations are located. The Regulation has ninety-nine articles relating to privacy and data security – the key ones relating to the individuals´ rights to request access, correction and erasure of any data held about them, and maintaining archived emails in a secure environment.
In order to comply with the EU´s General Data Protection Regulation, businesses and organizations must implement measures that address the compliance issues mentioned above (immediate archiving, audit logs, etc.) plus encrypt data at rest and in transit. Ideally (for the benefit of the organization or business) the measures must also be capable of retrieving personal data for access, correction or erasure quickly, as the GDPR only gives thirty days for satisfying those requests. Fast searching of the archive is also important. Some solutions, Office 365 for instance, only allow two searches to be performed at one time.
Stiff penalties can be applied for any organization or business that fails to comply with GDPR. Regulators have the authority to impose fines of up to €20 million or 4% of global turnover – whatever is the greater amount. It is also not necessary for a data breach to have occurred before a fine is imposed. If an access request is denied or delayed – or an organization fails a GDPR audit – financial penalties may still be applied and they can be substantial.
Optimizing Performance and Enhancing Productivity
The way in which an email archiving appliance copies and archives data can also have an impact on performance and productivity. Some cloud-based appliances for archiving emails simply pick up a whole email and any attachment and archive it. Others check for duplicated content and remove the duplicates areas before compressing and indexing the email.
The latter process means that there is not so much data to search through when an email archiving application retrieves an email. It also means the results of searches will have just one entry per email and not include duplicated results – an important consideration for cloud-based appliances for archiving emails that impose limits on the number of results returned per search – 250 emails for Office 365 by default.
Businesses that implement an email archiving application for productivity purposes often do so with the motive of giving employees the ability to search for their own lost, misfiled or deleted emails without having to trouble IT support. In order to achieve this goal, it is important that the email archiving application is easy for employees to use. If not, it will not achieve its objective.
Lessening the Risk of Data Theft from Inside and Out
Data theft can be a big problem for businesses. In 2016, Osterman Research released a report in which it was claimed 69% of businesses had suffered “a significant data or knowledge loss” due to employees either taking data with them or maliciously deleting and altering email data when they left for a new job. The claims mirrored those published in 2009 by the Ponemon Institute.
An email archiving appliance that immediately archives email data as it passes through the mail server, that restricts access to archived data through delegation, and that produces tamper-evident audit trails can lessen the risk of employee data theft and the impact it has on the business. These features can also mitigate against ransomware attacks, which have increased significantly in recent years.
Access to email data is critical to the successful operation of a business. A study by IDC suggested over 60% of a business’s data is stored in email, and often that data is not stored elsewhere. Cybercriminals are well aware of that and target email data. They gain access to networks, find mail servers, steal email data, and encrypt the database. A ransom demand is then issued for the key to unlock the encryption. Although data may be encrypted for compliance reasons – and therefore of no value to the hackers – without it many businesses are unable to function. An email archiving appliance with immediate archiving enables businesses to restore the encrypted data with the click of a mouse.
ArcTitan from SpamTitan – Compliant, Effective and Secure
ArcTitan is an industry-leading email archiving appliance – a cloud-based appliance containing all the features necessary to help businesses adhere to industry compliance standards, enhance productivity and lessen the risk of data theft. ArcTitan is easy to deploy, use and manage, and guarantees your business will never lose an email again.
ArcTitan is incredibly versatile. Archives can be accessed from any location through any browser, or through your standard mail client – Outlook for instance. ArcTitan is compatible with all leading email services and works across multiple servers and stores email data securely in the cloud in Replicated Persistent Storage on Amazon S3. ArcTitan is also lightning fast. ArcTitan can deduplicate, compress, index and archive up to 200 emails per second, and search a data store of 30 million emails in less than a second.
In terms of security, all email data is maintained in a data center with IL5 certification (the standard required for critical military national security) and all exchanges of data are conducted over mandatory TLS protocols. During exchanges of data, all passwords are hashed to add a further level of security to your business´s transactions.
Book a Free Demo of ArcTitan
If your business is in the process of evaluating cloud-based appliances for archiving emails, we invite you to book a free demo of ArcTitan in action. Our demo will show how easy it is to set up our email archiving appliance, import existing archived emails from MS Exchange, Google Apps, EML, MBOX, MSG or PST, or we can liaise with your IT department to seamlessly deploy ArcTitan within minutes.
To find out more about our free demo, or to ask any questions about appliances for archiving emails, contact us today. Our team of Sales Technicians will be happy to answer your questions and organize a demo at a time suitable for you and your team.