If your organization operates in a regulated industry, and you use Microsoft´s premium email archiving for Office 365, you might want to look away now. Microsoft´s premium email archiving for Office 365 lacks certain key features that negatively affect its effectiveness and the integrity of email data.
Your organization may already be familiar with some of the issues if you use on-premise email archiving for Office 365 or email services other than Outlook, but few organizations are aware they may not be complying with industry regulations for security and auditing by continuing to use Microsoft´s service.
The Compliance Issues with Microsoft´s Premium Service
Although Microsoft´s premium service has a recovery plugin for backing up email data, it is not included in the service by default. Therefore, if your organization has not already deployed and configured an Exchange-aware, VSS-based backup, your disaster recovery plan is unlikely to work when you need it.
Probably of more concern to organizations in regulated industries is that there are no safeguards to prevent emails being altered without authorization. Being unable to prove an email contains original, immutable content will not only create a compliance issue during HIPAA or SOX audits, but will also create a problem if the content of an email is relied upon to support litigation.
Audit logging in Office 365 is not active by default, so administrators have to manually enable this function. Another issue is the length of time that an audit record is retained and can be searched. that depends on the type of Office 365 subscription. Currently, there is no audit log retention in the E1 plan, the E3 plan only retains the log records for 90 days, and it is just a year with the E5 plan. Office 365 archiving should be carefully evaluated to make sure it meets your compliance requirements.
GDPR Compliance Issues in Non-Regulated Industries
Compliance issues also exist outside regulated environments. Since 2006, it has been a legal requirement under the Federal Rules of Civil Disclosure to produce Electronically Stored Information (ESI) if required to do so by a court order and – since 2018 – it has also been necessary to provide access to any retained personal data when requested by an EU citizen under the General Data Protection Regulation (GDPR):
The GDPR regulation is particularly relevant to email archiving for Office 365 because organizations that obtain, process or retain EU citizens´ personal data must have mechanisms in place to prevent the unauthorized alteration of an EU citizen´s personal data – something Office 365 is unable to do. Therefore, if an organization continues to use Microsoft´s default service without a supplementary mechanism to prevent any unauthorized alteration, the organization will be in breach of GDPR and subject to a fine of up to €20 million.
How Email Archiving for Office 365 Could Become Compliant
In order for Microsoft´s email archiving for Office 365 to become compliant it would need to copy emails entering and leaving the mail server in real time, or at least have a way in which administrators could configure the Outlook plug in to apply organization-wide archiving and retention policies. Many cloud-based email archiving solutions use unique message hashes and digital fingerprinting which clearly demonstrate the emails are original to standards acceptable by the courts.
How Else Could Email Archiving for Office 365 be Improved?
Another issue with Microsoft´s premium service is the way in which it archives emails. There is no removal of duplicated content or attachments, or even duplicated company logos. All of this excess data slows down searches and results in duplicated content being returned in search results.
While on the subject of searches, Microsoft´s email archiving not only limits the number of searches that can be performed concurrently to two, but also limits the number of results per search by default to 250. These limits are not very practical if yours is a large organization with multiple teams – HR, legal and IT for example – that need to search archived emails at the same time.
The indexing structure on Office 365 is based on mailboxes, which makes searching slow, and the more mailboxes there are, the slower the search. Searches could well take several hours, and you will not find out the results until the search has been completed across all mailboxes. Exports can also only be conducted one at a time. For exports for eDiscovery, the process could well take several days. Another issue for large organizations is searches can only be performed on a maximum of 10,000 mailboxes at a time. These and other issues have led many businesses to search for an archiving solution that has eDiscovery capabilities built into the core of the solution.
Basically, You Need a Different Solution
There are a number of third-party solutions for effective, secure and compliant email archiving for Office 365, but how do you know which is the right one? The first thing you need to look for is scalability – typically a cloud-based solution that expands in line with your email database.
In order to minimize your costs and generate faster searches, you should evaluate solutions that deduplicate and compress email data during the archiving process – preferably solutions that leave “stubs” of archived emails for more effective email management.
Naturally a mechanism for delegating access should be included, plus automated reporting options for governance of the solution; and – ideally – the chosen solution should support other email services in addition to Office 365 as well as multiple Exchange servers and multiple Exchange stores.
Introducing ArcTitan Email Archiving for Office 365
ArcTitan email archiving for Office 365 includes all the features for effective, secure and compliant email archiving that Microsoft seems to have left out. It is fast, it is secure and, most importantly it can restore deleted emails with the click of a mouse and so is a reliable tool to use in a disaster recovery plan.
ArcTitan is easy to deploy, use and manage. It is versatile, scalable up to 6,000 users, and capable of deduplicating, indexing, compressing and archiving up to 200 emails per second. ArcTitan email archiving for Office 365 is compatible with every operating system and all major email services.
Further advantages of ArcTitan email archiving for Office 365 include:
- Scalable, email archiving that grows with your business
- Email data stored securely in the cloud on Replicated Persistent Storage on AWS S3
- Lightning fast searches – Search 30 million emails a second
- Rapid archiving at up to 200 emails a second
- Automatic backups of the archive
- Email archiving with no impact on network performance
- Ensure an exact, tamperproof copy of all emails is retained
- Easy data retrieval for eDiscovery
- Protection for email from cyberattacks
- Eliminate PSTs and other security risks
- Facilitates policy-based access rights and role-based access
- Only pay for active users
- Slashes the time and cost of eDiscovery other formal searches
- Migration tools to ensure the integrity of data during transfer
- Seamless integration with Outlook
- Supports, single sign-on
- Save and combine searches
- Perform multiple searches simultaneously
- Limits IT department involvement in finding lost email
- Compliant with regulations such as HIPAA, SOX, GDPR, Federal Rules of Civil Procedure, etc.
- ArcTitan has no proprietary formats, so you are free to move archived email data as you wish.
- No proprietary formats means no costly or time-consuming data conversions.
- Your email data is stored, transferred and retrieved using open standards.
- Import existing archived email data from MS Exchange, Google Apps, EML, MBOX, MSG or PST.
- Export email data archived on ArcTitan using EML, MGG, PGF, TIFF and PST formats.
Find Out More about ArcTitan and Take Advantage of a Free Trial
If you have concerns about the issues raised above, you are invited to contact us and discuss your concerns with one of our Sales Technicians. We will ask you about any existing arrangement your organization has in place for email archiving for Office 365, and walk you through the benefits of ArcTitan as they apply in your specific circumstance.
If you feel that ArcTitan could be a more effective, secure and compliant solution than the arrangement you have in place at present, you will be invited to try ArcTitan free for thirty days. There are no contracts to sign, no set up costs and our team will liaise with your IT department to arrange a seamless deployment of our solution within a day.