If your organization operates in a regulated industry, and you use Microsoft´s premium email archiving for Office 365, you might want to look away now. Microsoft´s premium email archiving for Office 365 lacks certain key features that negatively affect its effectiveness and the integrity of email data.
Your organization may already be familiar with some of the issues if you use on-premise email archiving for Office 365 or email services other than Outlook, but few organizations are aware they may not be complying with industry regulations for security and auditing by continuing to use Microsoft´s service.
The Compliance Issues with Microsoft´s Premium Service
Although Microsoft´s premium service has a recovery plugin for backing up email data, it is not included in the service by default. Therefore, if your organization has not already deployed and configured an Exchange-aware, VSS-based backup, your disaster recovery plan is unlikely to work when you need it.
Probably of more concern to organizations in regulated industries is that there are no safeguards to prevent emails being altered without authorization. Being unable to prove an email contains original, immutable content will not only create a compliance issue during HIPAA or SOX audits, but will also create a problem if the content of an email is relied upon to support litigation.
GDPR Compliance Issues in Non-Regulated Industries
Compliance issues also exist outside regulated environments. Since 2006, it has been a legal requirement under the Federal Rules of Civil Disclosure to produce Electronically Stored Information (ESI) if required to do so by a court order and – since 2018 – it has also been necessary to provide access to any retained personal data when requested by an EU citizen under the General Data Protection Regulation (GDPR):
The GDPR regulation is particularly relevant to email archiving for Office 365 because organizations that obtain, process or retain EU citizens´ personal data must have mechanisms in place to prevent the unauthorized alteration of an EU citizen´s personal data – something Office 365 is unable to do. Therefore, if an organization continues to use Microsoft´s default service without a supplementary mechanism to prevent any unauthorized alteration, the organization will be in breach of GDPR and subject to a fine of up to €20 million.
How Email Archiving for Office 365 Could become Compliant
In order for Microsoft´s email archiving for Office 365 to become compliant it would need to copy emails entering and leaving the mail server in real time, or at least have a way in which administrators could configure the Outlook plug in to apply organization-wide archiving and retention policies.
To resolve the issue regarding unauthorized email alteration, there needs to be a mechanism to delegate access so that only employees in senior positions can access archived business-critical data. There should also be reporting options in place to monitor access to archived emails and identify any unusual or client-specific activity.
How Else Could Email Archiving for Office 365 be Improved?
Another issue with Microsoft´s premium service is the way in which it archives emails. There is no removal of duplicated content or attachments, or even duplicated company logos. All of this excess data slows down searches and results in duplicated content being returned in search results.
While on the subject of searches, Microsoft´s email archiving not only limits the number of searches that can be performed concurrently, but also limits the number of results per search by default to 250. These limits are not very practical if yours is a large organization with multiple teams – HR, legal and IT for example – that need to search archived emails at the same time.
Basically, You Need a Different Solution
There are a number of third-party solutions for effective, secure and compliant email archiving for Office 365, but how do you know which is the right one? The first thing you need to look for is scalability – typically a cloud-based solution that expands in line with your email database.
In order to minimize your costs and generate faster searches, you should evaluate solutions that deduplicate and compress email data during the archiving process – preferably solutions that leave “stubs” of archived emails for more effective email management.
Naturally a mechanism for delegating access should be included, plus automated reporting options for governance of the solution; and – ideally – the chosen solution should support other email services in addition to Office 365 as well as multiple Exchange servers and multiple Exchange stores.
Introducing ArcTitan Email Archiving for Office 365
ArcTitan email archiving for Office 365 includes all the features for effective, secure and compliant email archiving that Microsoft seems to have left out. It is fast, it is secure and, most importantly it can restore deleted emails with the click of a mouse and so is a reliable tool to use in a disaster recovery plan.
ArcTitan is easy to deploy, use and manage. It is versatile, scalable up to 6,000 users, and capable of deduplicating, indexing, compressing and archiving up to 200 emails per second. ArcTitan email archiving for Office 365 is compatible with every operating system and all major email services.
Further advantages of ArcTitan email archiving for Office 365 include:
- ArcTitan has no proprietary formats, so you are free to move archived email data as you wish.
- No proprietary formats means no costly or time-consuming data conversions.
- Your email data is stored, transferred and retrieved using open standards.
- Import existing archived email data from MS Exchange, Google Apps, EML, MBOX, MSG or PST.
- Export email data archived on ArcTitan using EML, MGG, PGF, TIFF and PST formats.
Find Out More about ArcTitan and Take Advantage of a Free Trial
If you have concerns about the issues raised above, you are invited to contact us and discuss your concerns with one of our Sales Technicians. We will ask you about any existing arrangement your organization has in place for email archiving for Office 365, and walk you through the benefits of ArcTitan as they apply in your specific circumstance.
If you feel that ArcTitan could be a more effective, secure and compliant solution than the arrangement you have in place at present, you will be invited to try ArcTitan free for thirty days. There are no contracts to sign, no set up costs and our team will liaise with your IT department to arrange a seamless deployment of our solution within a day.