Microsoft has provided email archiving for Outlook since the introduction of MS Exchange 2010 but the email archiving solution does not always fulfil the necessary requirements for efficiency or compliance. For example, Microsoft´s basic email archiving for Outlook service does not have a backup and restore facility, and archived emails reside in an archive folder – which uses up storage space on the server.
For business experiencing issues with server storage space, Microsoft offers a premium email archiving service for Outlook, but this too has its problems inasmuch as it is not possible to apply business-wide retention policies. The premium service has also been criticized for being too slow, for limiting the number of searches that can be conducted simultaneously, and for restricting search results to 250 results per search.
Microsoft´s email archiving for Outlook also has compliance issues. Both the on-premises and cloud-based premium service lack audit trails to disclose when emails have been amended or deleted without authorization. Because there is no way of telling if an email has been tampered with, it is impossible to know when to restore an email to its previous version or prove an email included in eDiscovery is in its original format.
Why Tamper-Evident Audit Logs are Necessary for GDPR Compliance
Tamper-evident audit logs are necessary to prove compliance with a number of federal and state regulations, but in particular for the EU´s General Data Protection Regulation (GDPR). Among the rules relating to data privacy and security, Article 2 of GDPR states “businesses must protect data against accidental or unlawful destruction or accidental loss and to prevent any unlawful forms of processing, in particular any unauthorized disclosure, dissemination or access, or alteration of personal data.”
As Microsoft´s email archiving service for Outlook lacks an audit log facility, it is impossible to identify when data contained within an email has been accessed or altered without authorization – exposing the business to potential fines for non-compliance. The limitations on simultaneous searches and search results could also prove to be an issue if EU citizens exercise their right to request access to data maintained about them, and for their requests to be resolved within the thirty days allowed.
Other areas of compliance with GDPR will concern businesses using Outlook for email archiving – notably the rules stipulating that only the minimum data necessary to achieve the objective of collecting the data should be retained, and that once the intended purpose of the data has been achieved, it should be deleted. These rules will affect how businesses apply archiving and retention policies, which need to be GDPR-compliant in case the business is audited for GDPR compliance or a breach of data occurs.
What Email Archiving for Outlook Should Look Like
In a perfect world, email archiving for Outlook should make life easier for businesses. All incoming and outgoing emails would be copied in real time, all duplicated content and attachments would be removed, and data would be indexed and compressed before archiving took place. This would ensure accurate copies of emails were easy to search for and obtaining search results would take minutes.
There would be easy-to-manage access controls to ensure only authorized employees were able to access business-critical archived emails, there would be a simple process for implementing and enforcing business-wide archiving and retention policies, and there would be a suite of reports available to administrators in order to monitor access to archived data and identify suspicious activity.
With regard to disaster recovery – another important area of regulatory compliance – it should be possible to restore emails and email databases with the click of a mouse. Microsoft´s email archiving for Outlook requires businesses to deploy and configure Exchange-aware, VSS-based backups in advance; and, if the business uses any other email service in addition to Outlook, find a separate solution to restore data from that service – because Microsoft´s premium backup software only restores Outlook.
ArcTitan: Efficient and Compliant Email Archiving for Outlook
ArcTitan is a cloud-based email archiving service from SpamTitan that ensures efficiency and compliance with industry regulations. ArcTitan is an ideal solution for businesses experiencing issues with Microsoft´s email archiving for Outlook, as it allows administrators to define and enforce retention policies that suit the business´s needs.
With regards to efficiency, ArcTitan is capable of de-duplicating, indexing, compressing, and archiving up to two hundred emails per second. Authorized users can perform multiple searches simultaneously due to ArcTitan´s lightning fast search capabilities (ArcTitan can search a database of thirty million emails within a second), with no limit on search results and no loss of performance.
ArcTitan is compatible with multiple exchange servers and multiple exchange stores. In addition to supporting email archiving for Outlook via a web portal or plug-in, ArcTitan also supports many other email services and applications including Google, Zimbra, AXIGen, Neon Insight and iMail. ArcTitan can be integrated with LDAP, Active Directory and NetIQ to apply access controls quickly and easily.
Therefore, if your business is experiencing issues with Microsoft´s email archiving for Outlook, do not hesitate to get in touch and ask our Sales Technicians about our free trial offer. Our team will be happy to answer your questions and guide you through the process of registering for your free trial of ArcTitan, or liaise with your IT department in order to seamlessly deploy ArcTitan into your existing infrastructure.