Microsoft has provided email archiving for Outlook since the introduction of MS Exchange 2010 but the email archiving solution does not always fulfil the necessary requirements for efficiency or compliance. For example, Microsoft´s basic email archiving for Outlook service does not have a backup and restore facility, and archived emails reside in an archive folder – which uses up storage space on the server.
For business experiencing issues with server storage space, Microsoft offers a premium email archiving service for Outlook, but this too has its problems inasmuch as it is not possible to apply business-wide retention policies. The premium service has also been criticized for being too slow, for limiting the number of searches that can be conducted simultaneously to two, and for restricting search results to 250 per search.
With Office 365, you don’t have real-time exports so it is necessary for an administrator to login and set search criteria and then an alert will be sent when the search is completed. If there is an error and there are no matches, the search will need to be run on all mailboxes before notification is received and then the process will need to start again.
The indexing structure on Office 365 is based on mailboxes, which makes searching slow, and the more mailboxes there are, the slower the search. Searches could well take several hours, and you will not find out the results until the search has been completed across all mailboxes.
Once searches are run, Office 365 gives two options. Send data to a discovery mailbox or place the emails on legal hold. The discovery mailbox has a size limit of 50GB, which may not be sufficient for eDiscovery requirements. Instead, you need to export to a PST file. That creates problems for further investigations which must be conducted outside of Office 365.
Microsoft´s email archiving for Outlook also has compliance issues. Both the on-premises and cloud-based premium service fall short when it comes to maintaining an audit trail. There is no audit log retention in the E1 plan, the E3 only retains the log records for 90 days, and E5 plans for just 1 year. The lack audit logs, or short retention periods for logs, may create issues when demonstrating emails are in their original form. There is potential for data to be added or deleted, which can be a problem for meeting the requirements of eDiscovery requests that require emails to be provided in the original form.
Why Tamper-Evident Audit Logs are Necessary for GDPR Compliance
Tamper-evident audit logs are necessary to prove compliance with a number of federal and state regulations, but in particular for the EU´s General Data Protection Regulation (GDPR). Among the rules relating to data privacy and security, Article 2 of GDPR states “businesses must protect data against accidental or unlawful destruction or accidental loss and to prevent any unlawful forms of processing, in particular any unauthorized disclosure, dissemination or access, or alteration of personal data.”
As Microsoft´s email archiving service for Outlook falls short in this area, it may not be possible to identify when data contained within an email has been accessed or altered without authorization – exposing the business to potential fines for non-compliance. The limitations on simultaneous searches and search results could also prove to be an issue if EU citizens exercise their right to request access to data maintained about them, and for their requests to be resolved within the thirty days allowed.
Other areas of compliance with GDPR will concern businesses using Outlook for email archiving – notably the rules stipulating that only the minimum data necessary to achieve the objective of collecting the data should be retained, and that once the intended purpose of the data has been achieved, it should be deleted. These rules will affect how businesses apply archiving and retention policies, which need to be GDPR-compliant in case the business is audited for GDPR compliance or a breach of data occurs.
What Email Archiving for Outlook Should Look Like
In a perfect world, email archiving for Outlook should make life easier for businesses. All incoming and outgoing emails would be copied in real time, all duplicated content and attachments would be removed, and data would be indexed and compressed before archiving took place. This would ensure accurate copies of emails were easy to search for and obtaining search results would take minutes.
There would be easy-to-manage access controls to ensure only authorized employees were able to access business-critical archived emails, there would be a simple process for implementing and enforcing business-wide archiving and retention policies, and there would be a suite of reports available to administrators in order to monitor access to archived data and identify suspicious activity.
With regard to disaster recovery – another important area of regulatory compliance – it should be possible to restore emails and email databases with the click of a mouse. Microsoft´s email archiving for Outlook requires businesses to deploy and configure Exchange-aware, VSS-based backups in advance; and, if the business uses any other email service in addition to Outlook, find a separate solution to restore data from that service – because Microsoft´s premium backup software only restores Outlook.
ArcTitan: Efficient and Compliant Email Archiving for Outlook
ArcTitan is a cloud-based email archiving service from SpamTitan that ensures efficiency and compliance with industry regulations. ArcTitan is an ideal solution for businesses experiencing issues with Microsoft´s email archiving for Outlook, as it allows administrators to define and enforce retention policies that suit the business´s needs.
With regards to efficiency, ArcTitan is capable of de-duplicating, indexing, compressing, and archiving up to two hundred emails per second. Authorized users can perform multiple searches simultaneously due to ArcTitan´s lightning fast search capabilities (ArcTitan can search a database of thirty million emails within a second), with no limit on search results and no loss of performance.
ArcTitan is compatible with multiple exchange servers and multiple exchange stores. In addition to supporting email archiving for Outlook via a web portal or plug-in, ArcTitan also supports many other email services and applications including Google, Zimbra, AXIGen, Neon Insight and iMail. ArcTitan can be integrated with LDAP, Active Directory and NetIQ to apply access controls quickly and easily.
Therefore, if your business is experiencing issues with Microsoft´s email archiving for Outlook, do not hesitate to get in touch and ask our Sales Technicians about a free demonstration of ArcTitan in action. Our team will be happy to answer your questions and schedule a demo at a time that is convenient for you and your team.
Key Features of ArcTitan
- Scalable, email archiving that grows with your business
- Email data stored securely in the cloud on Replicated Persistent Storage on AWS S3
- Lightning fast searches – Search 30 million emails a second
- Rapid archiving at up to 200 emails a second
- Automatic backups of the archive
- Email archiving with no impact on network performance
- Ensure an exact, tamperproof copy of all emails is retained
- Easy data retrieval for eDiscovery
- Protection for email from cyberattacks
- Eliminate PSTs and other security risks
- Facilitates policy-based access rights and role-based access
- Only pay for active users
- Slashes the time and cost of eDiscovery other formal searches
- Migration tools to ensure the integrity of data during transfer
- Seamless integration with Outlook
- Supports, single sign-on
- Save and combine searches
- Perform multiple searches simultaneously
- Limits IT department involvement in finding lost email
- Compliant with regulations such as HIPAA, SOX, GDPR, Federal Rules of Civil Procedure, etc.