This blog is now hosted at

Tuesday, August 14, 2007

Help! My archive is out of control!

One of the great things about email archives is that they keep everything. One of the worst things about email archives is that they keep everything. When I say everything, I mean that you're literally paying (in storage, management, and software costs) for every spam, every picture of Johnny's 4th birthday party, every inappropriate email, every humorous "video du jour" that arrives at the mailbox.

Better yet, when push comes to shove, and an e-discovery event happens, you'll be paying a lawyer or paralegal to inspect these.

What should companies be doing about archives? I can certainly understand the "keep everything" mantra, but I'd like to suggest that there might be a method to keep everything that is necessary and important, while cleaning some of the non-business email from the archive.

First, try to get rid of as much spam as possible. Implement defense in depth: multiple spam solutions with different approaches (reputation services, content analysis, and something that analyzes fraudulent headers are all important) will help eliminate that extra several percent of spam that is currently getting to the mailbox. Five to ten percent of the email in most networks is spam (and that's after the spam filter).

Second, make decisions about what types of media are necessary to your business. Some examples: MP3 (music), Windows Media (video), and MPEG (video) aren't typically business critical files. If they aren't necessary, consider blocking them.

It is helpful if you have the ability to whitelist certain users or provide policies based on job description or department. We have implemented this with great success.

Third, if you allow users to take documents or files home for work purposes, consider encouraging the use of either flash drives or a remotely accessible content management system (e.g. Sharepoint). This has two benefits: it promotes better archive hygiene, and helps prevent information leakage.

Most of the information leakage we see is accidental-- mis-addressed email is probably the leading culprit for confidential information leaving most organizations.

Finally, educate your users. Establish an Acceptable Use Policy (AUP) for email, and specify the appropriate and inappropriate use of email. Establish etiquette guidelines-- many people have no idea what is appropriate in email, especially with Generation Y entering the workforce. They have had their formative years of electronic communication in an entirely personal context, whereas us "old folks" have, generally, had a more business-oriented introduction.

Following these suggestions could cut 20-30% off the size of your archive, without any impact with regards to actual day-to-day business email.

No comments: