What is email management? That is a question that will evoke many different answers, but the common theme would be that it involves the automatic deletion and/or archiving of messages. That seems like a valid statement – but the fact is, email management is more than deleting or archiving messages that have reached a certain age. Actually, it is much more than that, especially when you are talking about the cost of email management.
Email management is the process of administering anything to do with email. This includes not only the scheduled process to archive/delete messages, but also any other management that is required to protect both your users and your company from harm – most likely, this harm will be related to finances.
Due to the nature of my email management experience , predominantly IBM Domino, I will be using examples that are IBM Domino–specific.; However, it is my hope that you will be able to translate my advice into your specific messaging scenario.
Here are some items that will reduce both the explicit and implicit cost of email management. Explicit costs are those that your company knows it is paying for (e.g. storage, personnel, etc.), while implicit costs are those that are/could be costing the company money, but would not be seen on a balance sheet (e.g. time, etc.).
As stated above, the enforcement of automated policies is probably the most visible part of email management. Once your company has decided how long messages should remain active, complying with these policies is crucial. You need to be sure that you are not only applying the policies to live mail, but also to any archived messages and even all backups. If all locations of the mail are not subject to the assigned policies, you are not being fully compliant and could face issues with the court system, if litigation occurs. You must also ensure that users are not taking steps to bypass these policies, because they want to retain their messages longer. This is hard to police, and might require you to provide education to your users on both what is not acceptable and what repercussions they could personally face if they are not compliant.
This is a problem in every company and most times, it is not because of an intentional act that someone performs; it usually occurs because someone didn’t “connect all of the dots” when doing something that appears to be innocent. There are several scenarios that can lead to data leakage. Here are some examples that come to mind:
a. Unauthorized access
In Domino, each mail and/or archive database is a separate OS file and each has its own access control list (ACL) that determines who is allowed to read the messages. If a person is somehow granted access, when they should have none), this could lead to information being shared both inside and outside your company. I’m certain you understand these implications.
b. Mail rules/Personal agents
In Domino, a user can maintain both rules and agents that are automatically invoked when a specific action occurs in their mail: for example, when a new message arrives. If the user is forwarding either all or some messages to their personal email, the information has now left the company and is available to hackers, etc.
c. Inherent archives/Local replicas
In Domino, users can archive messages to a local archive database and can also have a local replica of their live mail database. In either case, these databases are now local to the laptop/desktop and if the hardware falls into the wrong hands, all messages within either would be compromised. Not to create a movie plot, but information within these messages could be provided to competition, foreign companies, etc. To combat this, all local Domino databases can be encrypted so that only after proper authentication is performed, these databases can be opened and the messages can be read.
d. Intentional policy avoidance
In Domino, users can copy messages to the clipboard and paste them into a local database, so that even though the messages are deleted from the server-based mail database, the user has a copy of them locally. Another example of this in Domino is when the user has too much access to their own server-based mail database properties and they intentionally alter settings to ‘hide’ their messages.
This is the most overt cost that you will have; at any time, you know how much disk space is being used to store your mail and how much it is costing you to do so. If there are no federal, state, etc. regulations that your company must follow, I would still encourage you to have your legal department define your retention policies so that you can control your disk space usage. Most users do not treat email as communication, but instead, as storage. The best analogy I can give you is a set of closets. The more closets you have in your house, the more things you store. Email follows the same pattern.
This is the most frightening cost of all and probably the most difficult to measure. If you avoid litigation because of your full compliance with your policies, you will never know how much it would have cost you if you were not fully compliant –. However, I can tell you that the cost for creating and enforcing your policies would be a small fraction of a litigation cost, should you ever have to go to court. Obviously, there is no way to completely avoid ever being involved in litigation, but you can certainly reduce both your chances and your financial exposure by being as proactive as possible.All of these email management practices may seem a bit overwhelming, but companies do not have to tackle any of these steps on their own.
Sherpa Software provides organizations of all sizes with critical insight into the best practices for effective information management and litigation preparedness. To learn more, click here.