Email volume continues to grow at an exponential rate, bringing with it an increasing array of spam, viruses, and security exploits. Offensive and inappropriate content, combined with the flotsam and jetsam of digital lifestyles, threatens to clog email systems, spread malware, and expose the organization to litigation and unnecessary risk. And yet corporate email systems are lacking in basic email management functionality.
Email is now accepted as evidence in litigation. The punishment for misdemeanors is at best a fine or at worst a prison sentence, brand damage, and possibly a loss of job. It is imperative that organizations implement additional solutions themselves to adequately protect and manage their email systems. Organizations must turn to a combination of technology and business policies to manage the problem.
Authorities are becoming more stringent
There are numerous examples of breaches of non-compliance related to email. To date most of these have occurred not because of the content of the emails themselves, but due to the fact that the organizations involved were unable to retrieve the emails requested within the timescale demanded.
Five US banks were fined $1.25 million each for being unable to retrieve emails that were demanded of them – they were stored on back-up tapes. One Fortune 500 company had to spend $750,000 to locate emails from an archive in response to a subpoena for discovery. In the UK, Norwich Union was forced to make an out of court settlement of GBP450,000, after it was found that staff had been sending defamatory emails about a competitor. By the time the writ had been issued the emails had been deleted.
Sadly, while realizing that email has become a business-critical application and a valuable tool, most boards fail to realize that it can also be highly dangerous if used inappropriately. It cannot be assumed that employees realize the implications of deleting emails, or even which emails need to be retained, and this task must not be left in their hands.
Organizations need a combination of technology and business policies
While some view email management as very much a business rather than an IT issue, this view is not shared by many organizations, which continue to simply throw technology at the problem.
The solutions that enable organizations to implement an effective email management strategy can be grouped into three main sections: corporate email systems, security and policy management, and email lifecycle management.
Email lifecycle management technology audits include email archiving products and records management solutions that support the archiving of emails, and enable organizations to discover emails in response to litigation or requests for discovery from regulators. It also allows the knowledge capital contained within emails to be leveraged within the organization. Also included are information lifecycle management (ILM) solutions and storage products that support email archiving.
Security management solutions now incorporate some policy management capabilities. These products provide the functionality to protect the corporate email system from the threats of spam and viruses, and also non-compliance risks by providing the ability to block contentious or non-compliant messages.
Unfortunately, there is currently no single vendor that provides a complete email management solution. Organizations will need to implement products from more than one category to achieve total email management. Thus, it is believed that the vendors that provide email management as part of a total information management approach will ultimately own the corporate email systems.
Organizations need to regain control of their email systems. The approach organizations should be taking is to examine the business reasons behind the problem and to investigate the business implications of any proposed email management solutions. Any solution should include implementing business policies as well as technology products.
