Email archiving is essentially a storage tool that safely stores emails for future search and retrieval of their content when the need arises. Email archiving solutions store emails in a vault where they can’t be altered, deleted, or changed.
For more on email archiving, what it is and how it works, check out our blog here: What Is Email Archiving?
Email archiving has long been a legal requirement for many organizations across the globe. Having a strong email archiving solution in place is key to staying compliant with data protection regulations such as GDPR, FOIA, CCPA and MiFID, as well as improving user experience when your employees need to search for specific data, information, and documents. Besides these two main reasons for email archiving, other benefits include aiding in business continuity and disaster recovery, internal audits and investigations, and records management. Finally, having email data stored away in a separate container also reduces the load on mail servers.
Companies don’t jump between email archiving solutions frequently. Email archiving is one of those solutions you usually “set and forget”. It works quietly and diligently in the background, with companies only really giving it a second thought when they need to pull up legacy data for some reason or another–and these instances are often far and few between. Often, it can be expensive, time consuming, and difficult to transport data around and, if the solution is already working, then there’s little reason to make the jump, which is why getting the right fit for your organization off the bat is important.
With that in mind, it’s important to ask yourself, your team, and email archiving sales teams a few questions before you make a final decision.
How Long Can It Store Emails For?
The length of time for which a provider can hold onto emails–known as retention time–is a crucial question to ask when looking at and demoing archive solutions. The USA’s standard email retention time that automatically applies is seven years, although different email retention laws have different requirements depending on particular acts.
Not only does it differ with what industry you’re in, but different countries have different retention periods requirements in order for organizations to stay compliant. What might be the legal and required retention time in one country won’t be the same length of time in the next; in the USA, the average length of time is seven years, whereas the UK is six years. For multinational organizations, asking whether or not the solution can have tailored retention times depending on where their users are is a must. Making sure that your solution is capable of storing mass volumes of data at different retention periods is key to making sure that you not only stay compliant in your base country, but any others you may operate in.
Good solutions will offer customizable retention periods for different groupings within your organization. You should also be able to set retention policies per users, departments, attachments, and even key phrases.
How Scalable Is It?
Email data accumulates quite a lot, quite quickly. If you’re in the USA, seven years’ worth of email is quite a lot of data. Alongside just the sheer mass of email data companies end up collating, something to consider is the influx of users a company will experience as the business itself grows and changes shape. Asking whether the solution can be scalable for an increase in an exponential number of users is a good question to ask, as many companies add new users to their email archiving all the time–either from expansion, seasonal changes in staff, or because they have clients and partners that need to be included in the service as well.
What Are The Access Permissions Like And Are They Customizable?
This is an important question to ask concerning the safety of your data. The email data a company accumulates is often highly valuable, sensitive, and confidential, so restricting user access to this wealth of important information is absolutely crucial. This becomes more important the larger an organization gets; more users means more attack vectors, with more credentials and access points to worry about, as well as the potential for data exfiltration–accidental, malicious, or otherwise.
Not every organization will need their users to be able to access their email archiving solution. In large organizations, it’s only a select few who will need to access it on the regular, with special requests being made to admins by other users who may need something from the archives once in a blue moon. In smaller companies, it is often only the admin teams or one person who will have access to the archive.
In instances of a legal case, lawyers associated with the case will need to look at any pertinent information including email data. In this case, it is useful for admins to be able to create user access permissions for any legal representatives for the period in which they will need the data, and only grant access to data that is relevant to the case. Having the ability to collate emails in a grouping and tailoring a user’s access to this select group is an important function.
How User-Friendly Is It?
Organizations in industries such as healthcare, legal, and financial services may require their employees to trawl through their email archive accounts more frequently. When shopping around, it’s important to assess whether or not you want your users to freely access their email archive, or if they need to directly request data to be collected via the admin team. If the answer is the former, then your email archiving solution has to be as user-friendly as possible.
So, what does user-friendly look like? For organizations that have users that access archiving frequently, the solution needs a clean, intuitive interface and strong search capabilities that are clearly marked and easy to understand. Ideally, the archiving tool would be built into your current email provider, and also provide your users with a web app for them to use when they’re on the move. Access to the archive should be stress-free, but with additional controls in place like two-factor authentication (2FA) or multi-factor authentication (MFA) to add an extra layer of security during the login phase.
Does It Have Granular Search Capabilities?
Of course, there’s no good point in hoarding all of your communications content if you can’t go searching through it. Large organizations can end up amassing huge amounts of data in their solution. At a certain point, it gets impossible to do a quick glance through your personal archive to find the email you want. A good, strong email archiving solution should have granular search capabilities, with a search toolbar that can help your users refine their search–then refine again–to help them find what they’re looking for more easily and far faster.
Granular search toolbars in email archiving solutions should be able to search by sender, date, and content–as a minimum. It’s preferable to have a search function that can include even more specific searches, such as date and time stamps, keywords in both email header and body content, and content of any email attachments. Any additional options to refine your users’ searches is ideal.
The solution, ideally, should archive all content in context without translating it into another non-native form, removing the original content and meta data. Retaining the original content and meta data means that it can be accurately searched for and delivered. Good solutions will also offer the ability for users to tag important emails for faster retrieval.
How Expensive Is It?
Unfortunately, all the good things in life are very rarely free–and email archiving solutions are no exception. The final cost of the solution is usually dictated by whether your organization opts for a cloud archive or an on-prem one. There are a few things to consider when deciding between the two.
A lot of on-prem solutions have a very high initial cost, as the product needs to be purchased, have the hardware and software installed, configured and run. These solutions are priced by capacity and the upfront price is often the only price you have to pay. Any additional storage an organization will need further down the line will cost extra, but the initial down payment is often the big one that organizations need to pay.
Cloud solutions, on the other hand, may start off cheap as a subscription service, as they typically offer unlimited storage capacity but will charge per user needed. While it might be initially quite cheap in terms of start-up costs, this can increase exponentially as you expand your business, increase your number of users, and add more data to your solution. It’s also susceptible to inflation, just like everything else is these days. In both instances, there is still the cost of time and maintenance on behalf of your admin team to consider, although with cloud solutions the management is often performed by a third-party provider.
If a company undergoes a system change, archived data might need to be exported into a different system. It’s important to ask a vendor before purchase if they have an open archiving format, so in the event that this data doesneed to be exported to a different system, it won’t be locked to a particular archiving system or data type–which is often expensive and difficult to change.
And finally, there might be some hidden costs if you’re leaving your old email archiving vendor behind. Email data tends to accumulate mass amounts and transporting this from one storage center to the next can not only be timing consuming, but costly as well. A lot of vendors will have a severance cost if you wish to end your subscription with them, if you’re on a rolling rate. So, the cost of this, as well as the logistical issue of actually moving the data, needs to be assessed first before making a purchasing decision.
How Do I Export The Data?
At some point, there will come a time when a user will need to collate and exfiltration data from the archive to be used or sent elsewhere. So, you need to export the data. This, ideally, should be easy to perform and lightning fast to accomplish, with a range of file types on offer for you to export your data to. Most importantly, exporting messages as a PDF is a must as PDF files make for easier compliance and litigation reviews.
In addition to how exporting is achieved, you need to consider access to exporting functions. Do you want your users to be able to export the data? If so, it must be easy and quick to perform. Do you want only certain users to be able to export? If so, then the solution needs to offer customizable policies in this area.
How Tamper-Proof Is It?
Like all good inventions, necessity was the mother of email archiving. The solution was born out of an apparent need for companies and organizations to provide copies of untampered email content in legal disputes, after an energy company called Enron Corporation came under fire for hiding financial losses from investors in the early 2000s by systematically deleting and tampering with some 30,000 emails. It was the first time anyone had really realized that email content wasn’t as confidential and safe from interference than had initially been thought. The following year, the Bush administration introduced the 2002 Sarbanes-Oxley Act, which specified that all digital records–email or otherwise–must be kept for a minimum of five years. Thus, email archiving was born.
Your organization will need a solution that ensures that emails cannot be altered, deleted or changed by anyone who has access to the archive. Full auditing should be available, with the solution giving admins a full audit trail of all user activity. Admin audit logging allows users to view changes made by admins, and mailbox audit logging helps with tracking access to mailboxes by users that aren’t the mailbox owner.
Does It Offer Archiving For Data Beyond Email?
The way we work–and communicate–is changing. Our means of sharing information and data is no longer confined to email but to other collaboration and messaging tools, such as Slack, Teams, and even WhatsApp. Increasingly, more organizations are now required to store records of their other forms of communication; for instance, those in the finance industry in the US and the UK are required to record any calls surrounding a transaction in order to stay compliant with local regulations. With this in mind, having an archive that can store other forms of communication that your business uses is a smart step in remaining compliant and protecting your business for the future.
Asking the vendor if they offer additional archiving for other forms of communication data is a good move, especially if your organization is required by law to save other communication data. Having a solution that incorporates not only email, but messaging apps and social media data saves time and money. Generally, a lot of organizations on the market don’t offer archiving for this kind of data or, if they do, it’s offered as an add-on which will have an additional cost. Some vendors that can support these formats do offer it as a total solution, however. Despite the current lack of options on offer, these messaging and collaboration apps are becoming increasingly popular in the workplace, so this is definitely a feature to keep watch for.
What Can I Do To Secure My Solution?
When an archive is guarding something as precious as your data, adding extra layers of security helps to defend this data from threat actors–whether the intention is to steal the data or to tamper with it for potential legal implications. Inquiring whether your archiving solution can be incorporated into existing security strategies and what tools can be configured alongside the solution is really important when shopping around.
Asking whether the solution can be integrated with other security measures is really important. 2FA and MFA are a great way of adding another security step to the sign-in process, meaning that if an employee’s credentials become compromised, then the attacker still won’t be able to get past the additional sign-in step. Encryption should be available; any data that leaves the archive should always be encrypted. Cloud archiving solutions will often ensure that all data is protected in transit and at rest in the cloud archive, but this isn’t always the case for on-prem solutions, so it’s a good idea to check. Any encryption keys will only be known to the organization and not the email archive provider, ensuring full control over access.
Summary
While the market for email archiving might seem overcrowded, it’s important not to jump at the first offer and end up with an ill-fitting solution, as changing your solution once it’s deployed and configured can be time- and resource-intensive.
Keeping the above questions in mind to ask sales teams is a great way to find what solution is best for your business. It’s important to purchase a solution that will suit your business needs and fit with your company in the way it’s predicted to grow over the years, both in terms of users and data. An overly robust, expensive solution is no good for a small organization; neither is buying a no frills, cut and dry solution for an organization that is about to see a huge rise in users. What’s good for your business will have to be what’s good in ten or twenty years’ time.
Because remember, an email archiving solution is for life. Not just for the holidays.
Ready to get started? Check out our buyer’s guide on the top email archiving solutions on the market:
