BEC and EAC

5 Reasons to Archive Email in the Modern Enterprise

Ten to fifteen years ago, storage optimization was a top reason for organizations to archive email. On-premises email servers like Exchange and Domino easily bloated from rapid increases in email traffic, degrading performance and wreaking havoc on storage planning. If users didn’t reduce the size of their mailboxes to address the bloat, either by deleting email or by moving emails to offline files—for example, PSTs—they wouldn’t be able to send or receive email. 

Email archiving technology automated this process. Software took cumbersome mailbox management out of users’ hands, helping to keep mail servers at predictable storage and performance levels. And today, the use cases for archiving emails have evolved well beyond storage optimization, driven in large part by the adoption of cloud computing, data privacy mandates and more.

Like magnetic tape for backups, email, as a primary mode of digital communication, isn’t expected to go away anytime soon. The volume of email is only increasing, too: More than 300 billion emails were sent and received each day in 2020 alone, according to Statista. So, it’s only becoming more important for modern enterprises to understand how and why they should archive email.

Here are five use cases that help underscore the need for organizations to archive email effectively:

1. Improving litigation and investigation readiness

All organizations, large and small, must be able to respond to data requests related to e-discovery, regulatory enquiries and internal investigations. The degree to which your people, processes and technology allow you to respond in a timely fashion defines your readiness. That’s a critical consideration, given that more than 50% of organizations expect e-discovery requests to increase over the next 12-24 months.

Where does archiving emails intersect with litigation readiness? One example involves the U.S. Foreign Corrupt Practices Act (FCPA), which provides anti-bribery provisions: A company under FCPA investigation and cooperating with the U.S. government will be required to turn over “relevant company emails and any company-related text messages in the company’s possession.” 

When you archive email, you can capture emails, texts and other data sources and the metadata associated with these archived objects and store them in an immutable archive, outside of the respective email system and away from deliberate or accidental user deletions. And when you search archived email, the email archiving system you use will scan metadata to retrieve relevant information. 

How long it takes to get search results—seconds, minutes, hours or longer—depends on the technology you use. Some technology for scanning archived email is extremely fast, with vendors offering financially backed service-level agreements (SLAs). Others not so much.

2. Enabling regulatory compliance through intelligent supervision

If you’re in a regulated industry, your company must comply with specific regulations. In the U.S., for example, healthcare firms must comply with the Health Insurance Portability and Accountability Act (HIPAA). And financial services firms that do business in the U.S. must comply with regulations from the Financial Industry Regulatory Authority (FINRA) and the Securities and Exchange Commission (SEC). Companies subject to FINRA regulation, for example, archive emails (and sometimes other digital communications) for increased oversight and to mitigate compliance risk. They deploy archiving and intelligent supervision technologies to create policies that identify potentially risky content from archived emails and use workflows that help simplify how you review content, escalate or dismiss it in the event of a false positive. 

Noncompliance can lead to catastrophic business outcomes for some organizations—see FINRA’s Disciplinary Actions for examples.

3. Reducing your email attack surface

Bad actors look for ways to exploit your data for nefarious reasons or financial gain, whether through phishing or other attacks, and email systems continue to be popular targets. If you archive email, it can help protect your organization against cybersecurity threats by reducing the attack surface for email. 

Remember earlier, when we discussed the storage optimization use case and how archiving emails automates mailbox management? To mitigate risk, some companies have taken this approach to the next level by archiving and executing retention policies to limit how long emails can be viewed in mailboxes or even be accessible through other means. 

We’ve spoken with a well-known pharmaceutical company with email retention set to one month and a healthcare provider with email retention set to six months. While their employees will only be able to view and access emails in their inbox for as long as their respective retention policy permits, they can still access older emails in a separate, secure archive, provided policies haven’t expired and deleted them. That means their email attack surfaces have effectively been reduced, so if email credentials are compromised, a malicious actor has access to a very limited set of data.

4. Optimizing backup and recovery

Are you able to execute retention policies on your email? In other words, can you keep emails for a prescribed amount of time, and then delete them afterwards? I ask because some vendors force you to implement a legal hold on all user data to protect against deliberate or accidental deletions, thus undermining the notion of a data retention policy

The legal hold consideration aside, when you archive email, you can effectively reduce the size of your email store, whether it remains on-premises or in the cloud. And when you back up your email store, you’ll be backing up and retaining less data—optimizing data protection. 

This revelation has helped countless organizations rethink their overall information management strategy and evolve beyond keeping every bit of data forever à la infinite retention. They can use their backup and recovery solution to facilitate shorter-term, operational recovery of applications and data, and an archiving solution for longer-term information retention to meet e-discovery and compliance requirements. 

This is one approach to help better position your organization to address compliance with data privacy mandates, some of which include provisions for keeping data for only as long as needed to meet business requirements (i.e., no infinite retention) and a “right to be forgotten,” whereby, if asked, you must be able to search for all relevant personal data and delete it from all mediums.

5. Streamlining access to legacy email

Finally, let’s talk about legacy email. Companies are dynamic. They experience acquisitions, divestitures, business unit shutdowns or spinoffs, and more. As your organization goes through these kinds of corporate initiatives, you’ll likely face questions about what to do with legacy email. 

You can certainly try to maintain separate, disparate systems to facilitate access to legacy email if needed, at a premium to administrative overhead and potentially, infrastructure costs. But some organizations have standardized on a single archiving solution to manage both active and legacy email. 

This was the case with National Financial Partners, a financial services company that needed a flexible email archiving solution that could more easily support their growing business and the onboarding of new subsidiaries on an as-needed basis.

The use cases for archiving email have evolved in recent years. And, as the examples above show, today’s enterprises have many compelling reasons for continuing to archive email and other digital communications.

Get support in your efforts to archive email

Proofpoint, the longest running leader in Gartner’s Magic Quadrant for Enterprise Information Archiving, can help you with all your compliance and archiving needs. 

For more information, visit our Modern Compliance page. Or contact your Proofpoint sales team or authorized Proofpoint reseller.