Why Microsoft Office 365 Native Archiving Isn’t Enough: 5 Questions You Should Ask Yourself

December 10, 2015
Emily Wojcik

Chances are, you are considering Microsoft Office 365 as part of your archiving strategy.  Today, practically every IT team is asking themselves:

Is it good enough?”
“How does it work?” and
“How does it compare with third-party solutions?”

In today’s digital landscape, the legal, regulatory and business requirements for email archiving continue to grow in scale and complexity. Relying on basic archiving capabilities can be costly and risky. While Office 365 does include basic functionality, these simple capabilities may not be enough for many organizations, especially for those trying to respond to eDiscovery requests. According to Osterman Research, “Office 365 email archiving capability does provide many basic archiving capabilities, but does not meet the additional eDiscovery and regulatory requirements with which many organizations are faced.” We urge you to ask yourselves the following questions before fully relying on Microsoft’s Exchange Online Archiving for Email Archiving: 
 

1) How would you go about eDiscovery where your email system was part of the collection/discovery process?
The email system is the most targeted data repository in eDiscovery. The ability to search across both the email system and email archive with advanced search capabilities and without limits on search size, can mean the difference between an incomplete or late discovery response and winning the case.  Additionally, what about the discovery of non-email data?  A comprehensive solution will provide eDiscovery readiness across all critical Electronically Stored Information (ESI), such as files, enterprise, and social content, not just Microsoft content. 

2) Do you want more in-house control for both IT and Legal teams?
With only the basic eDiscovery features available in O365, the majority of the eDiscovery process will need to be handed off to outside counsel at a much higher cost. There is little to no eDiscovery workflow, ultimately no self-service export outside of .PST format, and significant restrictions on legal hold activity, making litigation readiness cumbersome at best.   With capabilities to manage compliance and legal challenges, you can improve visibility, cull ESI volume, prevent over-collection and slash document review time…all in-house. Just think about the third party costs this would significantly reduce. 

3) Does your organization need an immutable copy of record for all archived content?
From a defensibility standpoint, a copy of record can exist only in an unalterable repository. Because Office 365 does not, by default, protect archived email data from deletion or alteration, the ability to produce audit activity reports on specific employee mailboxes would be a “must have” to be able to represent archived email as unaltered in legal and regulatory events. There is essentially no audit reporting in O365.  Ask yourself, “Is it ok to have an archive that won’t actually archive?” I know what your boss would say.   

4) Do you need to be more strategic about automated records retention? 
Many organizations have moved beyond the binary “keep it forever” or “delete it” records retention policy. Organizations now want their archive automation to be able to make retention/disposition decisions at a more granular level based on its value to the business. For example, just because a file is not subject to a regulatory compliance retention, does not necessarily mean it is not worth keeping.  Office 365 email archiving provides only simple “delete it” or “archive it” records retention policies and instead relies on individual employees to manually drag and assign more granular retention policies.  This increases risk by tampering with a pristine archive, at a time when there is little tolerance for data management mistakes and unstructured data growth is unprecedented. Relying on users is a potentially disastrous practice. 

5) Does your organization employ licensed brokers or traders subject to SEC and FINRA regulations?
SEC and FINRA compliance cannot be achieved with Exchange Online Archiving, plain and simple.  A third-party email archive would be required to provide WORM storage and supervisory capabilities to identify, review and address incoming and outgoing email, IM, Bloomberg, and social media as well as maintain audit trails. 

One thing is certain; the market shift to O365 is opening up a smart dialogue among archive stakeholders.  It is always great to see people talking about the needs of the business and the technology that supports it.  At Proofpoint, we can extend Office 365 with advanced security and compliance features designed to meet even the most stringent and complex email archiving requirements.  We invite you to learn more about the comparisons between Microsoft Office 365 and Proofpoint Enterprise Archive here or watching our on-demand webinar.

Emily Wojcik is the Director of Product Marketing at Proofpoint for Archive and Information Governance Solutions.  Emily is a member of ARMA, EDRM and ACEDS. The views and opinions expressed in this post are those of the author and do not necessarily reflect the official policy or position of Proofpoint, Inc.