20 Jan 2020 by Jason Jacobo
Email Archive Migration: What You Need to Know
When it comes to migrating email archives, there are many “Gotcha!” moments that catch you out. Here’s what you should bear in mind.
As you may have guessed – no, we’re not talking about writing down your hopes, dreams and fears every evening – we’re referring to the practice of recording the details of communications within your organization into a single repository.
Journaling is the ability to record all communications, including email, for use in your organization’s email retention or archiving strategy (which is important for many organization’s regulatory and compliance requirements).
Using a journal archive or a third-party archiving system enables you to collect, secure, and store extremely large amounts of email in a central location that is easily searched for eDiscovery or audited to demonstrate corporate compliance. You can set the scope to include internal, external, or even all messages depending on your requirements, and the messages are stored in ‘single instance’ so that if a message has multiple recipients, the system will only store one copy (alongside the details of who it was sent to).
Is it important?
It all depends on who you are, and what you do. Companies operating in highly regulated industries, such as finance or healthcare, must be able to retain and demonstrate secure records of communications – including email data, details from all unified messaging tools (IM, voicemail, missed calls, etc.). Using a journal archive is a simple, and effective way of doing this.
Journaling has been an essential practice for many years, but with the arrival of Office 365 – which does not support journaling mailboxes – approaches to email retention and solutions for eDiscovery are changing. As we’ve mentioned in previous blogs, the entire cloud solutions industry has a keen eye on eDiscovery and the role of AI in data analytics. Microsoft’s acquisition of Equivio, text analysis solutions for legal and compliance, as well as their constant development of the Security and Compliance Center show their ongoing commitment to improving compliance and discovery technologies offered by Office 365. To understand a bit more about the business reasons for traditional journaling methods, and typical practices, we spoke to an expert in the area.
Interview with Janine Brunetti – Journaling Expert
Janine worked for a large Australian investment bank in New York, conducting eDiscovery and journaling for two years. We asked her a couple of questions about why journaling was so important, how the organization used the process, and why.
Tell us a little about your experience of working in eDiscovery and journaling
Here in the New York office, we pioneered journaling for the rest of the organization. None of the other countries really required it, but because there are so many regulations here, we needed a way to capture every email and every IM that was received and sent. So, if there was a certain deal going on, we would be provided with a list of the people involved, and we’d have to put them in the journaling store, so anything they send or receive could be stored. We also had a tool that was on their mobile device to capture their phone calls and text messages as well. With approximately 20,000 employees in just this one location, it could be quite a big task, with a fair amount of challenges!
We would get a lot of situations where we would get a FINRA (Financial Industry Regulatory Authority) request to extract everyone’s Enterprise Vaults Archives, as well as their email for a certain date range. We had application servers that laid on top of Exchange, so we used compliance and discovery tools to extract required information and hand that over to Lawyers, FINRA, or whatever regulatory function needed it. The other main use case, which we encountered regularly, were HR issues. If the department has received an accusation, or were suspicious that something was going on, they would come to us and say ‘we really need to monitor this person’s mailbox’, we would make sure to journal them, so if they delete something, we can still capture the data at the time of receipt or sending.
What was the main reason your organization used journaling?
The main reason was to protect the bank from fines and legal action. We also had tools that were ‘keyword’ based, and these would be used for random sampling of people’s emails, to make sure that no one was violating the policies and procedures that had been put in place. If the specific keywords were found then, then we would extract the items that they were found in, hand over this information, so that someone could speak to the individual about whatever policy breach had happened. Like most large organizations in highly regulated industries, we had loads of different policies, such as email being for ‘business-use only’, no trade deals on IM – that sort of thing, which we could monitor for.
What was the scope of journaling, did you do it organization-wide?
We didn’t journal the entire company, but we were definitely heading that way – because it was getting to be seriously time-consuming. You’re constantly adding people, then removing them, and chances are, you’re probably re-adding the same people over and over again (especially because traders are always involved in different deals). It takes quite a lot to do that. You have to move them to another mailbox store, make sure there’s enough capacity and storage available – it’s not just ‘clicking a button’ unfortunately. In the end, it probably just makes more sense to journal everyone.
In terms of scope – if you’re a trader, or you’re in security then it’s highly likely you would be journaled all the time. Then us too – as we were in IT, and therefore had access to everything – we were also journaled all the time. It’s just an overarching layer of protection for the organization, to make sure they have everything covered.
We also followed clear email retention policies to ensure that none of this information was lost. In IT, we had retention for 3 years, Security was retained for 7 years – some divisions were retained for forever!
What was the cost of implementing a journaling system?
In terms of infrastructure, and hardware, it wasn’t particularly high. As far as Exchange is concerned, storage on the mailbox was obviously part of the cost, as well as third-party archiving solutions, like Enterprise Vault. The only other cost are the compliance and discovery tools – but they’re a ‘must-have’, every organization has to have something for this – you need some way to extract this information.
Other than that, the real cost of journaling is the man hours involved. You need the resources to conduct all of this, to extract and search, and review all of the emails or IMs. So that’s where the big cost comes in really, not for the infrastructure itself, but for the man power involved.
What was the main challenge of maintaining a journaling database?
From an operational point of view, the main challenge was that you had to monitor it all day, every day, checking that the data went from Exchange to Enterprise Vault successfully. If there’s a problem where EV can’t accept any more mail, and the journal mailbox fills up, to a point where it overflows, exceeds the quota, and then dismounts Exchange it can cause a really big problem – we actually had that exact issue once, and it caused a lot of complications – both from a compliance, and technical perspective. So, I would say that’s the only thing – you need to make sure all the parts are moving, and everything is operating well, the data is going where it should be. The communication line between the two systems must be up and running, and that has to be monitored 24/7.
Was the organization planning to move to Office 365?
They wanted to, and were beginning the planning stages when I moved on, but because of all the strict regulations here, they weren’t able to keep certain things off-premise. I think they will move over to Office 365 at some point, but they would need to use a hybrid configuration, and keep some servers locally.
Obviously, if they do move to Office 365, their journaling practices will have to change. There’s plenty of robust compliance and security tools built into the platform, which means that data can be retained securely without the need for journaling.
Did you enjoy working in eDiscovery?
I worked in the role for two years, and I enjoyed it for a while – but even though it’s so business critical – it can be a little dry sometimes!
As more and more organizations plan migrations to Office 365, traditional practices (supported by on-premise solutions) often need to be re-evaluated in the context of the new technology – will our current solutions be compatible? Are they the best tools for the task? Is it cost-effective to maintain? In the next few weeks, we will explore the eDiscovery tools available in Office 365 that can offer a similar level of compliance and protection to the established processes many companies may be moving from, like journaling.