Compliance Archives: Can You Prove Your Email Integrity?

This paper considers the use of email archives for compliance. It will also review how archives are trusted and look at what has to be done to ensure that integrity is maintained throughout the chain of events that take place within an email archive environment.

Disclaimer of liability: While every precaution has been taken in the preparation of this document, C2C Systems assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained herein.

Why do email compliance archives exist?

Email compliance archives provide a reliable record of internal and/or external communications and provide potential evidence or other critical records, quickly and cost effectively.

Email archives exist to help organizations of all types, all sizes and in all countries to meet the growing demands of government, industry and internally generated regulations that have grown into being during the post-Enron era. Although the scope and value of some of the new legislation is questioned, due to its impact on international trade, company ownership and national tax revenues, it appears that compliance-driven archiving is here to stay.

Archive technologies are becoming more cost effective every year as they prove to provide many obvious benefits to organizations. These include:

- Proof and accountability in instances of specific legal actions around the new compliance laws
- Tools for good business governance and ethical audits of business practices

Data sources that can enable an organization to leverage information flows and information records in new ways. For example, analysis can provide businesses with specific competitive advantages based on the actual actions of their staff in their daily activities.

Chain of trust

A compliance archive has to be a ?trusted' source of information about the organization, especially because of its potential legal uses. Normally, this archive is created directly from the source or main transport mechanism of the information, such as the email or calendar system. The archive process makes copies of all information, indexes it (for rapid search and retrieval at any later time) and places onto some form of storage.

The process of maintaining an email archive can be considered a ?chain':

- A new user is given an email identity

- The user writes an email and sends it via the email system

- This email is transported by the email system and copied by an archiving solution. (It is also placed into an email system mailbox to be read)
- The archive solution places a copy of the email on a storage device to provide a permanent record

So long as the archive holds a trusted copy of the original, the communication or other data the information from the archive has validity for internal audit, to meet best practice and legislative guidelines and as legal evidence.

For the email Archive to be valid, and trusted, all parts of the chain have to be trusted.

The first links in the chain depends on the security settings of the email system itself.

Other links, including in some cases the compliance archive itself, depend on exact rights and permissions settings for the email system.

The trust of the final link, the storage media itself, is often addressed by the use of WORM drive. These are devices from which data can be read many times but which can not be altered hence the Write Once Read Many acronym (WORM).

The trust of the mail system depends on standard access controls for mail servers and administrators. For example, Microsoft Exchange has a set of permissions to control exactly who is able to have access to which email storage areas and mailboxes. These are regularly reconfigured to help administrators cope with day-to-day events such as people moving departments or leaving the company.

At least 40% of mailbox permissions will change every year in a typical organization with a staff turnover of 15% and a 25% role change rate ? an arduous task for administrators.

How could the email system break the chain?

The mail system itself is certainly susceptible to being configured incorrectly. Exchange in particular is a flexible but complex system that has evolved over time.