Proposal Guidelines Archives Information Security Glossary Catalog InfoSecurityNetBASE Auerbach Publications Information Systems Security
Auerbach Publications

Secure, Searchable Archiving

Nick Mehta

Today, organizations recognize the importance of unstructured business content held within e-mail, file systems, and collaborative environments. E-mail is particularly critical; by some estimates, as much as 75 percent of a company's intellectual property is contained in e-mail. Because this content is highly sensitive, it must be protected from unauthorized access and use. This is often accomplished through encryption and rights management. At the same time, however, organizations must preserve this critical content for future search and disclosure, most often via archiving. But this has been easier said than done, driving organizations to choose one or the other-either security or accessibility.

Messaging Mania
One of the most critical single applications in use by most organizations and employees is messaging. A recent report by the Pew Internet & American Life Project states that 98 percent of American workers, or at least 57 million, rely on e-mail to perform their work. What's more, while the estimated number of e-mails sent per day varies widely, a look at common growth patterns suggests that by 2009, these 57 million American workers will be sending or receiving approximately 160 e-mail messages per day-generating approximately 9.6 billion e-mails daily.

Of course, as the volume of e-mail messages continues to grow, so does the strain on traditional records management systems. Originally designed to simply provide a place to store content, these systems quickly have become overwhelmed as vast caches of e-mail messages and associated attachments have accumulated continuously over time.

In response, organizations implemented practices such as time-based purges and placing limits on how many megabytes of e-mail users could keep in their inboxes. Of course, retention policies often went unenforced as already overburdened IT staff addressed more pressing challenges and users learned to either move their e-mail content onto hard drives or other available storage devices or, in some cases, simply delete e-mails in disregard for their company's record retention or legal preservation requirements.

As organizations recognized the importance of e-mail retention along with the need to preserve system availability, IT opted to offload e-mail to tape or other backup media. This enabled organizations to periodically preserve information that could then be recovered in the event of a system failure.

Today, however, a growing number of litigation and government regulations and investigations involving electronic business records are driving organizations to look for a better way to manage electronic mail and content.

For example, with new Federal e-discovery rules taking effect late last year, the obligation to preserve and produce electronic information has expanded significantly. Whereas in 1970, the Federal Rules of Civil Procedure redefined a "document" in litigation to include "data compilations," in December 2006 the term "data compilation" was replaced by the phrase "computer stored information." In other words, Federal discovery rules now apply to all records, including voice messages, are stored in computers but not necessarily generated by them. Furthermore, parties are required to disclose their computer systems and data related to the litigation, including e-mail, very early on in the discovery process.

In response, a number of e-mail and content management solutions now provide content filtering, audit trails, quarantine, searching, and rule-based destruction.

Furthermore, innovative e-mail management solutions are emerging that significantly enhance the security of unstructured content-without impeding its accessibility-by automatically classifying data in a repository that supports encryption and provides access controls to help ensure the proper use of that data.

Encryption and Enterprise Rights Management
Organizations are beginning to adopt new secure archiving and retrieval tools that support encryption and enterprise rights management (ERM). Encryption provides control over who can see content such as e-mail and documents, particularly in transmit. ERM provides granular control over who can do what with that content.

Encryption enables organizations to protect information while it is vulnerable. With regard to e-mail and electronic communications, encryption is needed while data is stored, at rest, and in transit. A number of encryption technologies are available to plug into e-mail applications, from Public Key Infrastructure (PKI) and Pretty Good Privacy (PGP) to Secure Sockets Layer (SSL) and Secure Multipurpose Internet Mail Extensions (S/MIME).

ERM takes encryption a step further by enabling organizations to specify what can be done with specific e-mail and documents. With ERM, organizations can determine whether a given e-mail can be forwarded, printed, or saved and who is authorized to perform such activities. Typically, this is achieved by applying a publishing license to the specified content. The content, in turn, is encrypted to protect that license.

While each of these technologies is a valuable device for ensuring the integrity of electronic content, which also helps meet regulatory compliance demands, it is their combined effectiveness that promises to help organizations realize the promise of encrypted yet searchable e-mail archiving.

Content Control, Compliance
Today's most comprehensive archiving platforms support the long-term retention and management of unstructured content, particularly from e-mail and file systems. These tools manage content using automated, policy-controlled archiving to online stores for active retention and seamless retrieval of information. Built-in search and discovery capabilities are often complemented by specialized client applications for corporate governance, risk management, and legal protection.

Better yet, even more advanced archiving systems are emerging that enable both ERM-protected content and encrypted content to be archived and retrieved in accordance with legal and regulatory requirements. Encryption encrypts content passing between two or more users and allows access only if the users are authenticated by means of the private key they hold. ERM encrypts documents and allows access to content only to users who are authenticated and have the appropriate rights while also protecting the documents from any activities that the user is not authorized to perform.

For example, ERM would require a user to be authenticated before being granted access to content and, once the user had access, ERM might also ensure that the user did not forward, print, or save that document unless he or she had rights to do so. Financial services, manufacturing, healthcare, and other businesses facing compliance pressures can leverage these two technologies to better control their information.

In addition, encryption, ERM, and e-mail archiving tools are being developed that also identify protected content, decrypt it, and index or store it in plain text in the messaging store. In some cases, archiving expiration periods are synchronized with ERM periods to ensure that any encrypted data that can never be decrypted is not held.

The result? Archived content is encrypted, searchable, and discoverable. Organizations, in turn, have a secure yet flexible archiving framework for protecting intellectual property, complying with legal and regulatory requirements, and reducing the burden and costs of managing unstructured content in today's highly competitive, information-driven business environment.

About the Author
Nick Mehta is vice president of Enterprise Vault, Symantec Enterprise Messaging Management.

© Copyright 2007 Auerbach Publications