Email: Backup Alone Is Not Enough
Emails are the number one means of business communication. As such, they contain business-related data. A growing number of regulations on email compliance, eDiscovery, and other legislation requires tamper-proof email archiving, while IT security strategy calls for backing up the email server. IT decision-makers should take care not to overlook data protection in the process.
Email remains the most important means of communication within organizations, despite the increasing use of instant messaging and social collaboration tools in companies. The Radicati Group reports that 281.1 billion emails are sent and received every day around the world in 2018. The international technology market research firm predicts that the total will increase to 319.6 billion by 2021. In view of these numbers and the increasing legal requirements for archiving business emails, it makes a lot of sense for IT decision-makers to integrate email archiving into their strategic IT planning. This is because the increase in electronic correspondence has resulted in large volumes of data that need to be backed up and archived in a secure manner due to their business relevance. When dealing with globally active companies, IT decision-makers should not overlook the fact that regulations on email compliance differ from country to country.
The difference between backup and archiving
IT supervisors are on thin ice when they rely on the following principle: “We already back up our email server, so there’s no need to archive separately.” Backup is no substitute for email archiving! The basic idea behind every archiving operation is to ensure that data is retrievable and available, even over a long period of time. Companies process invoices, quotes, and requests for support and appointments via email day in, day out. In many countries regulations require that these emails be fully available at all times over many years in their original, tamper-proof form. This is precisely what email archiving does and what differentiates it fundamentally from a backup, whose sole purpose is to secure important data within a limited time period and to preserve it so that it can be restored as needed. Backups on external data storage devices cannot satisfy this requirement because they cannot ensure complete, tamper-proof storage of all emails, as the emails can be deleted immediately upon receipt or before a backup. In contrast, a professional email archiving solution stores exact copies of all emails in a central archive to ensure the availability of any amount of data for many years to come. Measures such as hash values and encryption ensure protection against tampering. In addition, users can also access their emails in Microsoft Outlook and quickly search, find, and restore them using full-text indexing, thanks to a seamless integration.
Ensure data protection
To avoid conflicts with any data protection regulations when archiving incoming and outgoing emails, we recommend prohibiting the use of private email or requiring that employees use only external email services. The policy can be specified in writing, for example, in guidelines for using the company’s IT infrastructure, in a company agreement, an employee’s declaration of consent, or an individual employment contract.
Backups cannot replace archiving and email archiving is not capable of replacing traditional backup tasks. It goes without saying that backups remain important, as even archives need to be backed up. There is no escaping the fact that the IT strategies of security-minded CIOs and IT supervisors should not fail to include backups as well as email archiving in order to ensure swift and complete disaster recovery and to avoid legal risks.
This article was published in the German IT magazine IT Director and on it-zoom.de: