Email Archiving Best Practices

Care should be taken selecting the best archiving solution for email and you must ensure email archiving best practices are followed to avoid headaches down the line.

Email Archiving Options

There are two main options for email archiving: On-premise archiving within your own environment or using the cloud for hosting your archive. There are advantages and disadvantages with both of these options. You should therefore carefully assess the pros and cons of each and choose the option that best meets the needs of your business, both now and in the future.

On-Premise Email Archiving

An on-premise archive can be stored on a bare-metal or virtual server that has been configured to ensure high availability, with appropriate physical, technical, and administrative security controls applied to keep your email data secure. This option will give you total control over your email archive but set up can be complex and you will have limited storage capacity. It is therefore important to plan and carefully consider how much capacity you will require. Don’t forget to backup your archive and ensure the backup is kept separate to ensure recovery is possible in the event of disaster such as a cyberattack.

Cloud-Based Email Archiving

Cloud-based email archiving is fast becoming the norm for enterprises as it offers many advantages over on-premise solutions. The cloud is highly scalable and flexible, and you just pay for the storage capacity you need. You have the option of hosting the archive in your own private cloud or using an email archiving SaaS solution. The latter is a popular choice as there is no maintenance and monitoring requirements for the infrastructure, service agreements guarantee performance, and SaaS providers ensure the platform is highly secure.

Email Archiving Best Practices

Listed below are some important email archiving best practices to adopt. By following these email archiving best practices, you will avoid headaches down the line.

Evaluate Options Before Committing to a Purchase

You may be tempted to opt for an on-premise email archive for greater control, but there are many advantages to be gained from using the cloud. Make sure you evaluate all options available – On premise, private cloud, and SaaS – and ensure that your chosen solution meets all of your business needs.

Ensure Your Email Archive is on Separate Infrastructure

Make sure your email archive is physically separated and is housed on different infrastructure to your email system and that your backup is kept separate from your primary archive. A SaaS solution will ensure a separate backup copy is made so that in the event of disaster, your email archive will be secure.

Ensure You are Compliant with all Federal, Local, and Industry Laws

You will no doubt need to archive emails to comply with several laws, and the email archiving requirements for each are likely to be different. It is important to check and double check all regulations to make sure you are fully compliant. Ensure you obtain legal advice to ensure you have up to date information on email retention periods for federal, local, and industry regulations. A missed requirement can prove extremely costly. It is the responsibility of each organization to ensure they are fully compliant with all email retention regulations.

Set and Enforce Email Retention Policies

Creating different archiving policies for different types of data can be complex for employees to follow, so simplify your email retention policies as far as is possible. If there are multiple email retention requirements to satisfy, a good best practice is to set a high-water mark for all email data. If you are required to keep emails for 3, 5, and 7 years to comply with different regulations, simply set a single policy of 7 years. However, make sure your email archiving policies are compliant with regulations such as the EU’s General Data Protection regulation (GDPR). The GDPR requires organization to only retain data for as long as it is required to achieve the purpose for which it was collected. In addition to setting policies you must ensure those policies are enforced. A sanction policy should therefore be created for when email retention and archiving policies are not followed.

Regularly Review and Update your Policies

Legal requirements for email archiving are likely to change over time so it is important for you to regularly review your email archiving policies. You should review and update your policies annually to ensure continued compliance. Make sure any policy changes are effectively communicated companywide.

Use a Dedicated Cloud Email Archiving Solution

If you decide on a cloud-based email archive rather than on-premise, a third-party email archiving solution is often a better choice than the archiving options offered by email providers such as those available for Google, Office 365, and Microsoft Exchange. Third party email archiving solutions have been purpose designed for email archiving, so they tend to be much easier to use and have a greater range of features and often at a lower price. You may also run into problems archiving legacy emails with archiving services such as Office 365.

Choose an Email Archiving Solution with a High Degree of Automation

Choose an email archiving solution that allows you to automate as much of the archiving process as possible. The ideal solution will be a set an forget email archive, where polices are applied and only emails that need to be archived are sent for long-term secure storage. You should also look for a solution that automates the removal of old data from the archive once the email archiving period has passed. Automation will increase productivity of your IT teams and other employees.

Provide Training to the Workforce

Make sure your employees are aware of your email archiving policy and discourage the use of personal PST files for storing email data. With emails being archived there is no need for PST files. They are a drain of productivity as archives can be searched to find email data, they unnecessarily take up storage space, and they expose the organization to unnecessary risks.