Proofpoint: Security, Compliance and the Cloud

Post by Rick Dales, VP Product Management

Last week, an interesting post appeared on StorageSoup, a SearchStorage.com blog that provides commentary on the storage industry. The post, titled FRCP looking like a PITW (Pain in the Wallet), identifies some of the potential loopholes a company can face trying to enforce a litigation hold. It also questions whether technology exists to address these loopholes without forcing an organization to literally keep every email indefinitely.

The quick answer to that question is yes (in fact that’s exactly what Fortiva’s on-demand email archive offers), but I thought it would be worthwhile to address some of the challenges mentioned in the blog entry in a bit more depth. Considering that the post was written by Tory Skyers, a Senior Systems Engineer who has hands-on experience dealing with multiple litigation holds and who regularly writes on storage issues, the confusion around how to best enforce a litigation hold is obviously hitting even the most seasoned IT professionals.

Here’s a quick rundown of Skyers’ main concerns, followed by my thoughts and recommendations:

1. Some trials last a loooooooong time, and the costs of storing the data requested for litigation hold on WORM are very significant. Despite this, the potential risks and costs of not having the data available can be so high that businesses can’t afford not to store relevant data once a litigation hold comes into affect.
   
   
   1. As Skyers mentions, some cases can last five years or more and the cost of storing this data starts adding up quickly. The whole process can also be time-consuming for IT, and there are no guarantees that data won’t be corrupted. So not only is this approach expensive, it’s risky too. Having said that, the risks of not storing the data can be even higher. The key is to find a more cost-effective, reliable way to store the data (ie. an email archive).
2. There’s a “Safe Harbor” clause in the FRCP that absolves companies of responsibility if the company has — and strictly follows — a deletion and retention policy. This protects the company from falling afoul of the regulation, but does my act (as an end user) of deleting an email fall under the “Safe Harbor” clause?
   
   
   1. The quick answer is no. The “Safe Harbor” clause protects organizations from being penalized for deleting relevant information before a litigation hold comes into affect, assuming the data was deleted according to a stated deletion and retention policy. If an end user is allowed to delete an email (accidentally or intentionally) that is covered by a litigation hold, or that has not yet reached the corporate retention period, it can be considered spoliation of data.
      
      Spoliation is the withholding, hiding, or destruction of evidence relevant to a legal proceeding and is a criminal act in the United States. It can result in fines and/or incarceration for the parties who engaged in the spoliation. It can also lead to a negative inference ruling that can ultimately lead to a guilt verdict.
      
      To avoid this, companies should have technology in place to ensure that email data cannot be deleted by an end-user until both of the following criteria are met: a) it has reached its retention period and b) it is not covered by a litigation hold.
3. I’ve seen some precedent that leads me to believe that simply having and following a policy is not enough… So as it relates to e-discovery, if a company allows [me] to delete my own emails, are [they] implicitly approving of me disobeying retention and deletion policy?
   
   
   1. In a way, yes. The key to meeting the FRCP guidelines is having and enforcing a policy. If you believe your end-users can be relied on to accurately enforce your policy (and not make any errors), then it is sufficient to simply have a policy and rely on your employees. Otherwise, you better have some technology in place that enforces your policy (including litigation holds) and prevents human error.
      
      In fact, a case in point is the recent Intel vs AMD lawsuit. Intel executives were informed of the litigation hold retention requirement, but many of them deleted email anyway. Regardless of whether the email deletion was intentional (or whether it was simply human error), the company was guilty of spoliation.
4. It seems like I would have to have CDP in place and store every email entering and leaving every mailbox forever to be really covered against every contingency.
   
   
   1. Fortunately, it’s not that bad. Once an email reaches the lifecycle outlined in the corporate retention policy, it can (and should) be deleted (assuming it’s not covered by a litigation hold). There is absolutely no need to keep everything forever (in fact that would raise a company’s risk profile significantly).
      
      The question is, how should you store your email? Skyers accurately points out that relying on a backup process may be insufficient, since any data that is sent or received, and deleted in between backup periods may not be retained. Beyond that, it is virtually impossible to apply a consistent retention policy against data on backups, since a single tape necessarily contains emails crossing a wide span of time. Backup tapes also have a high rate of corruption/failure, making them an unreliable.
      
      To keep all the data that enters your corporate email system for as long as necessary (and no longer), you really need an email archive like Fortiva, which captures every email that is sent or received, and keeps multiple copies in unalterable format on spinning disk until they meet the retention policy.

So all this leads to one conclusion –an email archive is really the most foolproof way to avoid the many possible loopholes when dealing with the FRCP requirements for email retention, litigation holds and e-discovery. At the risk of being self-promotional, here’s a run-down of how Fortiva meets all the requirements and addresses the concerns raised by Skyers:

• Cost-effective storage: Fortiva’s SmartStore archive stores a redundant copy of every email sent and received according to the customer’s retention policy in a centralized location. It requires virtually no effort on the part of IT, and it starts at just $1.10 per user, per month for 1000-user company. It also offers storage management features that allow a company to significantly reduce the burden on the Exchange email server.
• Litigation hold: Fortiva allows legal or IT to enforce a litigation hold against relevant email indefinitely with a click of a button in a web-browser interface.
• Policy enforcement: Fortiva allows you to develop granular policies (including different retention policies for different departments, individuals, and types of data), and automatically enforces those policies.
• Redundant storage: Fortiva stores multiple copies of every email in unalterable format on spinning disk, and keeps an additional copy in a secondary location. The system also provides continuous data validation across all archived data.

It’s important to note that not all email archives offer the same functionality. There is a whole class of email archives that were designed primarily to address email storage management issues, and those typically allow end-user deletion/deletion outside the retention policy (introducing many of the problems highlighted above). But that gets into topic in itself. In my next post, I’ll explain the different types of email archive, and the situations that each type is best suited for.

Posted by Rick Dales, VP Product Management

Over the past month, three SaaS vendors (including Fortiva) in the email archiving space have made announcements about new or existing products that are being offered at price points that have never been seen before. Fortiva was the first in this trend, announcing SmartStore - an entry-level email archive that allows customers to meet all their compliance and e-discovery requirements for the same price as email storage (pricing starts at $1.10 per user, per month for 1000 users). This was followed by Google announcing new, highly competitive pricing for their Postini archiving product, followed by another SaaS archiving competitor who announced a similarly-priced SaaS archiving option.

While some might speculate that this pricing trend is a result of “the Google effect” (downward price pressure from a large organization), that’s certainly not the case for Fortiva. Our product announcement was planned well in advance of the Google release, in response to a market need for an entry-level archive that meets legal demands and FRCP regulations. 

The reason we’re able to introduce this lower-cost archiving option is twofold. First, as a SaaS provider, we can offer a “pay as you go” model that allows customers to only pay for the services and features they require (unlike in-house solutions). Second, our SaaS architecture (shared resources and greater buying power for infrastructure) allows us to continually lower our cost-to-serve model, and therefore be very competitive in our pricing. I suspect these factors are having a similar impact on the other SaaS vendors in our space.

It’s exciting to see email archiving vendors delivering on the promises that SaaS can offer – including greater reliability and performance, faster implementation, fewer hassles and minimal IT management, and now, significantly lower TCO. This momentum is great for the industry and more importantly, great for customers.

Posted by Rick Dales, VP Product Management

First of all, let me start by saying that this is one of the rare times on this blog that we’re posting specifically about a Fortiva product…my apologies in advance for the self-promotion, but we felt this was worthy of a post.

We believe that every company should be diligent in storing their email in a way that complies with the FRCP requirements and allows you to meet e-discovery requests. Most companies have avoided this until now, largely because it’s too expensive. At Fortiva, we don’t think it should be. After all, if the data is being stored anyway, why should it cost so much more to do things like apply a policy or enforce a litigation hold against that data?

Which is why today, we announced the Fortiva SmartStore™ archive, a Software-as-a-Service product that allows you to centrally archive all your email, enforce policies and litigation holds, perform enterprise-wide search and easily conduct early case assessment, all for the same or less than the cost of storing and managing the data on enterprise storage in-house.

What this means for your average company is that there is now a way to protect against a potentially crippling e-discovery request, without adding significantly to your costs or to the demands on IT.

Until now, adding an active archive has been prohibitively expensive for companies that don’t face litigation on a regular basis. This wasn’t such a problem until the Federal Rules of Civil Procedure (FRCP) were amended in December, 2006, clearly identifying email as discoverable. Since then, there have been over 100 cases that have been impacted by the FRCP e-discovery rules in some way. Ultimately, no company is exempt, and cost is not considered a valid argument for not producing email requested during discovery.

Essentially, SmartStore acts as inexpensive insurance against potential litigation. You can rest assured that your email is being stored in accordance with the FRCP, and that you can quickly search and retrieve that email if a lawsuit comes up.

If you’re wondering how we can do this, it’s fairly simple. First, as a SaaS solution, our customers benefit from lower costs resulting from the shared infrastructure of Fortiva's multi-tenant architecture.

Secondly, we’ve significantly reduce the costs associated with search. As we’ve mentioned in previous posts, the cost of providing real-time search across all of a company’s email can be extremely expensive. Since SmartStore returns search results in a few hours instead of seconds, the archive costs are considerably lowered.

We know that companies that face infrequent lawsuits don’t require real-time search on-demand; in fact, a search response time of under 3 hours is fairly common for an email archive, and can easily meet the needs of many organizations. With SmartStore in place, customers can meet their basic requirements and upgrade at any time to real-time search if they faced intensive e-discovery requests.

If you want to learn more about Fortiva SmartStore, you can visit our website at www.fortiva.com/smartstore.

Posted by Rick Dales, VP Product Management

In our previous posts, both Chris and I discussed the significant investment in infrastructure that is necessary to provide fast, reliable search of corporate email. Even just a few years ago, this wasn’t a big issue for most businesses because they simply weren’t conducting searches across the entire email repository. However; in our increasingly litigious society, the growing costs that come from e-discovery are forcing more and more businesses to address the notion of "litigation readiness" – which inherently requires the ability to search email to isolate materials relevant to a given case. 

For companies that live under the cloud of a perpetual cycle of lawsuits, a variety of new technologies and processes have emerged to help people manage, collect, review and produce information for litigation.  Unfortunately, these approaches are often very expensive and can't be justified by the majority of businesses that only periodically face litigation hold and/or e-discovery activities -  a point that was reinforced by a recent survey that showed 1 in 5 businesses have settled a case to avoid the cost of searching through and retrieving email. 

For a company with a relatively long standard retention period (something that is becoming the norm), legal must be able to mine through a constantly-growing set of emails. This is particularly problematic because the cost to provide relatively quick searches doesn't grow linearly with the data growth, but instead, in most systems it grows exponentially. As difficult as it often is to justify the costs of "preventative" technologies (such as email archiving for litigation readiness), a system with rapidly increasing costs is even harder to justify.

Software-as-a-Service (SaaS) is a perfect model for addressing these types of challenges. Here’s why. When an e-discovery request comes in, most companies need powerful e-discovery capabilities with very little advanced notice; however, the rest of the time, they’re unlikely to need that search capability. Instead of building a system in-house that is underpowered when it's needed and wasteful the rest of the time, SaaS allows firms to readily access a pool of resources on-demand to meet their needs.

By spreading the cost of a large infrastructure over many customers, each of whom are unlikely to need the system at the same point in time, users get maximum capabilities at a far more justifiable, predictable cost.  To scale without bounds, SaaS companies like Fortiva are forced to build infrastructures whose cost does not grow exponentially (or it would be less and less profitable to take on new business).  This technology investment gets further passed along to the customer base so that costs per unit of data stored/processed go down over time.

Just like buying insurance, litigation readiness is about reducing risk and preventing significant, unexpected (and unplanned) costs.  There is the cost of enforcing a litigation hold; the cost of e-discovery activities and the cost of increased litigation risk by not having (or having access to) critical data – not to mention the costs of negative judgments. So it’s not surprising that litigation readiness – much like insurance again – can be a challenging thing to justify, especially when lawsuits aren't part of your firm's daily life. SaaS solutions can prove to be the best way to balance these needs.

Click here to read Part 6 in the Series on Search

Posted by Rick Dales, VP Product Management

In my previous post, I talked about the significant challenges of enterprise-wide search, and how those challenges directly translate to an email archive (in fact, they’re arguably greater for an email archive).

Today, most organizations archive email for legal discovery purposes. While they may have other goals, including compliance and storage management, searching through the entire repository is a fundamental requirement for any archive. The problem is that firms always underestimate the growth of the data and the infrastructure required to support the searching of that data (and the sales team from most email archiving vendors have little or no reason to change that).

To further this point, I wanted to share some real world experiences from companies we recently talked to that have an in-house email archiving solution in place. The first is an international bank that was archiving for a division of about 10,000 users.  Within two years they had amassed several terabytes of information. At that point, every time their legal or compliance department requested data from the archive, it was taking the IT department in excess of 24 hours to run a search.  With an expectation of next day delivery of information, this left no room for error.

This is far from the worst example we’ve seen. Another firm took over 25 days to complete a single search. And these experiences are not uncommon.  Making it even worse, we frequently hear that IT staff must stay up all night monitoring these long-running activities, because turnaround times don't allow for processes that fail overnight to be restarted the next day. 

Almost without exception, the companies we talk to say that their email volume is growing faster than expected.  The end result is that any new investments in the archive go toward growing the data intake processing capacity, not the search or access capability. Companies simply don’t have the budget, staff or time to keep up with search optimization. Which takes me back to my first post of this series, where I explained how a few years’ worth of corporate information can quickly accumulate to the size of all public information on the web, making it unreasonable for a company to even try to achieve short windows for search in-house (it would require hundreds or thousands of dedicated servers).

The big challenge is that for most organizations archiving data for litigation readiness, the data remains largely untouched until a legal issue arises. At that point, critical (and time-sensitive) searches are required. Yet maintaining the infrastructure in-house to conduct those searches on an infrequent basis (even a couple times a week) makes no sense. Leveraging a shared (SaaS) infrastructure for search, on the other hand, is an ideal way to cost-effectively conduct time-sensitive searches on a periodic basis.

As the archiving industry begins to mature, and more companies have experience managing an archive for more than a year or so, this problem will continue to come to light, and the benefits of multi-tenancy for archiving will be better understood. In the meantime, if you’re considering an email archive, take the time to ask the vendors you’re evaluating if they track search performance. Furthermore, ask to speak to customer references that have been archiving email for a significant period of time (and that have a comparable storage requirements to your own), and ask them about search times. You might be surprised at the answer.

Click here to read Part 3 in the Series on Search

Posted by Rick Dales, VP Product Management

Time and time again, we get calls from people who are looking for a new email archiving vendor because they are frustrated with the search performance of their current archiving solution. And it’s not surprising that they’re frustrated. With Google searching the whole internet in real-time, it seems logical that searching data across a single company would be a fairly easy thing to do.

As far back as the early 80's (when desktop document tools entered the workplace) people have talked about the importance of enterprise search as a key enabler for knowledge workers. Twenty five years later, an abundance of "enterprise search" products exist, yet very few firms have implemented company-wide searching of business information. Which leaves the obvious question - why not?

In fact, "enterprise search" is really a misnomer for these products which invariably are focused on narrow areas of information such as intranets or specific application data. The truth is that providing real-time searching of data across the enterprise (especially when you include the vast amount of email) involves significant challenges.

As the only company in our industry that offers a search time guarantee, Fortiva has a first-hand understanding of these challenges. Here is a quick breakdown of why searching through enterprise data is harder than it sounds:

Finding and quickly indexing distributed information is challenging
Business information comes in many forms -- structured and unstructured on an ever-changing set of machines on the corporate network.  Finding the machines that contain this information and scanning each file on each machine is both costly and challenging, particularly when dealing with laptops that come and go from the network.  Once documents have been found, the processing cost of extracting textual content in a meaningful form is also difficult and expensive.  Given that people most frequently look for recent information, if the indexing process doesn't work very quickly, users will likely find that the search engine is useless.

For day to day use, search needs to be fast -- which can be extraordinarily expensive and require an enormous amount of infrastructure
Web search engines such as Google, MSN and Yahoo have set user expectations for search.  If you have to wait more than a few seconds to get search results, you give up and move onto the next search engine. These sites get performance by distributing search activities across hundreds (or thousands) of servers for each search request, then aggregating the results.  Since the web is a single corpus of information that everyone shares common access to, and the search engines can profit from searches through advertising dollars, building out this large scale infrastructure is cost-effective.

What a lot of people don’t realize is that a few years’ worth of corporate information can quickly accumulate to the size of all public information on the web.  Yet to support the same search performance, implementing hundreds (or thousands) of servers in a single organization can never be justified.

Information access tools need to understand changing security models
Most documents within an organization are designed for consumption by a very limited audience.  Confidentiality of many types of information, including financial, business development and HR content is critical within an organization.  To provide a unified search infrastructure, each user must only be able to see search results for documents that they should have access to.  Determining these security relationships is challenging, however, because most firms assume that documents that live on a user's machine or their personal space on the network should only be accessible to that user.  Making this assumption, however, dramatically reduces the knowledge management value of enterprise wide search.

Ultimately, when you consider these challenges, it’s not surprising that so many people are frustrated with the search performance provided by in-house email archiving solutions. An email archive has to deal with a massive amount of searchable information, often many times the size of the "active" information set found throughout the corporate network.  Providing high-performance search across this data requires distributed search technology similar to that used by the web search engines and a large infrastructure. The truth is that for most companies, keeping up with the infrastructure requirements to support real-time search of the ever-growing volume of email data is – and will continue to be – cost-prohibitive.

And that’s where Fortiva’s software-as-a-service model starts to make real sense. By sharing the costs of the search infrastructure among different customers, Fortiva is able to guarantee search performance on an ongoing basis. Chris Tebo, our CTO and I will get into more detail about how we do this a future post in this search series.

Click here to read Part 2 in the Series on Search

Posted by Rick Dales, VP Product Management

In my last post, I commented on a recent Computerworld article entitled "Seven things to know about reducing risk with an e-mail archive", in which four Wikibon.org community members discuss the subject of email archiving and risk. As I noted earlier, the article points out seven “rules” for reducing risk with an email archive, all of which are valid to some extent; however, there are some overly simplified recommendations in the piece that warrant clarification. In this post, I will comment on the four remaining suggestions (having covered the first three in my last post).

4. Design for secure transfer from one medium to another.

The article makes a good point that to cost-effectively keep data 10-year period, you will need to plan to move that data to updated storage media at some point. This is a challenge that many people don’t consider when they implement archiving in-house – it’s also a compelling benefit of a SaaS solution like Fortiva (since that’s our problem, not yours).

Because content in an email archive accumulates over time, data management becomes a challenge both in terms of scalability and long-term accessibility of information. While it is critical that your archive not be tied to a specific storage medium, most people forget the practical considerations of moving very large blocks of information from one device to another.

As a service provider, we have unique scalability challenges, one of which is the need to constantly re-balance our storage infrastructure to ensure balanced load and maximum data utilization. As a result, we employ best practices that allow for the secure transfer of data from one medium to another, including”

- storing data in small, manageable units, so that movement from sever to server (and from one medium to another) is not only possible, but practical

- providing automatic fail over to alternate active copies of each piece of information to allow for uninterrupted access while data management and migration tasks are happening

- constantly scanning each piece of information in the archive to ensure that corruption and tampering have not taken place

When implementing an email archive, you should ask how the solution compares in each of these three areas.

5. Build to support derivative uses of the data.

While pundits have extolled the holy grail of knowledge management for years, email data may prove to be the centerpiece of an enterprise knowledge base. Email contains sufficient metadata (dates, involved parties, etc) to provide some basic context to information flow. Virtually all documents created in an organization flow through email as well. That having been said, email archives typically involve proprietary storage techniques to allow for storage optimizations such as compression and single-instance storage as well as effective retention management.

While Bert suggests storing information in industry standard formats to prepare for yet to be determined applications, it is impossible to predict what the "right", "industry standard" format will be. Instead, the system should easily provide ways to access and export the data into standard formats for analysis.

6. Avoid overly complex solutions and vendor lock-in.

Regardless of how simple or complex the solution is, having clear objectives is critical to a successful archive implementation. The reality is that once you have an archiving solution in place, it is difficult (but not impossible) to switch, so getting the basics right is critical. The winner in the feature race will get you no where if your archive can't:

- ingest new data as fast as your organization creates it

- provide consistent search performance, regardless of how large the archive gets

- ensure consistent availability

While Fortiva provides advanced functionality, such as message stubbing, we always ensure that customers have a meaningful policy and are successfully archiving new mail before we deploy added capabilities. I think the key point here is that effective risk reduction and a rich feature set do not have to be mutually exclusive. Getting added value from your email archive (beyond risk reduction) is a goal that should not be overlooked.

7. IT will manage e-mail archives as applications, with the storage group providing the actual storage as a service to the application team.

One of the most interesting insights we've gained in the process of converting customers from in-house archiving solutions to our SaaS platform is that storage groups don't understand that archival storage is a whole different beast. If the application and storage allocation is managed appropriately, archival data can be organized into blocks that become read-only, and no longer require ongoing backups. For large archives, treating the entire dataset as through it were a transactional database can dramatically increase costs and impact system availability.

As a result, contrary to Bert's suggestion, archive applications and storage management need to be done in tandem to get optimal efficiency. Given that most IT organizations are not organized in this way, outsourcing to firms that have this joint expertise allows for a more reliable, yet less expensive overall solution.

Posted by Rick Dales, VP Product Management

In a recent Computerworld article entitled "Seven things to know about reducing risk with an e-mail archive", Bert Latamore shares with us the opinions of four Wikibon.org community members: Josh Krischer, David Floyer, Peter Burris and David Vellante on the subject of email archiving and risk. While they make some valid points, and the seven “risk-reducers” are worth considering before you purchase an archive, there are also some overly simplified recommendations in the piece. 

As an email archiving vendor that has converted customers from virtually every solution out there, we've learned a lot about where people's email archiving implementations go wrong (as well as what works).  I thought it would be worthwhile to review the seven items in light of feedback from our customers and how Fortiva approaches the relevant challenges. In this post, I’ll cover the first three points, and I’ll address the remaining four in a follow-up post.

1. Focus on the issue of risk when selecting the technology for the base archive.
This is a valid point – while some people look at an email archive solely as a way to move data off of their overburdened mail system, if an email archive is ever going to be used to address legal discovery or compliance requirements (and it’s almost a given that it will at some point), these considerations must be first and foremost in the selection and implementation of an archiving solution. 

Since the article doesn’t go into specifics on what an archiving solution should have in order to effectively reduce risk, I thought I’d do that here. For discovery and compliance purposes, you must ensure complete, authentic capture of data and consistently apply retention policies.  As a result your solution must have:

• a robust policy engine that can systematically classify messages for retention (not just treat everything as a keep forever black hole)
• a way to isolate specific messages to apply a litigation hold to (while still being able to dispose of other items that have met their retention period)
• all disposed data be unrecoverable as soon as its disposition has been authorized - digital fingerprints on all content to prove that it hasn't been tampered with
• a data capture process that can never loose data due to system or network failure

2. Good procedures are more important than access speed.
Again, this is true, but the article misses a few salient points (and lacks specifics on what to look for).

An inconsistent archive creates, rather than mitigates risk.  While the exact rules for the retention of information are up for debate, the consistent application of a company's stated policies is not.  If you are going to rely on an archive to reduce risk you need to:

• Ensure all changes to the system (and the policies applied to the data) are fully audited so that you can explain why any message was retained for the period it was
• Have multiple (redundant) copies of all data, including indexes, to ensure that equipment failure does not result in data loss
• Have offsite copies of the data to protect this asset in case of disaster
• Ensure that no unauthorized user can access the data (this includes database or storage administrators)

While sound data management procedures are critical, the argument that 48-hour turnaround on legal discovery activities is “fine” misses a key point about risk:  Instant access to mine through data allows legal counsel to assess the risk involved, determine how likely they are to win the case, and make educated decisions about how to proceed.  With the ability to perform "pre-discovery" investigations, firms can choose to settle or fight a case based upon real insight into the information they have on hand. So while quick/real-time access to data may not be as necessary as enforcing consistent procedures, it certainly is a very valuable feature to have, and one that should not be ignored as a risk reduction tool.

3. Do not archive e-mails from before the archive was created
This is an interesting perspective, and one that certainly has its merits. It’s true that importing historical data to an archive can be an expensive, labor-intensive process and it may not make sense for every company. However, while Floyer makes a valid point that imported historical email will rarely, if ever, represent a complete record, he misses a key way that importing old email to an archive can reduce risk.

Being able to ensure that you don't keep things longer than your stated policy allows cannot be underestimated as a risk reduction tool (as Floyer covered in point #2) – and this is something that an archive can address, assuming you follow the right procedures.  If you archive historical email at the start of an archiving project with the hope of reducing risk, it is critical that you delete the imported email data stored in various places on user laptops, desktops and file servers (ie. in PST files). That way, you can enforce a consistent retention policy on all your email data, dramatically reducing risk.

On the other hand, if you allow users to keep their PST files, while ingesting a copy of them into the archive, the only potential risk reduction you gain is from easy search access for "pre-discovery" investigation. Another thing to remember – it is important to try to import your data right at the beginning of the archive implementation and record when these activities happened, so that you can explain, if called upon, that data prior to a certain date is not a complete set. 

As for the cost of importing the data, each vendor's solution is different.   As a service provider, we charge based upon the amount of data imported.  Importing data from a legacy archive almost always pays for itself, because the legacy system would otherwise need to be maintained in parallel.  When it comes to "unmanaged" data, such as PST files, the initial cost may seem harder to justify.  It's worth understanding, however, that unless you prevent users from adding to their local storage of email data, your risk profile doesn't change with the addition of the archive.

In my next post, I'll address the remaining four recommendations from the article.