Email Backup & Email Archiving
One of the most often witnessed misunderstandings in relation to email backup and email archiving is that both services operate in the same way. However there are some crucial differences. Here we examine these differences and why your company requires an email archiving service along with email backups.
Should a disaster occur, you should be able to retrieve your data and the same condition is true for emails. A massive amount of important data is held in email accounts and businesses must not be in a position where they can lose all that data. If a disaster happens, like a ransomware attack, with no backup in place, all of your email data will be lost forever. With a ransomware attack you can pay the ransom and the hackers may possibly release the data but there is no guarantee that they will do this. You must have another plan for data rescue such as an email backup service.
Email accounts can be brought back online to a set point in time from a backup file, and emails can be retrieved with little to no data loss taking place. From a corporate perspective, your backups may not need to be held for a long time. Their main aim is to ensure data recovery can be carried after a disaster, and they will be replaced with a new backup.
Backups are created to restore complete mailboxes. Issues come about should be be in a position where you have to retrieve just one email that has been accidentally removed, if you need to respond to a request to have a person’s data removed in its entirety to adhere with GDPR, or if you get an eDiscovery request or have to supply emails to settle disputes. You may also need to look obrt emails to determine if there has been a data breach or to examine possible internal attacks. In all of these scenarios, backups come up short as they are not searchable.
Email archives are searchable as they can be viewed as an extension of an inbox, where required searches for specific emails can be completed and messages can be promptly recovered when needed. All sent and inbound email is copied to the archive and is stored along with metadata, which allows searches to be complete. In fact, searching an email archive is just as simple as searching for a message in a corporate inbox.
If you desire to restore email messages from a particular point in the past, say last year, restoring data from your backup could simply lead to a loss of current email data. With the restoration of data from an email archive being completed that would not happen. Many companies only identify this difference between an email archive and a backup when they are in a position where they have to manage with one of the above scenarios.
You must also remember that companies have a legal obligation to maintain their emails, even in industries that are not subject to a high degree of regulatory compliance requirements. The Federal Rules of Civil Procedure in the United States were changed during 2006 to take in to account electronic communications, which state that email data must be produced if there is a legal action relating to it. Additionally, an audit trail must be kept, email data must be safeguarded to guard against accidental erasure or deliberate damage, and data must be instantly available.
An email archive solution can meet these requirements, a backup will not not.
What are the key benefits of an email archive?
An email archive reduces the space required to store emails, ensures email data are always available, and that if emails need to be found, a search can be easily performed, and emails can be recovered in seconds. An email archive can also improve the performance of your mail server and can help you comply with email data retention regulations.
How long do I need to archive emails in healthcare?
HIPAA requires policies and procedures to be retained for 6 years from when the documents were created or from when they were last in use. The Sarbanes Oxley Act (SOX), which applies to all public companies, has a retention period of 7 years, as does the IRS. The Food and Drug Administration (FDA) Regulation, which applies to pharma firms and manufacturers of biological products, has retention periods of between 5 and 35 years. States may also have their own email retention requirements.
Are all email archiving solutions HIPAA compliant?
No. You must ensure that the archiving solution maintains emails in their original form, in a tamper-proof repository. If the archive is not on-premises, end-to-end encryption is required and an email archiving service provider must sign a BAA, even if they claim not to have access to customers’ archives.
Is on-premises or cloud email archiving best for security?
IT security professionals may feel more comfortable having their email archive stored on-premises, where they feel more able to protect it; however, cloud-based email archiving is secure. Service providers now offer constant availability, and many will ensure the archive is backed up automatically to ensure email data cannot be lost. The cloud also offers unlimited scalability and cloud-based archives are easier to manage.
Will I be locked in with an email archiving service provider?
There is a risk of lock-in with some email archiving solution providers. Before committing to a solution, check how easy it is to export archives, including the data formats offered. If email data are stored in a proprietary format, it may not be easy to change providers.