Last month, I posted an article titled “What’s a good mailbox size?” where I discussed many of the considerations an architect must take into account when sizing storage for a new email system. In that post, I also set up a survey where I asked readers to answer six short questions about what they think makes a good size for a mailbox, as well as what future plans they might have for system growth. As promised in last month’s post, I am sharing the results of the survey now.

While the total number of respondents was somewhat less than I hoped for, the quality of those responses from survey participants is greatly appreciated. No one skipped any of the first four questions; the last two were “if” type and should have been skipped if not applicable. Thanks to all those who took the time to share their answers. I will share each question and the responses by percentage below.

Continue reading As it Turns Out, a Good Mailbox Size Is…

When looking at solutions on securing email, many people don’t take into consideration the type of business environment they work in. All too often, after spending a great amount of time and money, small to medium-sized enterprises find out that what works for a company the size of Bank of America doesn’t quite work for them.

To better help SMBs find solutions scaled to their needs when it comes to email security, I have compiled a list of 5 tips that address the risks and restraints that they face. Continue reading 5 Essential Tips for SMB Email Security

Advanced persistent threats make email security a necessity

Most email administrators consider security to be a large part of what they do. With so many laws and regulations governing the storage, discovery and retrieval of email messages, security has become a second job to many.

Unfortunately, many administrators either forget, or simply aren’t aware, that securing email requires much more effort than hardening the email servers against attack. In order to fully protect your organization’s email and their contents the mailbox also needs to be defended. Especially when you consider how popular Advanced Persistent Threats are becoming with large cyber crime syndicates who use email not only as a way to harvest sensitive information, but also as a method of attack through phishing and social engineering. Continue reading Tips for Better Email Security

In just one week Google, the International Monetary Fund and Citigroup have all made headlines as a result of email associated with them being under attack. The reason we continue to see companies make the news as a result of email attacks is that email security is sometimes ignored when it comes to training users properly and making good decisions. In some cases, having the latest and greatest when it comes to security tools even creates a false sense of security that causes us, and our users, to overlook the little things. A multi-layered defense that has been properly configured with all the best technology can be rendered useless if the little things are forgotten.

Continue reading 5 Simple Mistakes When it Comes to Email Security

Developments in cloud based computing have shown quite a bit of excitement and promise, especially when it comes to small to medium sized businesses. Those who evangelize the cloud will often cite the many benefits of moving to a cloud based email service. The litany of favorable reasons to examine moving email services off site that are oft quoted fall into line with the reasons used to move to any new technology:

• Ease of scalability
• Ease of software updates
• Email access anywhere
• Better disaster recovery
• Ease of implementation
• And of course, reduced costs

So when a vendor, or even someone in your own organization, throw these at management looking to save money and increase productivity then it seems like the question moves from why should we move to the cloud? to why has it taken us so long to move our email to the cloud?

Is it really that easy?

Continue reading 4 Considerations for Cloud Based Email

Despite the widespread use of instant messaging and the recent rise in the popularity of social networking tools, there is little doubt that the humble email remains the perennial form of digital communication for businesses today.  Its widespread use does imply the presence of the invariable blooper however, or of carelessly written messages that could come back to haunt you.  I call such situations the “Oops!” moment.

I’ve highlighted some of the most common ones below, and it is my hope that it can led to users exercising more caution before clicking on the “Send” button.  And yes, do feel free to chip in with a comment or two about similar mistakes that you may have witnessed, or have committed yourself.

Continue reading 5 Most Common ‘Oops!’ Moments with Email

The benefits associated with archiving Microsoft Exchange email and associated data, creates many cost effective solutions. Archiving facilitates government regulatory or civil litigation searches for ediscovery requests. It also allows for more complete archive journaling, and provides storage benefits for both mailbox growth and the various storage devices that can be utilized.

Although lowering storage reduction costs is a common denominator for email archiving, compliance requirements are moving more companies to implementing archiving strategies. Depending on the motivation factors, cost savings on storage are subject to interpretation by different people.  For some people, compressing email could reduce licensing, as well as storage hardware costs.  For others it may mean creating a mailbox for end users, which has virtually unlimited space.

Continue reading Archive Stubbing Techniques Not Recommended

The Florida Legislature recently suffered some embarrassment as a result of its lack of an email retention policy – or, more accurately, the inadequacy of its retention policy. Background: former House Speaker accepted a $110,000 per year position with the Northwest Florida State College after, supposedly, being one of the driving forces behind the state funding directed to the College while Speaker. The press caught wind of a possible scandal and attempted to obtain copies of emails between Sansom and the College. And that’s when it emerged that the Legislature had no real form of email retention policy: sent items were routinely purged after 30 days and deleted items were routinely purged after 90 days.

It’s time for the Florida House and Senate to join the 21st century. If lawmakers are going to use 21st-century technologies to communicate with the public and one another, they should take steps to ensure these communications are preserved — and accessible to the public,  read the editorial in TCPalm.

So, why weren’t the Legislature hanging onto their emails for longer? Because of storage constraints, seemingly. Sorry, but that’s a really lame excuse. Storage is dirt cheap and the price point of archiving solutions puts them well within reach of even smaller businesses. According to the Panama City News Herald:

The average House member uses about 569 megabytes of server space each month, with the average senator using about 700 megabytes, the documents said. Both are less than the 1 gigabyte of space available on an iPod Shuffle, Apple Inc.’s smallest portable music player, which holds about 500 songs. A free e-mail account from Google Inc. gives each user about 7,300 megabytes of space.

The House spends about $124,000 yearly on maintaining the system, according to Legislature information.

For that much, the House could also archive e-mail for three years, said Forrester Research analyst Chris Voce, who studies IT infrastructure. Upkeep for the House’s 750 users that would retain e-mails for three years should cost about $108,000 annually, Voce said.

Exactly. Retaining your email is actually pretty cheap these days – and the cost of retaining it can certainly be less than the cost of losing it.

Continue reading Here Today, Gone in 30 Days or The Need of Email Archiving

The folks over at Techdirt have posted an interesting article about the UK’s new email law that requires ISPs to save every single email sent in the UK for a period of one year. There are several problems with that:

There’s been an ongoing push around the world by law enforcement to require ISPs to retain certain types of data, in case it comes in handy later for criminal investigations. Of course, these demands come from the wishful thinking department. The cost associated with such data retention is tremendous, and all it does is create a huge mass of data — often making it more difficult to find the useful information. In the UK, they’ve put in place new data retention laws that will require ISPs to retain records on every email sent or received in the UK for a year. It’s not the contents of the email — but just the data on that email. That, alone, though, seems like a pretty big violation of privacy, and people are starting to point that out.

It will be interesting to see how this plays out as it doesn’t look like the law can reasonably or even legally be enforced as it stands now.

What’s up with all these government people ignoring good email archiving protocol? It seems that several officials lately, who are presumably well educated and should know better, are coming out with their own brand of wisdom which says they should be allowed to delete emails after way too short a time.

ITWorld’s James Gaskin’s article, “E-mail archiving stupidity“, gets right to the point and pulls no punches. Gaskin reports that Dallas County officials want to delete email after 90 days, and asks, “have none of them heard of all the new regulations about e-mail archiving?” He also notes that the governor of Texas recently got the state’s Attorney General to issue a ruling that he could delete his own e-mails after one week. I think the governor needs to add a gallon or two to his ten-gallon hat, because the one he’s got on is obviously cutting off circulation to his brain. Delete e-mails after a week? Are you kidding me? Why on earth would anybody advocate such a thing, especially for a government official? This is sheer nonsense, and very probably against the law.

Continue reading Email Archiving Nonsense in the Big D