Where’s Your E-mail?

Talking Points
  • E-mail is a double-edged sword: Companies cannot function without it, but they fear the availability or unavailability of e-mail, especially when a judge asks for it, can have devastating consequences.
  • Even when large sums of dollars are not at stake, the importance of e-mail archiving and search, especially when a judge, regulator or litigation lawyer is involved, can be great.
  • Despite 5 years in the regulatory spotlight, the e-mail management market is only now starting to emerge.

If management needs a good reason to invest in e-mail archiving and searching, try this one: $1.45 billion.

This past spring, a jury awarded financier Ronald Perelman $1.45 billion in damages ($604.3 million in compensatory damages and $850 million in punitive damages) in a long-running dispute with the investment firm Morgan Stanley. Regardless of the merits of the case, the judge in the case switched the burden of proof from Perelman, the plaintiff, to Morgan Stanley when the investment firm was unable to produce some e-mail the judge had specifically ordered. Usually, it’s the other way around: The plaintiff must prove its case.

Beset by an onslaught on corporate governance mandates, SEC regulations and a more litigious environment, managers are wrestling with how best to manage their e-mail. E-mail is a double-edged sword: Companies cannot function without it, but they fear the availability or unavailability of e-mail, especially when a judge asks for it, can have devastating consequences. Clearly some form of e-mail management is needed.

E-mail forensics quagmire
It is not difficult for a company to miss e-mail messages if it is relying on conventional backups of its e-mail servers. Conventional backups lead to a potential e-mail forensics quagmire. Some observers speculate that is exactly what happened to Morgan Stanley. The e-mail forensics quagmire occurs when evidence of an e-mail message surfaces during litigation. If the company can’t deliver the e-mail and all related e-mail, it finds itself sifting through possibly years of backup tapes, each representing a brief point in time, to find the sought-after e-mail messages.

“All it takes is one person to take an e-mail message home on their laptop and delete it,” says John Hegner, vice president for technology at Liberty Medical Supply. Somebody knows that message once existed because it was sent by someone to someone, regardless of whether it was deleted. However, if it wasn’t captured and saved in a central archive, the organization may find itself plunging into the e-mail forensics quagmire, painstakingly sifting through millions of messages to find it.

Liberty Medical decided to avoid the potential quagmire by adopting iLumin, an e-mail management and archiving product with a discovery feature. iLumin captures every e-mail message as it arrives or is sent and stores a copy of it in a protected, indexed archive. When Liberty Medical receives a litigation discovery request, which happens a few times a year, it simply turns to the archive. Even if a user were to delete a copy of an e-mail, it still would be in the archive.

“We wanted to be proactive and avoid the kind of problems others encounter,” says Hegner. The search takes seconds. The rest of the time is spent validating and de-duplicating the messages and packaging them for review and delivery. The whole deal is wrapped up within hours.

The demand for e-mail management
Even when large sums of dollars are not at stake, the importance of e-mail archiving and search, especially when a judge, regulator or litigation lawyer is involved, can be great. Microsoft, no stranger to litigation, suffered a major setback this spring when a federal judge in Baltimore cited an e-mail from 1997 in his decision to allow two of Novell’s claims against Microsoft to proceed. The now-infamous e-mail details Microsoft’s view of desktop applications as the key in its strategy to protect its Windows franchise by effectively locking out competitive Windows applications.

In both the Morgan Stanley and Microsoft cases, e-mail proved crucial. “Compliance has become a critical e-mail issue thanks to the problems of Morgan Stanley and others,” says Kenneth Chin at Gartner. Under the compliance banner, Chin lumps regulatory compliance, litigation and legal discovery, which is the process by which lawyers for the opposing side are allowed to rummage through an enterprise’s files in search of relevant evidence. If a lawyer requests all the e-mail messages pertaining to a certain subject or involving certain individuals, and the organization can’t deliver them, there can be serious, quite costly consequences, as Morgan Stanley discovered.

Although many managers cite compliance concerns as the reason for their e-mail archiving and searching, they are speaking about regulatory or court-ordered compliance in a general sense. Sarbanes-Oxley calls for internal controls to ensure the accuracy and integrity of the reported information, but unlike SEC regulations, it does not specifically mandate e-mail archiving. Still, experts are advising companies to institute e-mail management as part of a general Sarbox-inspired effort to improve their internal controls. Even organizations not subject to Sarbox may want e-mail archiving in the event they are involved in litigation and its ensuing discovery.

Rising fears of litigation alone should spur action. Gartner recommends that companies “must address their e-mail retention and management needs now,” as Chin writes in an e-mail management report.

In 2004, according to the Radicati Group, the average corporate user sent and received 14.7 MB of e-mail data per day in 2004, up 53 percent from the previous year. A company with 10,000 employees, each averaging 84 e-mail messages a day plus attachments, works out to nearly 220 million e-mails plus attachments per year, or more than 38 TB of data.

Despite 5 years in the regulatory spotlight, the e-mail management market is only now starting to emerge. Today, Gartner estimates the e-mail management market, which encompasses mailbox management, archive management, compliance support and discovery, at $88.6 million worldwide in 2004, a more than 100 percent increase from $35.3 million in 2003. “We expect significant growth in 2005 as well,” says Chin.

Emergence of e-mail management tools
The numbers seem small, especially in light of the Morgan Stanley judgment. “This isn’t new. It’s been going on for at least 5 years. We got our first tool, SRA, in 1999,” says Chu Abad, vice president of technology for Seattle Northwest Securities.

Chin, on the other hand, insists the market is young and immature and is yet to take off. “This is still a new market. New players are coming into the market from data archiving. We also expect to see new players coming into the market from among the enterprise content management players,” he notes. In the long run, he expects e-mail management to converge with records management. (See related story, “E-mail management tool landscape.”)

At the other end of the scale are search engines such as ISYS’ indexing and searching tool, which includes sophisticated Boolean and proximity logic, for e-mail that can be integrated into other systems using a software development toolkit. Seattle Northwest purchased SRA’s Assentor, an e-mail search tool, at a time when there were few e-mail management tools on the market and fewer that could do the robust kind of searching financial services most companies need.

“Most of the tools were geared to e-mail archiving. Assentor [now iLumin] could do compliance searching. You could give it key words and it would flag those words,” says Abad.

In late 2002, Assentor was the dominant message screening and archiving tool for financial services firms that were scrambling to ensure they could comply with SEC mandates. SRA reported a client base of more than 80 firms for its Assentor product. These firms collectively supported more than 200,000 users in the financial services industry.

Seattle Northwest liked Assentor because it used text mining to review the content of electronic correspondence. This enabled financial services companies to screen every e-mail, thereby protecting themselves against unauthorized communications, as required by industry regulations. Seattle Northwest has never been the target of litigation or a regulatory compliance investigation, so it has not had to test under fire its e-mail searching capabilities.

However, it has played tangential roles in litigation between others when it has been asked to search its e-mail archive. It gets a few such requests a year. And, of course, its auditors regularly test the firm’s e-mail search capability during regular audits of its entire e-mail management process. “They want us to demonstrate that we have this capability,” Abad notes.

Prior to getting Assentor, Seattle Northwest simply archived its e-mail on optical disks. “Searching for e-mail was a complex process back then,” Abad recalls. The administrators had to keep popping optical disks in and out of the disk drives. A search could take an entire week. With iLumin, “it is a lot easier,” he adds. The company can fulfill a complex search request in a day. Seattle Northwest uses the iLumin product in conjunction with Permabit’s Permeon electronic storage vaulting product that uses write once/read many and low-cost ATA disks.

E-mail management alternatives
While e-mail management indeed is widely recognized among financial services firms as a critical survival technology, many of the firms, especially small and midsize firms, are not necessarily inclined to spend the big money some e-mail management products command. Many of them are finding different ways to solve the problem.

“We are not using an archiving tool. We looked at them, but the cost is pretty significant. You could end up paying $500,000, which is a bit pricey,” says Josh Wopperer, network engineer, UVEST Financial Services, which provides services to banks.

Instead, the company took a homegrown approach, something Wopperer suspects many other financial services firms are doing. “When we archive our e-mail, we also copy it to a SQL database. Our programmers set up all the criteria for archiving,” he explains. The database contains only the e-mail the firm is required to keep, and the programmers can tap the power of SQL to search the archive in response to any court, regulatory or litigation request. The SQL database is stored on UVEST’s EqualLogic SAN. The e-mail volumes are then replicated to UVEST’s disaster recovery hotsite to ensure full protection of the e-mail as required by the regulators.

NASDAQ handles tens of thousands of e-mails per day. It too must comply with demanding rules requiring it to archive and protect mail messages and be able to find them quickly should the need arise. It turned to a high-performance storage archiving and retrieval product, Hewlett-Packard’s StorageWorks Reference Information Storage System.

The NASDAQ system stores, indexes and rapidly retrieves not only e-mail but voice mail as well. The system supports 4 TB of data and provides a foundation for the company’s overall information lifecycle management strategy.

Still, the most common approach to e-mail search remains backup and restore from tape. Many, if not most, organizations rely on their backup process for what amounts to archiving, search and retrieval, says Jeffrey Hausman, director of product marketing for Veritas Enterprise Vault.

In the backup-and-restore approach, the company makes a full backup of its data, including its e-mail archive, then it makes incremental backups daily. The backups are regularly shipped offsite for safekeeping and disaster recovery until the point when more recent backups replace them. At this point, they are trucked off to a vault for long-term storage. This is the normal corporate backup process companies have relied on for years.

This approach, however, directly leads to the e-mail forensics quagmire, but the company doesn’t know it until it gets a request for particular e-mail messages relating to, say, a certain transaction or person. Now, the organization has to restore large chunks of this vast store of data from full and incremental backups, to find what amounts to the proverbial needle in the haystack. This entails retrieving the tapes from the offsite vault, mounting and restoring the volumes, then searching for the relevant messages.

The process could take weeks or months and eat up many hours of labor. And still it may not be nearly fast enough to satisfy the courts and the regulators. Or, if you don’t find everything, well, just ask Morgan Stanley.

Beyond compliance and litigation
Although regulatory compliance and litigation remain the high-profile applications for e-mail archiving and searching, there are other reasons that organizations want to manage their e-mail. For Direct Media, a catalog marketer and mailing list broker, the sheer size of the e-mail archive first drove it to e-mail management.

“We have a lot of big attachments with our e-mail,” says Kevin Ladd, director of infrastructure. The company, which has 200 employees, had 200 GB compressed worth of e-mail in April, and it is growing at the rate of 10 GB compressed each month. Some of the attachments alone exceed 10 MB.

The large volume of e-mail bogs down the company’s Microsoft Exchange servers. In addition, users try to keep more of the e-mail in their Windows PST files, which causes additional problems. “When PST files get over 2 GB, the folder gets unstable. People could end up losing data,” Ladd explains. In addition, the files, uncompressed, were eating up a lot of storage capacity, forcing the company to buy more. Efforts to enforce policies and set quotas proved ineffective.

“There are problems with setting quotas,” Ladd notes. After using up its direct-attached storage and most of an EMC CLARiiON FC-4700 array, the company turned to a new EMC SAN and Veritas’ Enterprise Vault e-mail management software.

“It was a question of getting Vault or buying even more disk,” Ladd says. Vault hooks into Microsoft Exchange, moves messages into a separate storage area, compresses them and archives everything. It leaves a shortcut for users who come looking for their messages. “The users don’t notice a thing,” he adds.

Vault also provides powerful search capabilities. “Our business runs on e-mail. Users are always looking through their e-mails, trying to find a quote they gave or something,” Ladd explains. Vault indexes the e-mail, which enables very fast searches—usually less than 2 seconds, he reports. A variety of search tools let users do broad and highly targeted searches.

The company has never been involved in litigation that necessitated a search of e-mail for the purposes of legal discovery. Veritas Vault, however, offers compliance and discovery modules. “We don’t use the compliance or discovery now, but if we ever get a request, I’m calling Veritas immediately,” says Ladd.

That’s probably the attitude of most managers at companies today. Unless they are directly under the gun of a regulatory mandate requiring e-mail archiving and searching capabilities, they are likely to wait until they find themselves involved in litigation and facing the possibility of e-mail discovery.

Unless the market develops faster than it has up to this point, however, when that first request for discovery comes, they may not find a lot to choose from.

Sidebar: E-mail management tool landscape
Sidebar: Leading e-mail management providers

When Corporate Lawyers Attack
By Stephen Swoyer

IBM Releases Spam-Fighting Tool
By Linda L. Briggs

Meeting Demand for E-mail Encryption
By John K. Waters