X
Tech
Home Tech Hardware

Paranoia, regs mean good times for storage

The increasing number of regulations governing how electronic communications are archived means companies have to work out ways of storing everything--even potentially dangerous e-mails.
Written by Munir Kotadia, Contributor
As the quantity of illegitimate e-mails continues to rise, more companies have been employing mail-filtering products at the edge of their network. The filtering products generally contain a relatively small amount of storage to hold quarantined e-mails--messages that are most likely spam, but may not be.

Sacrificing a legitimate e-mail every now and again is a relatively low price to pay if it significantly reduces the amount of spam, but strict data retention laws, such as Sarbanes-Oxley regulations in the United States, mean companies are obliged to keep records from certain electronic communications for specific periods of time. And what if the one e-mail you lose is at the centre of a future court case?

As the electronic communications laws are still relatively immature, there is confusion as to how long companies need to archive their e-mails to ensure compliance.

This causes problems when e-mail has been quarantined. A company could be legally responsible for archiving a particular message that has been caught in its filtering software. If this e-mail is deleted, the company could face legal problems. But because the message has not been undeniably identified as non-malicious, it cannot be allowed onto the corporate storage system.

Colin Gray, vice president and managing director at e-mail security firm CipherTrust, said the fundamental concept of e-mail security is to not let illegitimate e-mails get into the mail system.

"If we were to let all these messages onto your e-mail system and then quarantine them there, it would defeat the object," Gray said.

According to Gray, Sarbanes-Oxley and other regulations have led to "information paranoia". Companies recognise that they have to retain information, while at and at the same time finding a way of keeping potentially dangerous e-mail messages separate from their main network.

Policy awareness expert Adrian Wright, who is the managing director of Secoda Risk Management, said the US laws in this area--apart from those dealing with e-mail abuse by employees--aren't fully formed, and often contradict each other.

"It's very complicated because post-Enron, there are in the order of 10,000 federal and state regulations on how companies store and access records--and their timescales don't match up," Wright said.

According to Wright, companies have to find out which regulations apply to their business and then decide how long they should keep their data.

"They have to look across all these regulations to see which ones apply to the retention of data and pick the longest period that applies. For brokerage data, the period is between three and six years, sometimes more," Wright said.

CipherTrust's Gray said the short term solution for companies is to build in much greater storage capacities in their e-mail security products.

"Our products have increased from 36GB to 140GB and the high end product now has 300GB of storage," Gray said.

Gray said this is a trend that is likely to continue and evolve, ultimately leading to e-mail security firms and storage vendors working together to create secure storage archives for potentially harmful data.

"Information paranoia is a positive thing; we have seen a growth in customers saying they want to guarantee that users never lose a legitimate e-mail. You will see relationships forming between messaging security companies like ourselves and storage companies," Gray said.

Editorial standards
Show Comments

Related

Memory feature in ChatGPT

OpenAI makes 'Memory' available to all ChatGPT Plus subscribers - how to use it

A TCL QM8 TV showing a scene from the film Mamma Mia

One of the best QLED TVs I've tested is not made by Samsung or Sony

Placeholder product image alt text

The best AI image generators to try right now