by Robert Smallwood, KM World Magazine
04-01-2006
E-mail management (EMM) is hot. Growing e-mail volumes, increased regulatory and legal pressures and concerns about electronic records make managing e-mail a top priority for many organizations. And with a dynamic, healthy marketplace exhibiting a flurry of new entrants and consolidations, the competition is fierce in the e-mail management and archiving marketplace.
Today, the typical U.S. knowledge worker sends and receives approximately 25,000 e-mails per year--and that continues to grow. Various research reports indicate that the number of corporate e-mails will increase from 9.7 billion in 2000 to an estimated 40 billion daily in 2006. Approximately one-fifth of companies have been ordered by courts to produce employee e-mail.
Those messages contain an increasing volume of critical electronic records. Twenty years ago, no permanent records existed that weren't physically printed on paper, due to legal precedents. Now 60 percent to 70 percent of business critical data is, at some point, contained in e-mail, so the need to manage, store, search and retrieve those electronic records is paramount. EMM is now mission-critical.
EMM projects are increasingly sponsored by executives, rather than being just an IT initiative. Some other trends have emerged in the past year: A shift has occurred away from simple archiving of e-mail messages to actual real-time, active surveillance; e-mail messages are increasingly viewed as a formal record, a subset of all electronic records; and messages coming in are tagged and categorized, which begins the compliance and governance process much sooner than before.
The clearest example of active surveillance is the tremendous demand for outbound content compliance (OCC), where messages can be halted from exiting the organization if they contain potential regulatory violations. Also, messages coming into the organization are more actively monitored.
Kon Leong, CEO of ZipLip, says, "Apart from OCC, the biggest trend today is the desire by firms to automatically tag e-mail data coming into an organization with categories and metadata so that corporate governance and policies can be applied to digital data. Not only does this provide significant advantages in any (future) litigation, it dramatically improves compliance, corporate governance and knowledge management around e-mail."
"E-mail management is a key factor in compliance and corporate governance procedures, and a potential landmine in legal discovery initiatives," said Bill Lyons, CEO of AXS-One. "That's why it shouldn't be seen as a secondary function with niche technology, but as a core component of records compliance management."
The e-mail management market--including instant messaging (IM)--has been so active that the past year has been more of a Wild West shootout than a software marketplace. There are so many choices on the table—more than 200--that user organizations have a difficult time making software selections. And throw in the fact that there are also hardware-based solutions, sort of an "EMM in a box," such as that from Mirapoint (mirapoint.com), and the decision becomes even more daunting.
When considering EMM solutions, organizations should bear in mind that: 1.) Certain vendors specialize in specific vertical markets; 2.) Some vendors have run into scaling limitations due to the constraint of their base architecture when volumes soar; and 3.) There are varying approaches, such as hosted vs. in-house, storage-centric vs. process-centric, and collaborative vs. archival (of course, there are offerings that straddle some of those basic approaches). So what is best for one organization may not be best for the organization across the street. As with any IT decision, hard requirements come first, flashy demonstrations later.
Ultimately, it is support after the sale that may tip the balance in favor of a vendor choice, because that is what your organization will live with for the next several years, and its performance may have stark implications during litigation or regulatory scrutiny. The consequences of poor vendor selection and associated implementation may have significant consequences for not only the organization, but also for individual managers within it, in the form of fines or even jail time.
Vendors offering hosted alternatives like Zantaz, Computer Associates (CA)--which bought iLumin--and newcomer Fortiva argue that they can take the load off an IT department for managing millions--even billions--of messages.
"The question users need to ask themselves is, 'Should this be our core competency?' " says Paul Chen, CEO of Fortiva. Providers that offer in-house solutions, such as Hummingbird maintain that the only way to achieve complete compliance in highly regulated industries like financial services and healthcare is to have software running inhouse, on not only the internal mail server, but also the gateway.
Some of the leading EMM solutions in the marketplace are reviewed below:
AXS-One
AXS-One reports more than 100 customer installations, ranging in size from almost 1,000 to 100,000 users. Its customers include: AXA Financial, New York Life, Deutsche Bank, Healthnet and Countrywide Financial.
The AXS-One Compliance Platform delivers e-mail message archiving for a range of platforms including Microsoft Exchange, Lotus Notes/Domino, Bloomberg Mail, SunOne Messaging and others that support RFC 822 messaging standards. It provides a single interface to disparate corporate content systems, addressing the requirements of managing long-term messaging content storage, but also presenting all information in context. The solution includes integrated functionality for secure, scalable e-mail (and IM) management including capture and extraction, storage, supervision, filtering and blocking, access, search and retrieval
Using configurable options, schedule-based extraction from mail servers is based on time periods to capture messages, minimizing the need for additional support and network infrastructure, and minimizing impact on mail servers. The extraction of e-mail header information (To, From, Cc:, Bcc:, Time and Date, and Subject) is used for basic indexing and is also completed at that stage.
Captaris
Captaris Exchange Archive Link for Captaris Alchemy (formerly IMR's Alchemy MailStore) solves the problems of e-mail regulatory compliance and records retention by capturing e-mail from Exchange or Outlook in a secure repository, and storing and managing it as a record. Exchange Archive Link can be used for Exchange by itself or combined with Outlook. It provides a rules engine that allows administrators to create rules enforcing e-mail archive policies, and rules are displayed in "plain English." It performs real-time archiving and indexing and allows compliance officers to identify possible e-mail policy violations the same day they occur.
Additionally, every archived e-mail is fully indexed in the event of an urgent legal discovery request, eliminating the need for costly e-mail recovery services. It also features integration with records management by archiving e-mails into the same repository system that can be controlled by the Alchemy Records Manager. It supports archiving onto several media options including CD-R, DVD-R, UDO and Sony ProData Disc.
Computer Associates (iLumin)
Computer Associates (CA) acquired iLumin in October 2005 and renamed its suite of products CA Message Manager. In the past, iLumin has focused on the financial services market (six of the seven largest banks in the world are customers), but now is concentrating more on energy and healthcare--also heavily regulated marketplaces. CA reports that Message Manager has more than 300 customers, including Liberty Healthcare and Seattle Northwest Securities. CA Message Manager manages over 2 million mailboxes, 110 million messages a day and more than 40 billion messages a year. Many customers manage over 30,000 mailboxes with the product.
In the past year, the product has been internationalized, adding French, German and Spanish versions, and plans are in the works to address Message Manager's key weakness: a lack of records management capabilities. The new capabilities will also include a federated search capability.
According to Mike Gundling, VP of product management, "Our development resources have doubled with the acquisition, so we're expanding our product breadth and market reach. Customers will be able to implement a single file plan with integrated policy management, and implement globally."
CA Message Manager offers a broad range of support for e-mail server platforms, (and offers in-house as well as a hosted solution), supporting MS Exchange, Lotus Notes, Novell GroupWise and other popular e-mail services, such as Bloomberg and Oracle Collaboration Suite.
EMC
EMC has about 1,500 e-mail archiving customers and thousands of other customers using file system archiving, SAP archiving and various application types. Some customers include Goldman Sachs, Archipelago (just acquired by the New York Stock Exchange), Deutsche Bank, Securities and Exchange Commission (SEC) and Nationwide Insurance. EMC's E-mailXtender product family (based on its acquisition of Legato) delivers archiving and supervision of e-mail and instant messages and supports most major messaging environments, including Microsoft Exchange and Lotus Notes/Domino.
The product family consists of E-mailXtender Archive Edition, which improves server performance by migrating e-mail messages and attachments into a centralized message archive; E-mailXtender, which performs the same functions but also manages e-mail as a record; and E-mailXaminer, which monitors and supervises e-mail content to ensure organizations adhere to corporate e-mail policy and achieve regulatory compliance.
EMC supports all data and content types from e-mail; IM; SharePoint; file systems; business applications such as SAP, PeopleSoft, Oracle and others; as well as other types of content such as images, reports and rich media. Many other vendors are generally focused on one application or content type.
FileNet
FileNet E-mail Manager integrates with both Exchange and Lotus Notes mail server platforms and integrates with FileNet's ECM platform, FileNet P8. E-mail Manager is a rules-based e-mail management solution that simplifies and automates the capture of e-mail messages as business records. The integration of FileNet E-mail Manager and FileNet Records Manager allows the automatic declaration of e-mail as records during the capture process, regardless of whether automatic or manual capture is used. Integrating e-mail and records management automates the process of declaring e-mail content as business records and manages the entire e-mail life cycle in compliance with records management policies.
E-mail Manager takes a content-centric approach to e-mail management, capturing related correspondence that can be linked to underlying applications, such as customer relationship management (CRM) or enterprise resource planning (ERP) systems. The event-driven processing feature automatically launches business processes in response to incoming e-mails. In addition, correspondence can be automatically linked to customer records within a CRM or ERP system, providing real-time access to customer-related e-mail content.
Fortiva
Fortiva's e-mail archiving solution supports MS Exchange only and is tightly integrated with it. Fortiva's Suite runs as a hosted solution at its data center, and after less than a year of operation the company has sold more than 20,000 seats to nearly 40 customers. Fortiva's approach significantly reduces the burden on e-mail servers by securely storing a copy of all e-mail on the Fortiva Network. With Fortiva in place, mailbox size limits can be enforced, while giving users access to all data, even after it's deleted from the server.
But what about security and confidentiality? "We guarantee that we can never see our customers' e-mail. It's encrypted before it is transmitted to us," says CEO Paul Chen.
The Fortiva suite consists of Fortiva Policy, where users design, edit and maintain electronic messaging policy, including retention, enforcement and supervision rules; Fortiva ArchiveSecurely, which stores electronic messages for an unlimited amount of time and allows users to search and retrieve in real time; Fortiva Discovery, which performs real-time advanced searches across the message header, message body and content of more than 250 types of attachments; Fortiva Supervision, which creates a supervision process for selecting and reviewing the content of electronic messages for acceptable use of e-mail; and Fortiva Reports, which provides detailed reports to properly assess e-mail patterns and behavior.
Hummingbird
Hummingbird Enterprise captures, manages and preserves corporate e-mail according to organization policies, storing it alongside other business-relevant content in a single, unified repository. Supporting e-mail and attachments in tandem with records classification and management processes, Hummingbird Enterprise enables knowledge professionals to access ECM resources from directly within native e-mail interfaces.
In 2000, Hummingbird first marketed a unified repository for managing documents and records throughout their life cycle, a capability that plays into current trends. Hummingbird Enterprise focuses more on the front-end e-mail management and collaboration functions, and then partners with companies like EMC and Symantec for back-end archival functionality.
Mimosa Systems
Mimosa Systems began shipping in May 2005 and has more than 40 customers to date. Some of its major customers are AAA Insurance, Virtua Health, Fosters Beverage and Washington State University. Mimosa concentrates only on the Microsoft Exchange marketplace, and Mimosa NearPoint uniquely captures 100 percent of Microsoft Exchange e-mail data via a technique called Application Shadowing, without impact on the Exchange Server (unlike other solutions that use MAPI and Microsoft Exchange Journaling). NearPoint captures the data in a bulk method and transforms the raw data "off-host" for the purposes of recovery (database, mailbox, message), archival (retention, search/discovery) and for storage management.
Open Text
Major Open Text customers include UBS, Merck, Hitachi Data Systems and the U.S. Treasury. In the past year, Open Text has worked to tighten integration between its records management and archiving products. For example, as soon as an e-mail is classified as SEC 17a-4 relevant, it automates the process of storing that e-mail on the required WORM device in an organization's mixed storage environment. The next release of a new suite of e-mail and archiving solutions in May will build on those capabilities.
To meet the increased need for rigorous classification of records, Open Text has partnered with Trusted Edge to extend its RM Edge product suite in its offerings. Open Text has also developed a sampling and supervision extension to its e-mail archiving and management offerings, which allows customers to select a random sampling of e-mail from a user's mailbox, and route it to the appropriate review staff. Open Text has partnered with litigation support specialist TCDI to provide seamless access to all content stored within the Open Text records management system, meaning that duplicate copies of content do not need to be created and exported into the litigation support system.
Postini
Postini is a hosted solution that processes 1 billion messages daily through its data centers for 9.1 million users. Some larger customers include Merrill Lynch, BASF, Circuit City, Lloyds of London, KPMG, Perrier, United Technologies and Corning. Postini filters and manages mail in real time, delivering only legitimate e-mail, while blocking or quarantining spam and viruses. The company archives or encrypts messages based on customers' policies
Postini introduced its Integrated Message Management (IMM) solution suite in September 2005. IMM builds on its success since 1999 in providing e-mail security, giving customers security and protection for both their e-mail and IM. It provides anti-spam, anti-virus, content management, inbound and outbound filtering, archiving, encryption and continuity services.
What's the rush? The law is coming!
What's driving the rush to implement e-mail archiving/management software? One big reason is that an estimated 60 percent to 70 percent of business-critical data resides in e-mail, but there is also a bigger stick: compliance. The law has become a strong motivator for businesses, especially in this era of increased government scrutiny resulting in lengthy court cases, fines or even jail time.
Some of the regulations apply to a broad swath of firms, such as Sarbanes-Oxley (commonly referred to as SOX), which applies to all public firms and regulates financial auditing, quality control and independence standards, requiring executives to certify the veracity of their financial reporting. SOX mandates that public companies save all business records, including electronic records and messages, for no less than five years, and relevant audit-related documentation (including e-mail records) must be retained for seven years.
Other regulations are specific to vertical markets, most especially the financial services, investment brokerage and banking segments. Many financial services and related firms are upgrading existing systems to improve their ability to quickly search and find relevant e-mail records when discovery requests are made. Here are some key laws impacting the retention, preservation, searchability and production of e-mail records for financial services entities:
Financial services firms
Gramm-Leach Bliley Act
Financial institutions must ensure the security of non-public personal information; as such, they are required to maintain and store those communications in compliance with the SEC's Rule 240.17a-4 and NASD's rules 3010 and 3110 (all e-mails must be preserved for a period of not less than six years, with the first two years in an easily accessible place).
Investment broker dealers
Securities & Exchange Commission (SEC) 17a(3,4) Records of Certain Exchange Members, Brokers & Dealers
A broker or dealer must preserve records and documents for three to six years, the first two years of which they must be in an accessible place. All documents and records must be time-stamped, stored in a non-rewritable/non-erasable format, organized and indexed, with a duplicate copy stored separately from the original. The indexes should be duplicated and stored separately from the original, and they should be available for examination and preserved as long as the documents and records.
NASD 2210--Communications with the Public
All sales literature and correspondence made available to customers or the public (including e-mail) must be maintained for three years from the date of each use including the name of the person who prepared the literature and/or approved its use. Any communications (including e-mail) that deal with the performance of past recommendations or actual transactions should be stored at a place easily accessible for the accounts or customers involved.
NASD 2711
All research reports--including any written or electronic communication that includes an analysis of equity securities of individual companies or industries and that provides information reasonably sufficient upon which to base an investment decision--must be retained for three years following its publication.
NASD 3010
A system should be established and maintained to supervise activities of all registered representatives, including the use of e-mail and Web sites. Written procedures must be developed for the review of any written and electronic correspondence with the public relating to investment banking or securities business. If an electronic or manual pre-use review is not done, appropriate supervisory procedures should be developed, as well as monitoring and testing the procedures, educating employees on the procedures and documenting the education of the employees. All correspondence relating to investment banking or securities business should be retained along with the names of the people who prepared and reviewed the correspondence, and the retained records should be readily available to NASD.
NASD 3110
All books, accounts, records, memoranda and correspondence should be retained in the same format as stated in SEC Rule 17a-4 (i.e. non-rewritable, non-erasable, and time-stamped). All e-mails and Internet communications that relate to the broker/dealer's business must be retained for at least three years, the first two years in an easily accessible place.
IDA 29.7 (The Investment Dealers Association of Canada)
All client correspondence and related documents, including e-mails, must be retained for five years from the date of creation.
Banks
Office of the Comptroller of Currency (OCC) Advisory: Electronic Record-Keeping
Banks should implement an electronic record retention system to allow litigation, audits, bank supervision and compliance with laws and regulations. Systems should also prevent external access by third parties, and provide backup, internal controls, record destruction and record retention.
Federal Deposit Insurance Association (FDIC) Advisory: Information Technology Risk Management Program
It requires encryption of electronic customer information while in transit or in storage.
Basel II
Banks must create internal processes to control, supervise and enforce risk management practices, including those involving internal communications (e-mail).
In the second part of the article, we'll review some other leaders in this explosive and critical marketplace.
Download: Full Article in PDF Format