IT Security

E-mail archiving and cyber resilience

by Mark Rowe

Björn Meyn, Senior Product Manager, at the software company MailStore, pictured, discusses the growing significance of e-mail archiving as part of cyber resilience.

Emails are one of the most valuable and authentic information resources of our time. Amid the pandemic, email volumes have grown exponentially, with digitisation and remote working becoming core to business continuity. In fact, according to Statista, roughly 306.4 billion emails were estimated to have been sent and received each day in 2020. This figure is expected to increase to over 376.4 billion by 2025.

Emails are an essential part of daily workflow and communication for every organisation. They contain a large amount of critical information, such as contracts, invoices, personnel data, and purchase orders. Keeping business-critical information and data permanently available is essential. Losing important data within IT infrastructure will disrupt business and could even jeopardise the reputation of a company. If lost data is not recovered, a company’s very existence may even be at stake – depending on the scale of the loss.

There are multiple causes for the loss of email data, including: malicious activity within the organisation, an innocent mistake or deletion of emails by employees, cyber-attacks, natural disasters, or other uncontrollable causes such as a fire in the company building, all of which may fail software or hardware systems. There is also a risk from external factors, such as disruption to business operations caused by cloud service providers – whose services may be halted due to technical issues.

To meet these challenges and minimise the risks as far as possible, companies are increasingly relying on the concept of cyber resilience.

Cyber resilience – holistic protection of IT systems and data

Cyber resilience is becoming more and more important amid increasing digitalisation. Companies use the term cyber resilience to refer not only to measures and concepts for protection against cyber-attacks, but also to business continuity management. In business continuity management, strategies, activities, and processes are defined which, in the event of an emergency such as a cyberattack which overcomes a company’s initial protective measures (eg., the firewall), are intended to prevent a disruption or failure of business capability, or to enable business activities to resume as quickly as possible.

Disaster recovery as a part of business continuity management

An important part of business continuity management is Disaster Recovery, which deals with securing and restoring the necessary technical infrastructure, ie., the business-critical data and all the IT networks and systems. Back-ups and email archiving provide valuable support here.

Backups store a company’s data (e.g., the data of communication programs used or of the ERP software) at a specific point in time. If data is lost, data subsets or entire systems or servers can be restored from the backup. However, the backup volumes only reflect the data that existed at the time the backup was created. Changes made after the backup- is created are not recorded. This means that backups need to be performed regularly – taking into account costs and benefits – so that the backed-up data remains as up-to-date as possible.

E-mail archiving for permanent access to e-mails, even in the event of a claim

In addition to regular backups, the use of a professional e-mail archiving solution is recommended. Considering that e-mails are still the most important communication medium and contain many business-critical documents, it is important to ensure continuity of access to e-mails – even in the event of a data loss.

An independent email archiving solution can help to preserve business critical emails and simplify recovery of these emails, keeping the complete volume of email data stored safely in an email archive and the remaining available for working operations, eg., search and recovery procedures. Even after a catastrophic event in which the email server must be restored from a backup and is not available, organisations can access the email inventory without losing valuable time. In addition, an email archiving solution can help simplify back-up and recovery processes in line with the email server. For example, keeping the volume of data stored on an email server low means that less time and storage capacity are needed for the backup process – so, after a catastrophic event, you’ll be able to restore the mail server from the back-up volumes faster.

Both email archiving and backup solutions are imperative for business continuity, but they are not mutually exclusive. As a rule, a company backup strategy serves to protect data (ideally including the email archive itself) in the medium to short-term and can restore this information as required.
An email archiving solution, when included in a back-up strategy, enables emails to be stored in their original state for many years, easy to find, and permanently available. By using both solutions together, organisations can ensure cyber resilience is boosted across their entire IT estate.

E-mail archiving for regulatory compliance and data protection

One of the main tasks of archiving emails is to help companies to comply with regulatory requirements. A vast amount of business-critical information lives within the IT infrastructure and some of it may exist solely in email, so it is vital that emails are retained and preserved safely.

It is important to note that each industry sector and country all over the world has specific compliance standards and regulations. Heavily regulated sectors such as healthcare, finance and government have particularly strict compliance regulations and need to store most data in its original format for many years. However, many businesses are unaware of the importance of archiving their emails and do not have an email management strategy in place.

Failure to comply with regulations and compliance requirements which impact business email can have severe consequences and result in fines and other sanctions. In certain circumstances, it can even lead to litigation under civil law, where data subjects assert their rights under the EU’s General Data Protection Regulation (GDPR). This can be avoided with the help of a professional email archive solution that has been audited and certified to comply with subject data rights under the GDPR in terms of storing email data.

Use alongside existing collaboration tools

Archiving solutions ensure that all emails, including any file attachments, are retained fully in a tamper-proof manner so that they are always available.

Many organisations who opt for cloud-based integrated digital collaboration tools and productivity suites – such as Google Workspace or Microsoft 365 – may not see the need for additional solutions.

However, Google Vault (Google Workspace’s native data management tool) may fail to meet the compliance requirements of a professional email archiving system, depending on the business needs for professional email management. Deploying an independent third-party archiving solution, combined with Google Workspace, is therefore crucial to leveraging salient features of the collaboration tool – by ensuring emails are secure and that they can be safely restored as and when required.

The deployment of an email archiving solution is of huge strategic importance. A professional email archive makes an important contribution to a company’s cyber resilience, in which it is a crucial component of business continuity management by supporting disaster recovery. In addition, email archiving supports compliance with legal requirements regarding the retention of business-critical information and should, for this reason alone, be part of any information management and corporate strategy.


Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing