1 / 45

Successful Deployment Strategies to Tackle E-mail Compliance Requirements and Storage Bloat

Greg Smith, Director of Prof Services Messaging Architects Gregg Hinchman, Consultant Hinchman Consulting Kevin Beaver, Security Consultant Principle Logic. Successful Deployment Strategies to Tackle E-mail Compliance Requirements and Storage Bloat. Overview.

indra
Télécharger la présentation

Successful Deployment Strategies to Tackle E-mail Compliance Requirements and Storage Bloat

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Greg Smith, Director of Prof Services Messaging Architects Gregg Hinchman, Consultant Hinchman Consulting Kevin Beaver, Security Consultant Principle Logic Successful Deployment Strategies to Tackle E-mail Compliance Requirements and Storage Bloat

  2. Overview • This seminar is designed to provide GroupWise administrators with the background steps they need to take to understand their business and infrastructure requirements and develop an organizational solution to managing Email Retention

  3. Speakers • Gregg A. Hinchman – gregg@hinchmanconsulting.com • Hinchman Consulting, Consultant • 10+ years of GroupWise Experience • 9+ years of GroupWise Upgrading Experience • 4 years of GroupWise Clustering Experience • Co-Author: • “Success with Clustering GroupWise” • “Success with GroupWise Document Management” • GroupWise Advisor Magazine Articles • Cool Solutions “Consultant’s Corner” articles

  4. Speakers • Kevin Beaver, Consultant - kbeaver@principlelogic.com • Independent Information Security Consultant, Principle Logic • 18 years’ experience in Information Security matters • Author & Columnist • “Hacking Wireless Networks For Dummies” & “Hacking For Dummies” (Wiley) • “The Definitive Guide to Email Management and Security” (Realtimepublishers.com) • “The Practical Guide to HIPAA Privacy and Security Compliance” (Auerbach) & Contributing Editor for HCPro’s Briefings on HIPAA newsletter

  5. Speakers • Greg Smith - greg.smith@messagingarchitects.com • Director of Professional Services • CNI, MCNE • 9+ Years GroupWise/Novell Experience • Consulting, Engineering & Project Management • 12,000 User Migration in 3 months (City of Toronto) • Author / Speaker • BrainShare • Advisor Media • Cool Solutions

  6. Strategy Checklist Our Problems Our IT Projects Planning for a Solution • Know Your Retention Requirements • Know Your Regulatory Requirements • Know Your Discovery Requirements • Know Your Users • Know Your Environment • Formulate Your Policies

  7. Problems? What Problems? Woes of the Overworked & Underpaid • Was here till midnight restoring that tape… • Have you rebuilt those GroupWise indexes? • When was the last time we ran a contents check? • This is the third discovery request from Legal this week • HR wants access to three users’ mailboxes • Our backup is now asking for another tape • Had another corrupted GroupWise Archive yesterday • Running out of space on PO2 and no more hard drive slots available • Do you know a good divorce lawyer?

  8. Our Organization County Government • 1400 Employees • 1100 Office / 300 Remote • 3 Offices (T1 between 2, 256K FR to other) • 4 Post Offices • PO1 300U/180GB • PO2 350U/260GB • PO3 250U/160GB • PO4 100U/120GB • Personal Archives across 3 servers (89GB)

  9. Major Projects Things we need to do • Tackle email server space issues • Look at email disaster recovery Things we are being told to do • Records retention • Regulatory Compliance • Access to Public Records enquiries • Provide email discovery requests to legal

  10. Projects • Email Server Space Issues • Server is maxed out of hard drive space • Migrate mail system to a new server

  11. Projects • Email Server Space Issues • Server is maxed out of hard drive space • Migrate mail system to a new server • Acquire or allocate space on SAN for mail server

  12. Projects • Email Server Space Issues • Server is maxed out of hard drive space • Migrate mail system to a new server • Acquire or allocate space on SAN for mail server • Split the Post Office

  13. Projects • Email Server Space Issues • Server is maxed out of hard drive space • Migrate mail system to a new server • Acquire or allocate space on SAN for mail server • Split the Post Office • Force deletion of messages from server

  14. Projects • Email Server Space Issues • Server is maxed out of hard drive space • Migrate mail system to a new server • Acquire or allocate space on SAN for mail server • Split the Post Office • Force deletion of messages from server • Implement Archiving

  15. Projects • Retention & Discovery Solution • Need to Keep Messages for 7 years, some longer • Need to run global and individual mailbox queries • Need to provide data to non-GroupWise users • Need to manage and delete obsolete records • Need to save deleted user email • Need to save 100% of email information for some users • Need an Archiving Solution

  16. Project Developing an Archiving Solution • GroupWise Archives • Personal Archives • Encrypted to individual user • Difficult to manage for size & deletion • Unfeasible for extensive searching • Dependence on GroupWise for long-term storage • Third-Party Archive Solution (GWArchive) • Data is stored outside of GroupWise • Data access has greater versatility • Data can be managed more efficiently

  17. Retention Requirements Let’s Look at Our GroupWise System

  18. What Are Our Retention Requirements? • Business Requirements • Look at current business email usage • What IS Email exactly being used for?

  19. What Are our Retention Requirements? • Business Requirements • Look at how email is accessed Email Older than 90 Days: _____ % Email Older than 180 Day: _____ % Email Older than 1 Year _____ % Email Older than 2 Years _____ % Email Older than 5 Years _____ % • Determine your access patterns for older messages

  20. What Are Our Retention Requirements? • Business Requirements • Look at how information is shared • Shared Folders • Proxy Access • Look at what is stored • Large Attachments • Many Duplicate Messages • Are you using your email system efficiently or should processes be redefined?

  21. Legal Requirements Let’s Ask Our Legal Department

  22. Let’s Ask Our Legal Department What do the laws and regulations say? Common misconceptions about data retention Who’s responsible? Is there a right answer? • Save nothing • Selective deletion • Save everything Email retention policy must-haves

  23. Regulatory Requirements Let’s Ask Our Compliance Officer

  24. What Are Our Regulatory Obligations? Public Institutions • Access to Information Legislation Florida Sunshine Act, Wisconsin Open Records Law • Electronic Signatures Act • 36 CFR 1220.34 • 36 CFR 1220.38 • 44 USC 3101 • 44 USC 3106 • US Department of Defense Directive 5015.2 • NPG 1441.1C • NARA General Records Schedule 20

  25. What Are Our Regulatory Obligations? • Private Institutions • Sarbanes Oxley (Canadian Bill 198) • HIPAA • SEC Rule 17(a) 3 & 17(a) 4 • Amendments to Rules 31a-2 and 204-2 • NASD 3010 & 3110 • NASD 2860 (b) (17) and 2210 (b) (2) • NTM 98-11 (Amendments to Rules 3010 and 3110) • NYSE Rule 342 • Universal Market Integrity Rules for Canadian Marketplaces

  26. What Are Our Regulatory Obligations? Consequences • Suspension of SEC trading license (Financial) • Prosecution of Executive Levels (Sarbanes Oxley) • Fines & Penalties • Investigations • Employment Termination

  27. Discovery Requirements We Don’t Know Where They Will Come from: HR, Legal, Security, Auditors, the Public…

  28. What Are Our Discovery Requirements? Who is requesting information? • Legal • Public • Human Resources • Security/Auditor What information is being requested? • Legal (Certain individuals for past 3 years) • Public (All records dealing with certain subject) • Human Resources (Individuals for past 90 days) • Security/Auditor (Current records)

  29. What Are Our Discovery Requirements? • Frequency of Access • Continuous Searching • Multiple Concurrent Searches • Daily / Weekly / As Needed • Who will have access? • Records Management Requests • Self-Service • Self-provisioning must include safeguards to monitor and access records

  30. What Are Our Discovery Requirements? • Speed of Access • Users need online access to 7 years’ worth of data? • What are expectations for accessing older data? • Can older data be maintained as offline records? • Primary Archives versus Secondary Archives • Primary = 6 Months – 2 Years • Secondary = 2 Years – 7 Years • Greater Availability & Access Speed = Higher Costs

  31. Our Environment

  32. Knowing Our Environment Architecture - Remote Sites • Current Available Bandwidth between sites • QoS and Critical Applications Data Discovery • Where is email data located? (User Archives) • How much data do I have? • Running GWCheck to estimate total required space

  33. Knowing Our Environment GroupWise System Information Number of Users............... 78 Number of Post Offices......... 1 Number of Mailboxes........... 157 ------------------------------------------------------------------------------ Item statistics: TOTAL /MBOX Mailbox statistics: TOTAL /MBOX normal items........141788 903.1 Boxes with mail....... 75 forwarded items.....31470 200.4 IN box entries: reply items.........58974 375.6 read................83653 532.8 total items.........232232 1479.1 unread.............. 2864 18.2 new.................34866 222.0 Distribution statistics: total...............121383 773.1 to single user......82840 527.6 Boxes over IN limit. 55 to <= 3 users.......97630 621.8 OUT box entries: to many users....... 3655 23.2 total...............101270 645.0 sent encrypted (%).. 0 Boxes over OUT limit 45 Schedule statistics: Average item length.... 132KB Boxes with schedules.. 55 INcoming appointments: Items w/ attachments... 7384 read................ 5336 33.9 Average number attach.. 1 unread.............. 9 0.0 Average attach length.. 4030 new................. 526 3.3 total............... 5871 37.3 Items hidden by rcvr... 93 OUTgoing appointments: Items in trashcan...... 0 0.0 total............... 1679 10.6 Total items x Average item length = Estimated Size

  34. Knowing Our Environment Storage Allocation • What is the total required space? • What is current growth? • GroupWise Accounting Files • Deltas between subsequent Statistic reports • What space is required in 12 Months? 18 Months? • What are the long term requirements?

  35. Our Users

  36. Knowing Our Users • Our users would never let us do that • Our users do not accept change • That’s going to be a really tough sell • That’s not what our users want

  37. Resistance to Change The Soft Sell • The IT Department takes a lesson from Marketing • Publicizing your project • Involving User Liaison Groups • Evaluating special requirements • Providing tutorials and training The Hard Sell • Involve upper management to define policy • Get management approval of your solution • Have Policy and Solution communicated from the top

  38. Resistance to Change • The Compromise • Maintaining legacy applications (GW Archives) • Initiating a scaled implementation • Duplication of data and management • Customized Development • Higher Management Costs

  39. The Policies

  40. Formulating Policies • Review Existing Email Usage Policies • Acceptable & Unacceptable Use Guidelines • Privacy Statements • Consequences • Retention Policy • How long to keep data in GroupWise and Archives • Deletion Policy • When to delete information and what information • Archiving Policy • How archives will be accessed and managed • Responsibilities of users, if not 100% retention

  41. Formulating Policies Create a Policy Team • Senior Management • Human Resources • IT Department • Legal Council • Public Relations Manager • Research Consultant • Solicit the involvement of all relevant departments

  42. Formulating Policies • Communicate the Policy • Ensure users know the policies • Provide education web videos / documents • Distribute polices with management endorsement • Manage policies accordingly

  43. Deploying a Solution • Checklist • Retention Requirements Definition  • Systems Configurations  • Access Requirements  • Developing Polices – to be cont. • Choosing the Right Solution  • Designing Your Solution Architecture  • Preparing Your Plan and Your Systems  • Deploying a Solution  • SP275 - A Hands-on Approach to Implementing an Effective E-mail Retention Solution with GroupWise and GWArchive

  44. Unpublished Work of Novell, Inc. All Rights Reserved. • This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability. • General Disclaimer • This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. Novell, Inc., makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

More Related