Like diamonds, e-mails are forever. Or at least for three to five years, as more companies implement e-mail archiving regimes to comply with regulatory and legal requirements.
First Associates Investments Inc., a Toronto broker and investment dealer, recently turned to Toronto’s Fortiva Inc. for an e-mail archiving system to comply with a bylaw implemented by the Investment Dealers Association of Canada (IDA). The new stipulations require financial services companies to archive their full range of electronic communications, from e-mails to instant messages.
Brian Erdelyi, First Associates’ information security officer, said retrieving e-mails from tape backup was time-consuming and tedious. With the IDA now requiring periodic reviews by internal compliance officers, the firm decided it was time for a change.
The firm considered commercial, off-the-shelf products and managed offerings from companies like Veritas Software, KVS, EMC Legato and E-Vault, and said a number of companies were invited to demonstrate their products for a team that included the vice-president of human resources, legal counsel, IT staff and, most importantly, the compliance officers, who would be the primary users.
Erdelyi said the users liked Fortiva’s Microsoft Outlook-like user interface and the search capabilities it offered.
To fulfill their audit requirements, the Fortiva software can randomly select a sample percentage of messages for the compliance officers to review, and highlight certain messages based on the presence of selected keywords. Erdelyi said the browser-based interface is similar in feel to Outlook Web Access.
From an IT perspective, Erdelyi said after a pre-planned upgrade to Microsoft Active Directory, the migration and implementation went smoothly. A Fortiva-supplied appliance connects to the mail server, grabs messages through Active Directory’s journaling function, encrypts them and sends the data to Fortiva’s data centre for indexing and storage.
“We were fairly cautious and spent a lot of time designing the infrastructure, but once it was in place the actual rollout was very quick,” said Erdelyi. “It was pretty much out-of-the-box.” Fortiva’s CEO Paul Chen said his company’s encryption sets their offering apart. Dubbed Double Blind encryption, the encryption key resides on the appliance in the customer’s server room.
“That allows us to indemnify our customers that we can never see their e-mails, even though we’re storing all their data for them, and at the same time make all their data searchable for them,” said Chen.
Between its Canadian data centre, co-hosted with Q9 Networks in Toronto, and another data centre in Houston, Fortiva is archiving 20 million customer e-mails a month and counting, Chen said. He added that while regulatory compliance is a major consideration, he sees the risk of litigation as an even bigger driver.
“A lot of companies find it’s much easier to settle a lawsuit than try to find the e-mail as part of the discovery process,” said Chen. “So either you pay the settlement each time or decide to put a proper e-mail archiving system in so you can properly defend yourselves.” Masha Khrnasrtseva, a senior analyst following e-mail archiving for The Radicati Group in Palo Alto, Calif., said companies are offering two types of products: boxed offerings and hosted offerings.
“The capabilities they offer are pretty much the same,” said Khrnasrtseva. Which way to go depends on the resources and desires of the company. A company may want the control of managing the system internally and be able to make the up-front investment, or it may not want to dedicate internal IT resources to it and prefer the smaller upfront cost of a hosted system.
Khrnasrtseva points to companies like Zantas, Symantec and EMC as leaders in the e-mail archiving space, but she said Fortiva is on the radar screen. “They’re a good company, but they’re not the biggest company in the space right now,” said Khrnasrtseva.