TORONTO – Microsoft is experimenting with a potential product that would give companies more control over the electronic messages their staff exchange in order to better meet regulatory requirements and e-discovery laws.
The product, which has been informally dubbed Employee Managed Mailbox (EMM), is being used internally at Microsoft and may eventually turn into a commercial offering, according to Joel Freedman, chief financial officer at Mississauga, Ont.-based Microsoft Canada Co. Microsoft is conducting a cross-Canada roadshow about compliance issues and met with customers and partners downtown Toronto on Tuesday.
“Instead of e-mail that would be utilizing the hard drive, you’d have e-mail that gets managed by a server,” he said, adding that a server-based product could help companies do a better job of adhering to compliance-related policies. “You could have a one-month, one-year or three-year limit on retention (of an e-mail message) for example.”
Freedman suggested EMM could become a direct way for Microsoft to assist corporate enterprises who are struggling to keep up with accounting, privacy and other rules that increasingly govern the way they handle information. Although some vendors are developing specific tools to match the requirement of the U.S. Sarbanes-Oxley legislation or Canada’s Bill 198, many firms, Microsoft included, are making the best of existing office productivity tools to keep themselves out of trouble.
“For most companies, it’s Office and e-mail,” said Jeff Dunmall, principal with Toronto-based IT consulting firm iMason, which specializes in Microsoft-based technologies. “The problem is if you send out something about a new process via e-mail to five people for comment or approval, you’ve suddenly got five different versions of that document.”
A better approach, he suggested, was using Microsoft’s SharePoint portal to store and exchange comments on a document.
Dr. James McKeen, a professor of IT strategies at the Queen’s School of Business in Kingston, Ont., who has been a part of Microsoft’s series of compliance events, said compliance is challenged not only by costs but by what he called complementarities – enterprises need one product already deployed before another product or element of the compliance project will succeed. A lot of companies also make the mistake on measuring the anticipated benefits of a compliance project, rather than the actual realized return on investment.
That said, McKeen said vendors are getting better about providing the kinds of tools companies will need to obey the regulators.
“It used to be mostly a case of retrofitting existing products to meet the compliance process,” said. “Now you’re seeing a lot more that’s being built right out the box.”
While Freedman said he could not imagine not owning the compliance responsibilities for his company, he said IT departments play an important tactical role in helping define requirements and implementing the right product. Although some IT professionals have complained about their compliance chores, McKeen said others take a “perverse” pleasure in it.
“A lot of these projects involve standardization and consistency of procedures and data,” he said. “Anything that drives standards is singing the tune of it.”
IT departments also have to be on board to make sure that projects don’t just meet compliance needs but also benefit employees in some way. “There has to be an advocate for the end user,” he said.