Advanced search

Main

Technologies & Electronics

Internet

E-Mail Management

Publications

Business, Finance & Insurance (35706)

Consumer Goods & Retail (127031)

Databases & Statistics (27)

Education & Consulting (0)

Industry (87698)

Healthcare, Pharmaceuticals & Biotechnology (58540)

Services (0)

Government and Public Sector (553)

Technologies & Electronics (91477)

Computers and technology (20189)

Electronic Devices (5781)

Media (2012)

Telecommunications and networks (42547)

Software & Services (2955)

Semiconductors (2843)

Hardware & Equipment (8381)

Internet (6769)

Company reports (70860)

Country reports (2187)

(Currently 512486 Items)

Partners

Internet / REPORT INFORMATION

E-Mail Management
Date	Sep, 2004
Pages	224
Price / format	€1605 / Electronic (PDF) €1766 / Site License €3210 / Enterprisewide

€1 605

Report Information | Custom-Tailored Research | Product Trade Lead

Abstract:
Why is E-mail Management Needed?

E-mail is everywhere, and is used by almost every organisation – as well as many home users. Organisations that depend on e-mail for their business communications (exchanging documents, such as Purchase Orders) find that the speed and cost-effectiveness of e-mail make it an essential part of business. E-mail also plugs in to many enterprise systems (allowing the Purchase Order to be quickly pushed through a database into a sales system, for example).

The problem is that although e-mail is apparently very simple to use, it is also extremely difficult to manage effectively – one reason is the sheer amount of mail that moves in and out of the typical organisation every day. Employees misuse e-mail, and often send it out without checking it for errors or sensitive content, and because e-mail plugs in to so many systems it is a prime channel for hacker attacks, viruses, and similar problems to enter the network.

The E-Mail Management Report looks in detail at the problems surrounding this apparently easy-to-use technology, and in addition to the Management Summary features the following:

The key findings from the Report can be summarised as follows:

- It should not be assumed that end-users realise the implications of deleting e-mails – which could ultimately be a large fine for the organisation or a prison sentence for the CEO.
- Compliance is not just about retaining e-mails, it is about having the ability to retrieve them.
- A high proportion of an organisation’s knowledge capital is contained within e-mails, and yet is largely unavailable to support business decision-making.
- A healthy e-mail system is vital to the wellbeing of the organisation.
- Transmitting sensitive information over the Internet by the equivalent of a digital postcard could lose you your job or even worse your business.
- E-mail is a person-to -person communication channel, which is a valuable business tool, but it needs the appropriate policies and management technologies in place to manage it effectively.
- E-mail should not be regarded simply as an IT problem, yet organisations are throwing IT solutions at a business problem, which is a short-term fix for a long-term problem.
- Hotmail accounts do not equate to an e-mail disaster recovery plan.
- Theft of sensitive corporate information via e-mail is rife in organisations.
- It is believed that few organisations have an effective strategy in place for e-mail management, and are therefore exposing themselves to a major but preventable source of risk.

BUSINESS ISSUES
This report regards e-mail management to be very much a business rather than an IT issue, but sadly this view is not shared by many organizations, which continue to simply throw technology at the problem. We believe that the approach they should be taking is to examine the business reasons behind the problem and to investigate the business implications of any proposed e-mail management solutions.

Sadly, while realizing that e-mail has become a business-critical application and a valuable tool, most Boards fail to realize that it can also be highly dangerous if used inappropriately. E-mail is now accepted as evidence in litigation, and most large organizations are asked to retrieve historic e-mails on an almost daily basis for litigation or regulatory purposes. There is a general failure to appreciate that the buck ultimately stops at the top of the organization and it may be the Chief Executive Officer (CEO), Chief Information Officer (CIO) or Chief Technology Officer (CTO), who will be held responsible for non-compliant or illegal e-mails. The punishment for misdemeanors is at best a fine, or at worst a prison sentence (in the case of Sarbanes-Oxley), brand damage, and possibly a loss of job.

One way to assess the level of awareness amongst the Board is to ask the members whether they are aware of the nature of the e-mails being sent by their employees. Very few would be able to provide an accurate answer. It is therefore imperative that e-mail management is taken out of the hands of employees.

Acts of non-compliance have to date been treated with fines by regulators, which have been well within the budgets of the organizations involved, but there are indications that the authorities are going to become much more stringent. It is only a matter of time before a fine is levied that will harm the organization involved, or worst still that someone will face a custodial sentence due to content that is discovered within an e-mail. It is inevitable that as the punishments for non-compliance become harsher, heads will roll.

It is interesting to note that many non-compliant actions involve e-mail, and it is our opinion that this is because e-mail retention is a requirement of many different pieces of legislation and regulation (some explicit, and others implied). These include The Data Protection Act 1988, The Freedom of Information Act 2000, Basel II (Capital Adequacy Directive), Companies (Audit, Investigations and CE) Bill, SEC 17a-3/4, NASD 3010/3110, Dept of Defense Directive 5015.2, and Sarbanes-Oxley Act. In addition, the Financial Services Authority (FSA) demands the retention of e-mails for six years.

There are numerous examples of breaches of non-compliance related to e-mail, and to date most of these have occurred not because of the content of the e-mails themselves, but due to the fact that the organizations involved were unable to retrieve the e-mails requested within the timescale demanded. Examples of non-compliance include:

Five US banks that were fined US$1.25 million each for being unable to retrieve e-mails that were demanded of them – they were stored on back-up tapes.
One Fortune 500 company had to spend US$750,000 to locate e-mails from an archive in response to a subpoena for discovery.
In the UK, Norwich Union was forced to make an out of court settlement of UKЈ450,000, after it was found that staff had been sending defamatory e-mails about a competitor. By the time the writ had been issued the e-mails had been deleted.
Ciba-Geigy, the pharmaceuticals company, was forced to search through 30 million e-mails for a court case, after arguing that the task would be too onerous and time consuming.
Stuart Rose the Marks and Spencer CEO will have his personal e-mails inspected by the FSA as part of its investigation into insider dealing.
In other cases organizations have preferred to pay the fine rather than search through millions of e-mails.
Most worrying in our opinion are the results from a recent survey of IT Directors from 100 UK-based companies by Vanson Bourne for Adaptec, which found that 47% of IT Directors would not be able to retrieve an e-mail more than three years old. In the financial sector, where e-mail needs to be retained for six years, this figure was 25%.

If Board members are not aware of the content that is being sent by employees in e-mails, they will certainly not know that the theft of corporate information via Web-based e-mail accounts is rife within organizations. Orchestria implemented a pilot using its policy management application for a potential client, and discovered hundreds of instances of staff sending corporate information outside the company via Web-based e-mail accounts.

The most common time for employees to steal information is just before handing in their notice, with the major beneficiary being the new employer. This shows a terrible lack of awareness at board level of the actions of employees in causing security risks at the least and competitive damage in the worst cases. It also demonstrates a total lack of control of the e-mail system.

E-mail is a very powerful tool, but used incorrectly it is a highly dangerous weapon, which can ultimately destroy an organization.

TECHNOLOGY ISSUES
Although the business nature of e-mail management has been stressed, there is a role for technology as well, it is imperative that the CIO/IT Director is involved with a business nominee in the management of e-mail. In our opinion, e-mail management is a mix of business strategy supported by technology.

Although the corporate e-mail system is now regarded as a business-critical application, being an integral part of so many different applications, it is often not treated in the same way as other business-critical systems.

Although the business may not grind to a halt immediately if users cannot send e-mails – there are other forms of communication - it may not be able to function if the e-mail system is integrated in business processes, or the e-mail client is used as the user interface of another application, or as a ‘to do ‘ list.

It is vital that the e-mail system is accorded the same type of treatment as other business-critical applications with high availability measures put in place such as clustering and failover, as well as disaster recovery provision. It should also be included as part of the business continuity planning.

Too many organizations are relying on Hotmail or other Web-based accounts as a back-up contingency to send e-mails should the corporate e-mail system go down. This is dangerous both in terms of the lack of accountability of the content sent via these accounts, and also because it does not address the wider issue of support for applications that require the e-mail system.

The functionality of corporate e-mail systems is expanding as new features are added to provide, for example better collaboration, but these systems are lacking in what we feel to be fundamental functionality. This includes basic security features such as anti-virus protection and anti-spam filtering, and some form of content control to limit the content of e-mails delivered to the vulnerable. Therefore in order to create an e-mail management solution, organizations need to implement additional functionality. This includes security products such as anti-virus, anti-spam, and content control measures, an e-mail archive if e-mails are to be retained, and possibly policy management solutions.

There are also other technology elements to take into account such as storage. In the past organizations tended to throw IT solutions, in the form of additional storage resource, to solve what is really a business issue of the growing size of mailboxes. Attempting to limit the size of mailboxes will not work in an environment where an increasing number of organizations will be required to retain e-mails. It cannot be assumed that employees realize the implications of deleting e-mails, or even which e-mails need to be retained, and this task must not be left in their hands. Organizations must turn to a combination of technology and business policies to manage the problem of growing mailbox sizes by implementing Information Lifecycle Management (ILM).

ILM is about implementing policies to manage the lifecycle of information from creation to deletion to ensure that it is stored on the medium most appropriate to its value and age. This may involve moving e-mails from on-line storage, to near-line storage, and finally an archive, with retention periods and disposal schedules put in place if appropriate.

MARKET ISSUES
There are a number of different approaches to implementing e-mail management. The first is to purchase all of the applications required taking a best-of-breed approach, using the solutions from the vendor in each category that provides the functionality that best meets the needs of the organization. Another approach is to use a bundled solution from a single vendor that provides functionality in more than one category. Alternatively outsourcing e-mail management is another option, and one that is more affordable for some organizations.

Because of the sheer size of their respective markets, the two predominant players for corporate e-mail systems, and therefore e-mail standards will be IBM and Microsoft.

E-mail is no longer just a communication tool; it is now recognized as part of the information eco-system. In addition, the compliance and litigation agendas are defining e-mail as constituting records. Thus e-mail needs to be managed as all other content with a lifecycle. This provides the opportunity for the large ECM vendors to be the major players in the lifecycle of e-mail. IBM and Documentum are already playing a leading role in this market, but Microsoft needs to strengthen its ECM capabilities if it is to catch up.

To provide a resilient e-mail management solution, organizations need to implement a selection of applications to support the corporate e-mail system. This will most likely involve implementing solutions in three categories:

Policy Management – most likely a dedicated solution that allows policies to be implemented to manage the content of e-mails and block non-compliant messages.
Security Management – including anti-virus software, anti-spam filtering, content control, and possibly image control.
E-mail archiving – either a dedicated e-mail archive or a Records Management solution if e-mail needs to be retained with other information.
We feel that the failure of the corporate e-mail vendors to provide a holistic solution for e-mail management is providing the ECM vendors with the opportunity to step in and provide much of the missing functionality required for a total e-mail management solution. For this reason Microsoft and IBM will be the only guaranteed survivors in the corporate e-mail system market.

IBM, Microsoft, and Oracle are moving to store e-mail directly into relational databases rather than a proprietary format, and this will be another clear opportunity for ECM vendors to use their tools to manage all content, including unstructured e-mail, within one environment.

Organizations need to regain control of their e-mail systems, and it is our belief that it will be the vendors that provide e-mail management as part of a total information management approach that will ultimately own the corporate e-mail systems.

Table of contents:
Management Summary
1.1. Management Summary

Introduction
2.1. Introduction
2.2. Report Structure
2.3. The Business Drivers for Electronic Communication
2.4. Potential Problems Faced by Organisations Using E-mail
2.5. Regulatory Issues

Corporate E-Mail Systems
3.1. Business Issues and Benefits of Deployment
3.2. Features and Attributes of an Ideal Corporate Messaging System
3.3. Technology Features of Major E-Mail Systems
3.4. Limitations of Corporate E-Mail Systems

E-Mail Policy Management
4.1. Business Issues and Benefits of Deployment
4.2. Technology Features
4.3. Vendors with Solutions in this Area
4.4. Who Would Benefit – Vertical and Horizontal Markets

E-Mail Security
5.1. Business Issues and Benefits of Deployment
5.2. Technology Features
5.3. Vendors with Solutions in this Area
5.4. Who Would Benefit – Vertical and Horizontal Markets

E-Mail Archiving
6.1. Business Issues and Benefits of Deployment
6.2. Technology Features
6.3. Vendors with Solutions in this Area
6.4. Who Would Benefit – Vertical and Horizontal Markets

Knowledge Management and Collaboration
7.1. Business Issues and Benefits of Deployment
7.2. Technology Features
7.3. Vendors with Solutions in this Area
7.4. Who Would Benefit – Vertical and Horizontal Markets

Management Strategy for E-Mail Management
8.1. Management Strategy
8.2. Best Practices for E-Mail Management
8.3. E-Mail Outsourcing
8.4. Optimum Solutions for the Small to Medium-sized Enterprise Market

Futures
9.1. The Future of E-Mail Management

Case Studies
ABB Ltd
Fujitsu Services – Email Systems
Irwin Mitchell
Somerfield – KVS Enterprise Vault
University of Central England

Vendor Profiles
Akonix
Aungate/Autonomy
AXS-One
BlackSpider Technologies
Centra
CipherTrust
Clearswift
Computer Associates
Convera
DespachBox
Documentum
Email Systems
EMC
Extended Systems
Groove Networks
Hummingbird
IBM
InTechnology
Interwoven
Iron Mountain
IronPort
Kubi Software
KVS Inc.
Meridio
MessageLabs
Microsoft
Mirapoint
Novell
Omniva
Open Text
Oracle Corporation
Orchestria
SealedMedia
Sendmail
StorageTek
Sun Microsystems
TOWER Software
Tumbleweed
VERITAS
Vignette
Workshare
Zantaz

Glossary

Order this report

Product Trade Lead

0 leads found

Add New Buy/Sell Lead