Osterman Research

The Impact of Storage on UC

By Michael Osterman
in

We are currently wrapping up a major survey on unified communications (UC). One of the survey respondents, who works for a government agency in Florida, had some interesting comments on UC and archiving from his perspective as an experienced IT person charged with managing messaging infrastructure:

“We have Florida Statute 119 the “Sunshine Law.” Although email, IM [and other electronic communication] should be treated like paper communications, in actuality, we end up keeping all electronic stuff forever. Our storage has spun out of control. Because it is so easy for the user to keep it they do.

Unified Communications would force us to keep all the faxes, voicemails, IMs, as well as our more than seven million emails we currently have and can’t get rid of. Management of that data and, more importantly, the searching of that data is a deal breaker for us.

Archiving technology actually increases the burden. The easier it is, the more [users] want it and the less they try to manage their email, files, etc, based on the parameters of Florida law. Why clean up my email when you are going to keep it all for me? Then, when something comes up, they all turn to IT. Our legal team looks at a “keep everything” approach simply because of the ease. They don’t take into consideration the cost and management of all the data.

Because our rules are not based on age, but first on the type of content THEN age, each message (or other object) must be evaluated individually. IT can’t read something to determine how that one email should be handled and no one else wants to spend the time to do it either.

With that in mind, most people in the local government sector in Florida are not attracted to UC in their shops. There isn’t a tool in place to make it work easily.  About the only think I can think of is forcing retention stamping as soon as it is accessed—a disposition code must be added to every single item so it can systematically be purged or retained.”

There are a couple of lessons to be learned from this individual’s experience:

  • First, deletion policies are just as important as retention policies, since content that is no longer needed but kept anyway adds to the cost of storage, adds to the legal and regulatory liabilities faced by an organization, makes search more time-consuming and expensive, etc. Far fewer organizations have deletion policies than retention policies.
  • Second, in the absence of good deletion policies and overall good storage management practices, UC will face an uphill battle in many organizations. If IT administrators are given the option of simply adding to their storage management burden by adding UC to the mix, few will be receptive to the idea.

Many thanks to the individual who provided his insightful comments and experience.

Published August 30, 2010

An Archive as the Hub of Your Communication System?

By Michael Osterman
in

Today’s communications infrastructure consists largely of a set of independent tools, each with its own independent data store: email, voicemail, instant messaging, social networking, wikis, blog posts, Web conferencing and SMS/text messaging. While useful, this disparate collection of tools creates a number of problems:

  • If you need to find something for something as formal as e-discovery or as simple as finding a contact name, you have to search across multiple data stores to find it.
  • Placing a legal hold on data means doing so on multiple data stores.
  • Correlating different communications streams and looking for content across all of them is difficult and so time consuming that most users won’t attempt it.

However, what would happen if all of your communications—every email, every attachment, every instant messaging conversation, every text message, every Tweet, every Facebook post, every voice message, every online meeting session, etc.—went directly into an archive upon receipt, send or completion?  That would mean that everything you did online would be automatically indexed in real time or near real time and be almost instantly available for later access.  If communications systems were architected like this, it would have two important implications:

  • First, archiving would be baked into the communication infrastructure and wouldn’t be the bolt-on option that many decision makers today consider it to be.  This would make e-discovery, legal holds, data mining and storage management significantly easier than it is today in organizations that have not yet implemented archiving.
  • Second, users would no longer need to have a distinct email client, social networking client, instant messaging client and the like. Instead, they would have a single client or Web portal that would provide a view into the real-time archive of content and extract relevant information. For example, instead of using an email client paradigm to which social networking or presence information is added, the client or portal might be more akin to Facebook or iGoogle, presenting users with any or all of their communication streams.  This would make communication significantly easier, since users could be presented with a list of current communication streams that would show emails, instant messaging conversations or relevant social networking posts in order of receipt, relevance, subject, etc. Users could define how they would want information presented based on their mood, the time of day, with whom they were interacting at that moment, etc.

This approach to communication really wouldn’t require new technology, since everything is in place right now to make it a reality.

I’d appreciate getting your feedback on this idea.

Published August 23, 2010

What, Me Worry?

By Michael Osterman
in

Well, yes you should if the following types of actual Twitter posts could occur in your company:

  • “I love to see when my boss is drunk and its 8:30pm (@[COMPANYNAME REMOVED]) [MAP TO COMPANY LOCATION REMOVED]”
  • “I just forged a dispatcher’s wife’s signature on papers to close on a house…smh”
  • “I had to tell a client that if he didn’t fill out this form then I couldn’t give him money for his job. I lied but I had to get that form.”
  • “Stupid HR manager with his freaking slow payroll system!”

The problem is not limited to Twitter—Facebook, LinkedIn or any of the thousands of social networking sites and Web 2.0 applications that increasingly find use in corporate environments could result in data leaks, the spread of confidential or sensitive information, embarrassment, loss of reputation, fines, lawsuits or other fairly negative consequences. In fact, FINRA Regulatory Notice 10-06 clearly spells out the duties and requirements for protecting against unauthorized tweets, Facebook posts, LinkedIn testimonials and other problem content when social networking tools are used by brokers and others in the securities and financial services industries. Even inadvertent, personal observations can land an individual and a company in very hot water, as was the case when a representative of the Ketchum PR agency tweeted his personal observations about the city of Memphis right before presenting to an influential group at FedEx, Memphis’ largest employer.

There are a growing number of offerings focused on addressing this problem. The most recent addition is FaceTime, which today launched its Socialite SaaS solution, although the company has been providing on-premise solutions like this for quite some time. Socialite is designed to protect against the problems that can occur in social networks, including data leaks, unfettered employee access to all of the features in social networking tools, posts that are sent without first being checked for compliance with corporate policies, etc.  Socialite also logs conversations and content on social networking sites, archives this content, and applies identity management so that users can be tracked to a single corporate identity across all of the tools they use.

FaceTime is offering Socialite as both an on-premise and a SaaS offering, as well as offering hybrid deployments of the system.  Pricing for one hundred users is $50 per seat for the on-premise version and $12 per seat per month for SaaS.

Published August 16, 2010

A Principle of Manufacturing Applied to Security

By Michael Osterman
in

One of the basic principles of manufacturing a product that loses weight is to produce it as close to the source of the raw material as possible. For example, producing lumber is a process that involves cutting away from a log everything that doesn’t like 2x4s and the like. Instead of shipping over great distances what will eventually become sawdust, lumber producers opt to manufacture lumber as close as practical to the source of the raw material so that they can reduce their transportation costs. There are exceptions, of course – such as those who ship water from Évian-les-Bains, France or Fiji—but most manufacturers adhere to this principle.

The same applies to email security. Because at least 75% of the email traversing the Internet is spam or malware and even less valuable than sawdust, it makes sense to remove it from the desired end product as close to the source as possible. That’s why many organizations have opted to deploy hosted email security either as a replacement for their on-premise email security infrastructure or as a supplement to their on-premise systems.  By allowing a hosted provider to cut away the garbage long before someone must pay to transport it to its final destination, bandwidth requirements are reduced both in the internal network and across the Internet as a whole.  Add to this the reduced requirement for on-premise storage of spam and malware as a further means of reducing costs and an added benefit of the hosted model.

There are a few different ways of realizing the benefits of a hosted model, each of which has various advantages. You can go completely with hosted and totally eliminate any on-premise infrastructure, you can opt for a homegrown hybrid approach in which different vendors provide the hosted and on-premise components, or you can go with a hybrid system offered by a single vendor. An increasing number of security vendors are offering integrated hybrid approaches.

We are about to publish a white paper that compares the homegrown and integrated hybrid approaches and will be announcing it shortly.

Published August 2, 2010

Should Archiving Be Part of Your Security Strategy?

By Michael Osterman
in

Osterman Research has just published Content Archiving Market Trends, 2010-2013, an in-depth analysis of the market for electronic content archiving.  Among the things we examined in that study was the role of anti-spam capabilities as they relate to archiving.  Here’s some of what we found:

  • One-third of mid-sized and large organizations archive all email, including spam, for fear that their anti-spam system might generate false positives and thereby filter out valid email that should be archived.
  • Nearly two-thirds of these organizations believe that being able to filter spam from archived search results is important or extremely important.

These results beg two important questions:  first, do anti-spam capabilities need significant improvement so that false positives are much less of an issue than they are today; and second, should archiving be part of an organization’s security strategy?

The short answer to both questions, of course, is yes.  While there are a number of very good anti-spam solutions available, not all of them are created equal.  Some solutions generate a relatively high number of false positives, meaning that some valid email ends up in spam quarantine where it is invisible to an archiving system.  Users can usually get into the quarantine and flag these false positives appropriately, but that doesn’t always happen, either because users miss these emails among the mass of true positives, or they are not allowed into the quarantine because of IT department policies.  In an interesting meeting with BoxSentry recently, I saw some interesting stats on the efficacy of various anti-spam solutions on the market and noted the wide variability in their false positive performance.  BoxSentry’s goal is to get as close to 1 in 400,000 false positives as they can, a target that was established by a Gartner analyst a couple of years ago.

For the second question – should archiving be part of an overall security strategy – there’s no doubt that it should be.  Archiving is a critical best practice, notwithstanding the fact that most organizations today do not truly archive their email or other electronic content.  Even so, as organizations do choose to deploy electronic content archiving, they must seriously consider the ramifications of it on their security architecture and vica versa.  It’s important that an anti-spam system not be permitted to remove valid email from the data stream reaching users without the opportunity to archive that content at some point.

Published July 27, 2010