As a mere lawyer, I struggle to understand from a technical perspective how to implement e-mail retention policy in a larger organization across many years. Legally, the organization may – due to litigation hold or other factors – have incentive to store some (maybe a lot) of email a long time, more than five or seven years.
Legally speaking, the biggest mistake with e-mail records is to destroy them too early. That could be spoliation. So why not delay destruction a long time?
In theory long-term storage of much e-mail should not be expensive because the cost of raw storage is dropping. However, IT folks in my SANS courses argue that the cost of storage media is not the key issue. They argue the overhead associated with massive storage is high (they bring up things like expensive disk arrays).
Is cheap, slow storage technically feasible? As I craft records management policy, I’m not looking for something that pulls up records quickly. I’m looking to store records that the enterprise rarely accesses, if ever. I’m just looking for something that is cheap and prevents the enterprise from erasing something it might eventually need.
I consulted Greg Smith, email archival expert at Messaging Architects. Greg introduced me to “content addressable storage.” According to Greg, “CAS stores records, like archives, that are not to be updated. It takes advantage of the ever-declining costs of media and hardware. It avoids the operating system and management overhead associated with conventional disk storage. It stores records in an evolving ‘data cloud,’ where you add and remove generic, off-the-shelf hardware as desired. It avoids the need and expense for backup. Today, an organization can store a gigabyte of data for $10. Tomorrow the cost will be lower.”
Messaging Architects sells a version of content addressable storage, which it calls M+SecureStore. SecureStore supports a cluster approach to hardware, where devices are efficiently added or removed as needed. It could allow an aggregation of data records for many years, while eventually allowing records to be destroyed in large chunks. For example, SecureStore might keep e-mail archives aged four to 10 years. Then, as all the records from the 10th year complete the 10th year, they could be destroyed as a group.
Content addressable storage might be used either in-house or in the external cloud (where the service level agreement calls for relatively slow system response in exchange for lower cost).
A legal issues instructor at the SANS Institute, Mr. Wright is a strategic advisor to Messaging Architects, experts in ediscovery audit. Here is an ARMA podcast describing Messaging Architects' work in e-mail archiving, including its workshop (led by Mr. Wright) for development of an email records policy in an enterprise.