The vendor community quickly responded but, as it turned out, there are many facets to manage and many ways to accomplish it. In addition to the storage and backup issues, litigation cases and government and industry regulations quickly brought home the fact that messages are business records and are subject to the same retention requirements as other business records. And the need for better archiving approaches quickly became evident when companies had to sift through millions of messages to satisfy legal discovery and regulatory audit requests.
And that's not mention the need filter messages for privacy violations, offensive material, and sensitive or proprietary information.
The Radicati Group recently released a new report to help enterprise users make sense of these products and align their requirements with a particular approach to message compliance management.
In the August 2005 Messaging Technology Report—An Overview of Compliance and Policy Management Solutions, Radicati senior analyst Masha Khmartseva says that a good compliance solution should help companies do four things:
- Detect all relevant messages using keywords and phrases, recipients, domains, attachment types and other parameters established by the company (To those other parameters, I might add senders).
- Retain copies of all relevant messages in an archive store where they can be retained for a specified period of time (To that I might add securely retained with records of who accesses the archived messages).
- Manage all retained messages by offering search and retrieval capabilities.
- Prevent non-compliant messages from going out (And from a security standpoint, I'd suggest also preventing them from coming in).
And Khmartseva goes on to list key features that should be present within the main capabilities of detection, retention, management and prevention.
The vendors that offer these capabilities come from different market segments. An anti-spam vendor might be able to offer a suitable filtering capability but might need to partner with another vendor to meet the archiving requirements. And while e-mail compliance management might be the strong point of one provider, another vendor specializing in IM management might have to be brought into the mix.
Then there are the security providers that provide compliance management capabilities and pure-play compliance vendors that focus on policy management and meeting the requirements of select regulations.
As Radicati's Khmartseva points out, the good news is that vendors from all these arenas are partnering to offer more complete policy and compliance management or make sure that their products work together. The report also profiles a select group these vendors.
Visit the Radicati Group website to order a copy of the report.Confused about the expanding array of products designed to help manage messaging policies and compliance? A new Radicati Group report helps break down this evolving market.