Successful IT Projects: Getting What You Want

Media reports are awash with stories of information technology systems and infrastructure projects gone wrong and cost overruns. This creates an impression that significant IT projects are 'risky', particularly in tough economic times where the emphasis is for IT departments to make the most of their information technology budgets.    

Whilst the success of an IT project can never be 'guaranteed', particularly if it is a complex project, the risks of failure can be greatly reduced, and acquirer's ability to mitigate the consequences of failure greatly enhanced, if that acquirer has satisfied each of the following steps:

1. Scoping the project before approaching the market

If an organisation does not have a clear sense of the outcomes it requires (functionally and otherwise), then inevitably it places greater reliance on the supplier to provide or deliver those outcomes. In such a case, it should never be assumed that the supplier's interests and objectives will be aligned with those of your organisation. A supplier will seek to supply a solution that meets its understanding of the requirements but also maximises the returns to it.

Further, if the customer is relying on the supplier's expertise not only to supply the solution/system, but also to determine what the solution or system should be, it becomes harder for the customer to manage project scope and costs.

The customer should therefore take time to determine what it requires, what is available, and whether the available solution(s) and systems are compatible with its requirements. If your organisation does not have that expertise internally, it could engage a consultant to assist with this process, or undertake a 'request for information' process – a precursor to a request for tender or proposal in which the customer seeks information about possible solutions or systems from the market.

2. Due diligence of suppliers – will the supplier see it through?

Whilst price and technical compliance are clearly important elements in evaluating a proposal or offer from a supplier, the history of IT projects is littered with examples of suppliers offering outstanding solutions or pricing that are too good to be true. The result is that such suppliers are not able to deliver on the solution, either because their proposals are not matched by their capabilities, or they lack financial substance.

Customers need to insist that prospective suppliers demonstrate both technical capability – regarding expertise and depth of resources – and solvency. To the extent that there is doubt on either front, customers should either steer clear of the suppliers, or require that those suppliers produce financial and/or performance guarantees. However customers must then ensure that the guarantor(s) has the capability and solvency that the supplier may lack.

3. Avoiding standard supplier contracts

Increasingly, many suppliers – particularly the large suppliers – are insisting that they will supply goods and/or services only subject to their standard supplier contracts. This may occur even where the supplier is responding to a request for tender.

Not surprisingly, standard supply contracts contain terms that are geared to maximise the supplier's position, usually at the cost of legitimate protections and rights for the customer. However, more fundamentally, if a customer accepts a standard supplier contract, it also accepts that its project will proceed in a manner that is largely mandated by the supplier, and is subject to the supplier's processes.

That may not be what the customer requires. For example, it may wish to ensure that the project is subject to its own project management and governance processes, and it may want to tie payment of fees to receipt of actual outcomes and benefits.

Therefore, at best, customers should challenge the notion that it must engage the supplier under the supplier's own terms. Naturally, if customers want to avoid supplier terms, they will need to develop their own template agreements.

4. Incorporating appropriate governance, reporting and oversight processes

A common feature in projects that 'come off the rails' is that problems or delays identified by one of the parties are not raised with the other party, then discussed and actioned in a forum that enables quick and effective decisions to be made about how to address that problem or delay(s). In many projects – particularly more complex projects – the prospect of unforseen matters and delays is relatively high.

However in the absence of an effective reporting, oversight and governance process, there is a real possibility that one party – usually the customer – will be kept in the dark about the existence of problems and delays, and may only find out about them at a point where the project is delayed, or where the costs have gone well beyond budget.

Appropriate governance will not of itself ensure that projects proceed smoothly, but transparency and effective communication will enable both parties to be more proactive as to how they address problems and delays. IT project contracts should therefore incorporate measures such as mandatory periodic meetings of project principals, and periodic reporting of progress and issues (which also tracks action taken on past issues raised). In projects of strategic importance to the customer, measures such as a governance committee, comprised not just of project principals but also other stakeholders of the party, would be worthwhile.

5. Tying payment to achievement of required outcomes and timeframes

For an organisation that has embarked on a business-critical or expensive IT project, there may be two nightmare scenarios.

It could be that the organisation is either contractually bound to continue paying the supplier for the work it is undertaking (even though the supplier is not delivering the contracted outcomes), or that the organisation has paid the supplier all of the fees and charges due only to discover that the supplier has not yet completed the project. Aside from the fact that the project is not delivered, an organisation in that position has largely ceded all of its commercial leverage: it either has to persevere with its supplier (at additional cost), or cut its losses and potentially have to start again.

From the customer's perspective, the preferable arrangement for payment of fees is that payment of particular amounts is tied to the supplier's achievement of milestones and/or delivery of required outcomes. This is not to say that the supplier should not receive any payment until the project is completed, but that the project should be divided into milestones, with instalments of the overall amount payable then tied to the supplier's achievement of those milestones. The amount received should depend on the relative importance of each milestone.

Nevertheless, the best form of arrangement is one where the bulk of the overall amount payable (at least 50% to 60%) is paid when the project is completed. Instalment payment arrangements do not provide the supplier with much incentive to complete if it has already received 90% of its payment.

6. Proactive contract enforcement

A well-drafted contract will give the customer a range of rights and remedies to address the supplier's failure to comply with that contract. If a customer feels that its proposed contract does not offer it the kind or range of rights or remedies that it would expect, then it should not sign it.

Assuming that the customer has all the contractual 'tools' at its disposal, the question will be which one of those rights it should use in particular cases. Regrettably, many customers feel that exercising any rights given to them to enforce their contract will in some way be a precursor to ending that contract, and so they do nothing. Once again, such an approach cedes commercial leverage to the supplier.

Issuing a notice of default, disputing an invoice and invoking requirements for a party to provide a guarantee are appropriate and usual actions for a customer to take (assuming that it has a right to do so). Customers should not feel that taking such action is a sign of failure. Rather, it should be seen as a proactive attempt by the customer to rectify problems, and a reminder to the supplier that legal obligations must be satisfied, or it will face consequences in the form of financial compensation or other remedies.

If your organisation is contemplating an IT project, it will be the one that has to live with the outcome of that project. It should therefore not be shy about requiring a contract and contracting process that ensures that the outcome aligns with its objectives.

Truth be told, Greg has been busy. With what, you ask? Here's a list of some of the things he's been involved this year: Greg has supervised tons of email archiving deployments, done half a dozen or so GroupWise audits, and assisted a few organizations in their legal discovery quests. At present, he's preparing to speak at the SANS Institute e-Records Summit on "Finding Email Records in the Real World." Not to mention the tidbits of advice on email retention and compliance he has been giving us internally - so we are really knowledgeable in our interactions with clients.

So, you see, Greg has really been awfully busy. However, after a lot of nagging supported by your adoring emails, we did manage to get him to agree to make a live Webex appearance this coming week.

On July 28, Greg will talk about email storage optimization and some of the innovative options you have to tackle this pesky issue. He will share real-life stories from the trenches, the problems our clients face with dealing with storage bloat and why he recommends M+SecureStore to solve them. It's a must-attend event, so reserve your spot now.

Greg Smith is here and now's the time have him advise you on your challenges.

With a view to breaking the logjam, the agency’s CIO invited Messaging Architects to bring its ePolicy workshop to the agency. Believing that she had not been able to get sufficient attention from the Legal Department, the CIO hoped that the workshop – led by an outside lawyer – would motivate more engagement by Legal.

Although the workshop is normally scheduled for two days, the CIO preferred to hold the workshop over only one day. Her objective was not really to have a policy drafted by the end of the workshop.  Instead, it was to break the logjam, get the stakeholders to work together, and to propel them toward final drafting of a policy.

Participants in the workshop expressed some strong, contradictory opinions. One opinion emphasized that each employee should (consistent with statewide guidelines) have responsibility to review each email, delete those that are not official records, and file the others into specified categories. Another opinion stressed that employees do not have the time and will not take the time to review emails in this way; this opinion argued for generous retention of email in an archive system, where it can be found through searching rather than through categorization.

Messaging Architects was represented in the workshop by attorney Benjamin Wright and system engineer Michael Dybala. Their primary role was to facilitate an orderly, informed discussion on e-records law, experiences in other enterprises, and the technical functions of M+Archive.

Agency stakeholders participating in the workshop included representatives from IT, Legal, Operations and Records Management.

After spirited debate, compromises emerged. The group agreed on an outline for drafting policy. At the end of the day, the workshop closed with a commitment between the IT department and the Legal Department to work together to draft that policy in an expeditious fashion.

In many cases, the response from IT has been to deploy complex, costly and fragmented email infrastructures just to keep up with the storage bloat. To further combat this growth, many organizations have also enforced stringent deletion rules such as a 90-day retention policy. The behavioral impact resulting from these policies is often the premature deletion of potential business records or the use of personal archives to maintain data beyond the stated periods.

When personal archiving is used, it moves data off the organization’s production servers and storage to a system-defined location that may include the user’s local machine. The data is then no longer accessible from the corporate messaging system, resulting in idiosyncratic and highly-interpreted data retention, based on end users’ perceptions of what should be preserved. Trying to recover messages as part of an internal audit or litigation rapidly becomes a costly nightmare. All to often data simply cannot be found, or the organization runs the risk of losing critical information when PCs or laptops are refreshed.

In addition, personal archives are not storage efficient. Since they re-create copies of all attachments in each personal archive, data sizes are usually between double and triple of the original size. The increased data, combined with the inability to run centralized searches, adds stress to most discovery requests, which are typically on tight timeframes to begin with. Collecting, processing, reviewing, analyzing, and producing large sets of disparate personal archives for external parties becomes an expensive and error prone exercise in redundancy.

As part of most recent litigations, an organization’s policy definition as well as the consistency of enforcement of this policy is reviewed so as to identify alignment with legal requirements. When daily practices are found to be inconsistent with policies or compliance frameworks, or if relevant data is discovered on other storage locations, it rapidly opens the door to in-depth questioning of what the organization may be trying to hide, or if legal holds are being adequately respected. Attorneys are now well versed in eDiscovery and have very good understanding of the technology at play. Their objective will be to cast a doubt on the preservation practices and the completeness of the data set provided – which if successful, can make the difference between winning a fair settlement and losing a case on technical deficiencies.

This risk is compounded by the nature of the legal hold process itself. Was the hold applied when “reasonably anticipated” and were appropriate actions taken to preserve “all forms” of relevant information, which may include requests to include personal archives. Personal archives represent a subset of e-mail that either was selectively or automatically maintained but is not necessarily captured at the time a legal hold is initiated.

Since personal archives effectively remove data from the corporate messaging system it may well also create questions about the effectiveness of the organization’s legal hold process. If personal archives are part of the ediscovery scope, this data will need to be handled appropriately. This may be stating the obvious but in many cases the consequences and impact are not considered, and as a result fall well outside the organization’s acceptable level of risk tolerance. The trend in litigation indicates a broadening definition of what is a record and what is considered relevant and discoverable. As with backup tapes, which at one point were rarely requested as “in scope,” they are now routinely considered a standard request.

Notwithstanding the philosophical debate which has been ongoing at the academic level, legal hold for email means really preserving all data from the point when “reasonably anticipated.” Thus it should include personal archives if the organization allows for this functionality to exist. Under those assumptions, the email data may be considered potential evidence and even unwillful destruction could be considered spoliation.

Things to think about:

1. Can you defend the effectiveness of your legal hold process?
2. If personal archives are requested, do you have a process to enable production?
3. For every “Send”, there is a “Receive,” What might opposing counsel have that you are not aware of?
4. Are you capable of determining if you should settle before having invested too much time.
5. Does your current setup provide the tools for effective legal strategy planning?

Click here to download a copy of Personal Email Archives: Do They Amount To IT Malpractice?

This case study describes Messaging Architects' recent delivery of an ePolicy Workshop in the offices of an enterprise client. The client is a large, privately-owned construction company. Its employees are spread widely across many locations. Knowing that the company needed a policy on email records management, the IT department discovered that Messaging Architects offers policy development services. The client had not previously done business with Messaging Architects.

The client engaged Messaging Architects to conduct an in-house workshop, with Texas attorney Benjamin Wright as workshop leader. A few days before the workshop started, Mr. Wright spoke with the client by telephone so he could customize the ePolicy Workshop to meet the client’s unique needs.  

Mr. Wright came to the workshop with a prepared agenda, but quickly found that the event took a life of its own, according to the interests and needs of the people in attendance. For the first two hours, the client’s employees in attendance were only from IT. They interacted with Mr. Wright and Messaging Architects representative Osman Baig to understand the issues as they uniquely apply to their enterprise. They also wanted to learn what other organizations are doing on email record retention.  

The group then expanded to include the client’s general counsel, chief financial officer and other officers. The group considered litigation issues and the costs of retaining email. After lively debate, consensus began to emerge around some principles.

A core group of workshop participants then undertook to start drafting language. On the morning of day two of the workshop, an agreed draft policy emerged. The client’s CIO had what he needed. With this policy in hand, a select team, including the CIO and Mr. Wright, presented a briefing to the client’s chief executive officer.

RD: In your experience what’s the primary reason for migrations away from GroupWise?
SK: Half the time, the GroupWise migrations we’ve seen happen have to do with some non-technical, purely political reason. In the other half of the cases, there are serious technical reasons having to do with replacing a messaging platform that doesn’t support a key company application easily.

Another major problem is the lack of Novell talent in the younger generation of IT technicians. They have little or no foundation in Novell technology and are usually unwilling to learn. We have an extremely talented young computer engineer on our team that we are mentoring in Novell technology. However, he is the exception to the rule, as the majority of younger IT technicians and engineers don't see the value in learning about Novell technology and that gives us an edge. In a way, this is one of the things that sets our company apart: our strong technology foundations make learning complex technology much easier for our clients. Plus, we're not biased about technology solutions.

But we make sure our clients are informed about a migration project they undertake. It is our job to ask the tough questions about cost, complexity, and overhead. We bring up all the things they need to consider before embarking on such a project. And we always make sure they fully understand the planning stage, which is more important than the implementation stage.

RD: Does this imply that planning takes a long time?
SK: It really depends on the internal policies of the organization. Some companies want extensive preparation and are ready to invest heavily in having engineers in-house to plan, document, and test the project management plan for weeks on end.

We offer a more efficient and cost effective solution. We set up a small fully virtualized pilot environment, work through the issues we encounter, do small test groups making sure that everything coexists together. When everybody is satisfied, we go ahead and schedule a specific date or period of time when the conversion takes place. In some cases, I believe we've saved our customers thousands of dollars with this approach.

RD: What can you say about your relationship with Messaging Architects?
SK: I think that we share are a lot of common values that make this a mutually beneficial partnership. We are both smaller and flexible organizations that offer solutions to make our clients successful, while also equipping them with the tools and knowledge to better manage their IT infrastructures.

We have had a lot of success implementing M+Archive at client sites, whether to address email archiving and eDiscovery needs or in cases of an email migration. M+Archive allows us to handle email migrations in such a way that only the necessary amount of data is migrated to the new email system, while the bulk remains in an archive repository that is fully accessible to the end users. The technology allows us to handle email migrations in a way that doesn't make it the "project from hell" but allows us to perform 90% of the work without impacting the end users. When all the prep work is done, we can switch them over to the new system quite painlessly.

Clients also appreciate the fact their investment in M+Archive continues to bring them value after they switch to Exchange. Recently, we helped a client upgrade to the latest version of M+Archive from the previous version which they were using on GroupWise. After they migrated to Exchange, we converted their GroupWise XML archive to and Exchange XML archive and they continued to use M+Archive on the new Exchange system.

I think there a lot of opportunities for Messaging Architects' technology and IGTG's expertise.

Founded in 2006, Innovative Global Technology Group (IGTG) helps organizations of all sizes and industries find the right technology solutions in networking, messaging, virtualization, and storage. The two founders, Scott Kunau and Sam Lohrer, who between themselves bring over 30 years of technology experience, joined forces following a clear and simple philosophy: total commitment to client satisfaction by outstanding performance and professionalism.

What makes IGTG unique is their straightforward, tangible, measurable solutions without the fluff, spin, or unnecessary steps sometimes employed by other consulting firms. Their only concern is making sure the solution they offer a client is customized to their needs, exceeding only their expectations, not their budget or the time needed to complete the project. They also empower clients with knowledge transfer to help their IT staff troubleshoot various issues with ease.

What sets IGTG apart from other systems integrators and technology consultants is their extensive skills and hands-on expertise in Novell, Microsoft and Linux environments.

RD: What's your approach working with clients?
SK: One of the things that differentiates us is the fact that we work with clients in a comprehensive way: in addition to the software implementation, we help them with the planning stage, provide training following the deployment, and suggest best practices on managing the solution. We are also able to adapt depending on organizations' budgets, infrastructures, and deployment schedules.

RD: That’s a bit different from the typical approach of professional services, isn’t it?
SK: You’re absolutely right. Many IT consulting firms go into a company, do the project on a schedule they define and leave, perhaps providing documentation, perhaps not. When we work with a client, we insist on providing knowledge transfer and training during and after the deployment as part of the total solution we offer. We want our clients to be as self-reliant as possible while knowing that we are right behind them if they need us.

RD: I agree with you there - one of the strongest complaints we get from clients is the lack of knowledge transfer from consultants. In your case, it's actually part of your professional services engagement...
SK: Here’s an example with a recent email migration from GroupWise to Exchange that we did using M+Archive. The entire new email environment was set up by their IT department in-house. I didn’t physically run any of the installations, but I explained each stage of the project and discussed possible problems they could run into. The internal IT staff was implementing the steps. The result was, they came out of the migration knowing exactly what they had and how to manage it. This way, they are able to do future upgrades themselves and deal with potential troubleshooting. It's also a more cost effective way of using our services.

RD: You mentioned your clients highly value your flexibility. Can you elaborate on that?
SK: A big consulting company comes in, dictates the implementation schedule and then they walk away. Often, the client doesn’t know what was done, there’s little or no documentation, there’s no knowledge transfer and training. The end result is, now the client is married to the consulting company for any problem-solving, upgrades, fixes, additional deployments and so forth, which is their end game.

We work with clients in a way that best suits them. Our clients choose to work with us; they are not stuck with us because they have no other alternatives. For instance, some clients rely on their own expertise for many projects. However, when it comes to GroupWise-related matters, OES, or other Novell products, they turn to us because they know we have the Novell experience they don’t. Just recently, a new client selected us over another integrator because we were willing to approach the IT projects they needed assistance on their terms.

Or another example: a large company with thousands of users needed a GroupWise stabilization, virtualization, and clustering project. Now, I could have completed the entire project in about six to eight weeks, perhaps even less. But the client wasn’t interested in this blitz scenario. They wanted to go slowly, test things thoroughly in a virtual lab, implement changes only in off-hours when everyone was out of the system, schedule changes and upgrades well in advance, get full approval, etc. So the project ended up taking significantly longer, almost eight months. The point is, we are flexible enough to take as much time as necessary.

RD: It seems that while emotionally you have a strong allegiance to Novell products, which you regard highly, you are equally knowledgeable and at ease with Microsoft technologies.
SK: Ultimately, it’s all about the clients and what they are using. That’s why we make sure to stay on top of things, whether we are talking about Novell, Linux, or Microsoft. We have to be ready. And while this may seem likes a daunting task, it isn’t that difficult once you have a strong foundation and the ability to be a quick study. That's why we are able to execute complex and multi-stage projects, such as software upgrades, email migrations, archiving, clustering, data recovery, and compliance without being concerned about the particular operating system or messaging platform.

In part 2 of Scott's interview, he discusses why he recommends M+Archive to his numerous clients in healthcare, government, and education.

However, she did serve as a Clinton adviser in the 1990s, around the same time that the Clinton administration implemented an email archiving strategy to archive email from its Lotus-Notes-based email system. At the time, the Clinton administration implemented the email archiving solution in response to a 1993 court decision that stated that that the president has an obligation to ensure that the emails of senior officials are preserved.

(The Bush Administration later replaced the Lotus Notes-based email system used by Clinton with Outlook and Exchange which wasn’t compatible with the old archiving system, and resulted in the loss of millions of email records, which were later found... but perhaps that’s the subject of another post.)

Over the next few weeks, the Clinton library, run by the National Archives, is expected to release every piece of email that Kagan sent and received during her tenure as a Clinton adviser, approximately 79,000 pages of email in all, to help establish her credibility as a nominee.

If Kagan wins the nomination this summer, she probably has a lot of people to thank. If I were her, I’d add Bill Clinton and his IT team to that list.

The reality is, an actual company reached out to us and requested our help in evaluating their email environment, identifying the risks, and recommending a plan of action towards better risk management. The engagement was not only successful, but received very positive feedback from exec management. We thought we'd extend the service to more clients.

Here's how it works. The auditing methodology identifies 3 types of GroupWise risks based on the level of severity, the urgency to address them, and the IT effort required for an effective implementation: (a) Critical, (b) Important, and (c) To Be Considered.

Using standard analytics tools, such as ConsoleOne and GroupWise Monitor, our GroupWise experts investigate the company's collaboration ecosystem and look at:

• System architecture, fault tolerance & redundancy
• Message routing & delivery
• System security, configuration settings & patch and revision levels
• Retention and data management
• System maintenance, health and manageability

Depending on the results, they make recommendations for improvement through system consolidation and adoption of best practices in email management and risk mitigation. The goal is to help you become more efficient managing your business-critical email system and reduce its vulnerabilities.

Let's face it, new communications and social networking tools or not, email still reigns king. An Osterman Research survey from March 2010 found that on a typical day the average user sends 44 emails and receives 123 emails. For an organization of 1,500 users this means 64.9 million emails in one year. And it's your job to keep them coming and going.

We want to help you get the job done. That's how GWAudit came about. The best part is, you don't have to do the heavy lifting and in about a week you've got a clear plan where you should start first.

Interested? Get the details from our website or just send me an email.

It was a good exercise that forced me to sift through the huge pile of technical documents and marketing collateral looking for the essence. I found it in two words: Reduce and Simplify.

• Reduce email system downtime and productivity losses;
• Reduce risks of lost or deleted email and penalties for non-compliance;
• Reduce the costs of storage and eDiscovery;

• Simplify email lifecycle management;
• Simplify email back-up and storage management;
• Simplify internal and external search and retrieval of email records.

Our customers confirm this. For example, the exchange with Lora coincided with a story I just published on how the University of Dundee is using our archiving solution to roll out a campus-wide email retention and risk management strategy for 28,000 email users. The main benefits they see M+Archive bringing to them are: contain the growing volume of email and storage requirements, address eDiscovery and open records requests quickly, simplify access to centrally archived email.

Jim Finlayson, IT Manager at the City of Grand Junction, also confirms how using our security and archiving solutions allows them to preserve the City’s resources and ensure uninterrupted email system activity while improving employees productivity and disseminating information across the community with minimum IT overhead.

For Mark Hayward of market-leading satellite communications company Comtech EF Data, M+Archive’s value is in its ability to handle eDiscovery requests for intellectual property, contracts, and email records in seconds. This enables him to service his organization's legal needs and maintain a competitive edge quickly and cost-effectively.

Email archiving is not just an IT issue, much more it is a business issue. Retained email records are not IT’s documents, they are records of the business. That’s why the decision-making process for adopting email archiving needs to involve all primary stakeholders, not just IT. When you get everyone one the same page, the “reduce and simplify” IT aspires to easily translates into Success for the whole organization. Then the job gets much easier: while not everyone may understand why reduce and simply is a big deal, they all get Success.

Thank you for taking the time to attend the BrainShare Brewfest and meet the members of the Messaging Architects' client and partner community. Thank you for also sharing your thoughts, ideas, and advice during the evening. I look forward to more informative and engaging conversations in the future.

For those of you that missed it, the BrainShare Brewfest was an evening to remember that took place at Squatters Pub & Brewery in Salt Lake City, where everyone enjoyed a wide variety of locally brewed beer, great food, but most importantly, they had the chance relax and mingle with peers and friends.

Feel free to view the official picture gallery and spot some familiar faces:

Believe it or not, almost a third of all conference attendees made it to the event! Every Brewfest guest received a highly coveted Netmail T-Shirt and enjoyed over 800+ pints of beer and 300+ pints of lemonade served during Happy Hour!

We had fun and we hope you did too!
Sincerely,

Charles Nguyen
Messaging Architects

P.S. Thank you again for making this another successful BrainShare Brewfest event... send me an email if you recognize yourself in this non-official gallery, so we can tag you. You could Win a Secret Prize!

It's great to hear from your clients you're doing a good job, especially so effusively. Naturally, I wanted to know what had prompted Eddie to send this email of "unsolicited praise".

In my case, satisfying my curiosity coincides with carrying out some of my responsibilities. Part of my tasks at Messaging Architects is to keep in touch with our clients, find out how they’re using our email security and archiving solutions, provide them with the occasional direct line to product management or our CEO, get a sense of how the overall relationship is going, demonstrate how companies can mitigate email risks through real-life case studies. Through these contacts I’ve met some really interesting people, as well as gained insights on collaboration in business, government and education.

So I called Eddie Parker and asked him. He was ready with his answer: our products are really helping him do his job well; he actually used "awesome" when describing the technology. But it is what he said next is what prompted me to write this post: Eddie couldn't say enough about the quality of client care and support he has been getting from Messaging Architects for the past 5 years. Every time he had a product upgrade, the Support team would call him proactively and do the upgrade for him. In Eddie’s own words, "Not once did I have to follow up with your support guys, they were the ones following me. And I am always very impressed by their level of expertise and knowledge. It’s a big differentiator."

In the case of Clinton City Schools, 3 technicians support 3600 end users for everything IT: from whiteboard and projection support to video surveillance and security management; from VOIP and telephony to network and desktop support; from email and switches to storage and file servers. Receiving such client care as part of the standard SLA is a big deal for the organization. He concluded our call with "We're pleased, you have a happy customer and we’re ready to share it with everyone." If you want more details, read the Clinton City Schools case study.

The chat with Eddie reminded me of a comment from Jason Piazza, Director of Network Services at Deer Park ISD, whom I interviewed for a case study I published recently. Jason, too, highlighted the superior client care, the personal touch, and the flexibility of the service he received.

Here's what he said: "Working with Messaging Architects was really a benefit to us because we felt taken care of… We always had access to engineers who were very knowledgeable on email management and archiving issues. I liked the training at the end that provided additional insights and free advice on the Exchange management that were beyond the scope of the migration project. And I appreciated the suggestions from the Messaging Architects Exchange expert on fine-tuning our system. It’s not something you often get from the large software vendors."

Another happy client, T.J. Russell from ISD #318, Grand Rapids, MN, is featured on our website: 'The excellent product and superb support are a win-win for your customers."

I can go on, but I think I’ve given enough evidence for us to agree that:

• Messaging Architects' engineers are providing high quality service to our clients.
• Messaging Architects' engineers are flexible and easy to work with.
• Messaging Architects' engineers are highly experienced and knowledgeable beyond the scope of the products they support.

I can safely say I am speaking on behalf of all my colleagues when expressing the pride and satisfaction we share for getting the job done: helping our clients be successful.

Moreover, the big differentiators clients notice, appreciate, and talk about, such as the personal touch, the extra advice, the proactive human interaction, are - at least partially - related to the fact that Messaging Architects is not a "monster technology company," to quote Jason Piazza again. When you are a small, organically grown, privately held organization obsessed with putting the right people at the right place on the bus, it’s not surprising the clients get the right travel experience. It’s not rocket science…

Isn't it a bit paradoxical then that the "caution" industry analysts attribute to our company is that we are “a smaller organization”? It’s not the technology, the sales model, or the client care and support; it’s the size. I hear it regularly because the other hat I wear at Messaging Architects is that of Analyst Relations.

And so I want to end this rather long piece making the case for the "smaller companies" - especially after Nortel, Chrysler, Lehman Brothers... At Messaging Architects, we've been through a few bubbles and ups-and-downs, but we're still here – with innovative solutions, enthusiastic employees, and most important of all: a growing army of Raving Fans.

I think that's a pretty good place to be.

PS I am dedicating this post to my colleague, Stephanie Greenshields, who was relentless and instrumental in setting up the standards of what has become our "big differentiator": exceptional client care and support.

Simply post your question here in the Morris the Magnificent Blog. Every week, Morris the Magnificent will magically select a question or two about GroupWise security, GroupWise archiving, or a general GroupWise question, and conjure up his answer.

Meet Morris the Magnificent

How to Participate:

1. Register by creating a profile below. It's quick and easy!
2. Post your question as a comment.
3. Check back often to see if Morris has answered your question. 

Here is an excerpt taken directly from Osterman's blog:

"…[S]omeone at a company that I follow on Twitter … yesterday tweeted a link to a very derogatory blog post about the CEO of a major software company, and tweeted this under the name of their employer. The blog post discussed the eternal fate of this CEO, implied he probably had multiple mistresses, and expressed the view that he looks like the 'child of Karl Rove and Stewie from Family Guy.' Not very complimentary stuff no matter how tongue-in-cheek might have been the intent of the author."

Funny story, indeed. But… What would happen, hypothetically asks Osterman, if at that same moment an executive of the company that employs the Twitter poster is trying to work a deal with the company whose CEO was denigrated in the blog post? Individual freedom of speech, corporate image and reputation, embarrassment during negotiations all enter into play.

Mike concludes by asking: what's the right balance between individual freedom of expression and potentially negative consequences for the organization an individual exercising this right may be responsible for.

In my mind, Osterman essentially extends the idea of acceptable usage policies – something we, at Messaging Architects, have been preaching for years in the context of email – to usage of social networking tools in the enterprise. The parallels between email and social networking tool usage are easy to detect: just like there are dos and don’ts about how you can use corporate email, so there should be rules and boundaries regarding Facebook, LinkedIn and Twitter usage.

Easier said than done – the social network fabric tends to be way more heterogeneous (not to mention public and harder to both monitor and constrain) than the considerably easier boundary demarcation between work and private email.

As the person managing Messaging Architects' presence in the social networking space, I've found that having separate "corporate" and "private" Twitter profiles works quite well. When I post to the corporate profile – MPlusNews – I adhere to guidelines that are quite similar to our corporate email policy, though I allow myself greater flexibility on spelling and tone in line with the medium character limitations and register. On my personal profile, where I don't identify any company affiliation, I can be more "adventurous" as to whom I follow and what I tweet. In that case, I am solely accountable for the content and I am not a spokesperson for the company I represent.

Facebook, however, is a whole different story – worthy of a separate discussion or maybe a whole series…

There is no doubt social media can help businesses and raise an organization’s visibility – for some useful Tips on using social media for business check out Rick Wagner's Computerworld blog. But there are also risks and liabilities we need to recognize – as confirmed by Osterman's hypothetical scenario. And these completely discount the IT security risks and liabilities related to phishing scams, hacker attacks and other fraudulent threats that all these media are regularly exposed to.

So, in the end, it boils down to training the users and winning their buy-in not through restrictions but through setting the right expectations. Just like with email, the sooner some type of acceptable usage policy with respect to social networking tools is adopted organization-wide, the sooner some of the risks related to preserving the organization's integrity and reputation may be addressed.

Then things changed. The recession brought the need to carve costs out of IT expenditure, take control of eDiscovery risks, and reduce overall litigation spending. Industry analysts and experts began talking about "in-sourcing eDiscovery." Fulbright & Jaworski’s 2009 Litigation Trends Survey reported almost half of the survey participants were already in-sourcing some aspects of the process. In December 2009, Gartner came out with a report, symptomatically entitled E-Mail Archiving and E-Discovery: What to Do Next, which confirmed a similar key finding: adopters of email archiving solutions are looking to expand the uses of their archives for eDiscovery tasks. Recent announcements from traditional email archiving vendors have all been revolving around support for eDiscovery and litigation readiness.

All this goes to prove that when, a few years ago, we redesigned the M+Archive architecture to combine email retention with eDiscovery, we were way ahead of the curve. And our clients have appreciated and benefitted from this. And they’re saving money.

How do I know this? Nothing more than some really quick back-of-the-envelope calculations based on what clients I’ve recently spoken to tell me. I see the following patterns:

• Every single one of them has used M+Archive for eDiscovery, even if they originally purchased the solution to address email retention;
• The investment in the M+Archive indexing server paid for itself after a single discovery request, which took minutes as opposed to days;
• Legal costs were reduced on average by a quarter just because the subset of data presented for review was highly accurate.

Granted, these are my unscientific observations; still, they are pretty compelling. What’s even more compelling is that the latest release of M+Archive will enable them to save even more. Enter M+Analytics.

Last week, I saw M+Analytics in action. This is a really slick case management system that’s part of our email archiving solution. It allows authorized reviewers, internal auditors, or legal professionals to collaborate on eDiscovery requests using the M+Archive central repository. So don’t forget to sign your internal auditing and legal teams up for the upcoming walk-through of M+Analytics.

According to data collected and analyzed by Michael Osterman, eDiscovery today represents about 35% of the cost of litigation. With an early case assessment system, such as M+Analytics, in place, the cost of processing and reviewing of data can be reduced considerably. In fact, one of my projects for this year is to track clients’ litigation cost savings directly linked to M+Analytics.

What prompted this posting, however, wasn’t the research suggesting a convergence between email archiving and electronic discovery technologies. Rather, it was the enthusiastic praise for M+Archive from a client with whom I had lunch two weeks ago. We didn’t go into an abstract ROI discussion, we didn’t talk about the granularity of the policies or the flexibility of the archiving jobs. It was much simpler than that: "The Terabytes of archived data are growing daily, we can find whatever we need in seconds – WOW!"

At the end of the day, it’s the validation from the clients that counts the most.

2010 has been pretty hectic for us: product releases, live webinars, trade shows, best practices seminars, on-site client visits, business partnerships, not to mention juggling the growing ecosystem of social networking from LinkedIn to Facebook and Twitter. The information is as overwhelming as it is relentless.

A recent special report in the Economist on “Data, data everywhere” discusses preserving, processing and using the Exabytes that surround us. (How do you even abbreviate an “Exabyte”?) 

Without a doubt, messaging takes center stage in the ever-growing information overload. To make things worse, it may turn out that email is making us stupid; yet, it’s unlikely that it will stop coming.

This rather dire scenario has a silver lining, which was uncovered by our clients. It turns out that over the past few months our website has transformed itself from being merely a source of traditional product-related information on email security and archiving software into a valuable repository of resources that help them deal with day-to-day email management, as well as empower them to implement a much broader email risk management strategy.

In my opinion, this is worth writing about. So in the coming weeks, we’ll be providing in-depth spotlights on the various sections on our website: from the newly launched Security & Compliance newsfeed to the eDiscovery and the Email Risk Management centers.

Our goal is simple and ambitious: offer as much relevant information as possible, make it as accessible as possible, reach as wide an audience as possible.

We invite you to share your feedback and bring your ideas to the table. We’re all in this together.

For example, a breakdown in communications spelled disaster for a pharmaceutical company in litigation over the Fen/phen diet drug. Plaintiffs said the drug hurt patients and sued. In the discovery phase of the lawsuit, plaintiffs requested email records. On numerous occasions, counsel for the company said there were no backup tapes containing email because counsel understood the IT department to say that there were no such tapes. However, a more careful investigation eventually revealed that there had been some tapes -- after the lawsuit started -- on which email had been stored. These tapes were created for short-term storage and then recycling, and IT did in fact recycle them while the lawsuit was pending.  The recycling caused email records to be destroyed. Counsel only came to understand this recycling process later, after counsel claimed there were no tapes containing email. The judge was unhappy. The judge felt that counsel misrepresented the truth about the existence of email on tapes. The judge levied sanctions against the company so as to deal it a severe strategic disadvantage in the lawsuit.  (Linnen v. A.H. Robins Co., Inc. , Mass. Superior Ct. No. 97-2307, June 16, 1999, Memo. of Decision and Order).

Today, this kind of miscommunication unfortunately remains common. It prevents enterprises from setting good policy on the retention and destruction of email, even before litigation starts.

This weakness of communication is a key problem addressed in Messaging Architects' ePolicy Workshop. The workshop aims to pull to one table the IT department, the legal department, and other stakeholders in the organization. It helps bridge the gap in communication on records issues, so the organization as a whole can set intelligent policy.

You asked and our GroupWise gurus answered, but now it’s time for us to deliver on our promise. Congratulations to Gene Homan (Stumper1934) of Minneapolis, Minnesota, for stumping our gurus.

The winning entry was selected from all the entries submitted from GroupWise enthusiasts around the world who responded to the opportunity to stump our experienced GroupWise Gurus in our blog.

In the words of The Mentor, our winner asked a question about a new technology that none of the gurus have had time to work with yet. The winning entry was "Can you explain the flow of communications between the GroupWise (GW) Calender Publishing Host (CPH) servlet and the various GWPOAs and the users out on the Internet doing Free/Busy searchs and Subscribing to GW user calendars? What does the CPH do on startup? How does the CPH get its updates as users make changes to their Published calendars?"

As the grand prize winner of our Stump the GroupWise Guru contest, our winner will receive two hours of professional services with the GroupWise Guru of his choice.

Thanks to everyone who entered! If you haven’t already, you can stay updated with the latest news, announcements and contests like this one by following us on Twitter or becoming a fan on Facebook.

Just as snowshoe distributes weight across a large surface to avoid falling through the ice, snowshoe spamming spreads spam output across many IPs and domains — in effect, “spreading its weight” so it doesn't trigger automated filters. Using these techniques, spammers use many small IP ranges on many ISPs, which in turn use many different domains that rapidly change IP addresses. Snowshoe spam is particularly tricky because it appears to come from seemingly legitimate, uncompromised IP addresses.

Most importantly, although these IPs usually sends a modest volume of bulk email, collectively these anonymous IP ranges are capable of huge throughput. The result? An avalanche of spam.

Fortunately, M+Guardian and Spamhaus are there to shelter you from the harsh elements. M+Guardian now incorporates Spamhaus’ newly announced Composite Snowshoe (CSS) block list to combat the dramatic rise in snowshoe spamming.

Spamhaus CSS is an automatically-generated list of IPs that have been detected sending snowshoe spam. CSS listings are automatically removed a few days after the last time a listed IP or one of its near neighboring IPs stops sending snowshoe spam. The Spamhaus block list team is taking the CSS data and continue to create manual listings for active snowshoe ranges, identify the spammers behind snowshoe operations, and associate those listings with Register Of Known Spam Operations (ROKSO) records or create new records where appropriate.

We knew that, even though several botnets were knocked offline last summer, the reprieve would be short lived. Fortunately, there are organizations like Spamhaus to fight the good fight. It might seem like the good guys are always one step behind, but spam-blocking by nature is reactionary. So, a more accurate way to think about it is we're hot on their heels, always watching and quickly reacting.

The spin-doctors at the mayor's office defended the aid by explaining that "double-deleting" (moving emails to the trash and emptying the recycle bin daily) is simply a good organizational habit. Then, of course, the finger-pointing began with the aid contending that he just assumed the email was being backed up by the city's servers. The city's IT department insisted it was the employee's job to archive the messages.

No one is saying that the deleted emails contained evidence of any wrong-doing. Here's the real "crime" in my estimation: The aid was deleting email, despite the fact that, a year ago, a judge warned the mayor's office about the practice of deleting emails. (It had been revealed that employees were deleting emails to save on storage space.) The city then bought email backup software, but didn't bother to create an email retention policy.

Seriously. They bought an email archiving system. Presumably, they fixed the storage problem when they bought the archive. And, then … nothing. Folks, all the software and storage in the world isn't going to solve your email management problems if you don't have policies to guide what you do with it.

Because we understand that polices are the absolute foundation of message management, we've created an ePolicy Workshop. It's a private, two-day workshop that helps organizations think through and create clear, written policies. You start by assessing your organization's current retention policies (if there are any), how you're enforcing them (if at all), and how the policies might help or hinder a potential discovery or disaster recovery process. You'll learn what areas of an email infrastructure typically present security and compliance gaps and how your organization scores in each of these areas. Once you understand where you are, you can determine how far you have to go.

It's important to include all the people who have a stake in the policy. This isn't just an IT issue, so key executives and people from legal, records management, and human resources also need to be involved. If you're worried about the logistics of getting all these people to a seminar or conference, don't worry — we come to you. Because we hold the workshop onsite, you don't have to figure out how to get everyone to some offsite location. Another bonus is you're someplace where you can have confidential discussions of sensitive, company-specific issues.

Although you might cringe at the idea of being pulled off other projects for two days, the time-frame really is pretty short and sweet. If you were doing this on your own, you'd be faced with assembling a policy team, scheduling a series of meetings, and going through draft after draft trying to come up with a policy that meets everyone's needs. With the workshop, our technical and legal experts guide you through the process, and in two days you walk away with an email retention and deletion policy tailored to your business needs and industry requirements. You'll know what email needs to be retained and for how long; how to maintain secure and auditable records; what should go into formal, written policies; and what technologies will enforce those policies.

Beyond policies

Enforcement is key. As we've seen from the Boston situation, it's important to have policies, but it's also unreasonable to expect  employees to implement these policies with completely accurate judgment 100 percent of the time. It isn't their core competency, it distracts them from their daily work, and — should they slip even once — the stakes are too high. To be sure your policies are being strictly and consistently followed, you need a way to automate their enforcement. If the employees in the Boston mayor's office had these two elements in place – policies and the technology to enforce them — we wouldn't be reading about them today.

[ ] We're happy to rely on backup tapes.

Backup and archive are not the same. Backups take periodic snapshots of active data so you can recover it in the event it's deleted or destroyed. OK for use in an emergency, backups usually contain multiple copies of messages, and there's no clear information about which messages exist on which backup tape — an eDiscovery nightmare waiting to happen. Think of backup as a short-term insurance policy to facilitate disaster recovery. Think of archiving as ongoing, rapid, and precise access to years of business information.

[ ] Outlook/Exchange archiving is sufficient.

The Outlook/Exchange 2007 Archiving feature is primarily used to keep inbox size down and circumvent fixed-term deletion policies. To do this, it creates a secondary database to store messages. The default location for this database is the user's local hard drive or, if a user has both a desktop and laptop, multiple archives. Without structured deletion policies, this approach will soon cause serious compliance gaps.

In Exchange 2010, Microsoft is adding multi-mailbox search functionality that offers only basic query (date, keyword, boolean). However, every search creates messages in a "search" mailbox, which in even moderately sized enterprises will quickly become bloated and unresponsive. Storing archives in Exchange also means using expensive hardware (SAN) rather than lower-cost devices or optical disc.

[ ] We don't view email as a sufficient threat to our business to take action.

Hard to believe that organizations are ignoring the evidence (so to speak) all around them. The Federal Rules of Civil Procedure that addressed electronically stored information went into effect in 2006, and the scandals (Enron, WorldCom, Tyco…) which led to the enactment of various regulatory frameworks date back almost as far. An entire industry has built up around providing software and services to ensure compliance with these laws, which apply to both private and public organizations, across almost all sectors. Inaction or the choice to not abide by these clear and legally binding obligations for preserving records is the real threat.

[ ] We have bigger email concerns right now, e.g., security, spam, mobile, etc.

Another stunner. We know that M+Guardian users are not part of this bunch.

[ ] Our staff is responsible for filing email appropriately on paper or file shares.

It's great to hear that so many of the survey participants are confident in their employees' ability to understand and implement their organizations' email retention policies! Sarcasm aside, I truly doubt professional IT Managers trust that every single user will implement those policies. Perfectly. For every single message. Every day. Professional IT Managers implement applications and frameworks to ensure that the end result they know needs to happen, actually happens. Except in the smallest organizations (less than 15 users), no policy management usually means that each user implements their own slightly modified version of their interpretation of what the policy might mean to them. The result is a quagmire of hundreds of individualized and idiosyncratic archives that are nearly impossible to manage.  

[ ] We would like to save email to a records management system, but we don't have one.

When it comes to email management, the costs and potential penalties are high. The average lawsuit cost can easily exceed $1 million, and 30 percent of the cost is associated with IT-related tasks such as searching for emails and files. Failure to produce email records altogether during legal discovery means the organization doesn't have the evidence needed to defend itself. And if the courts determine that an organization has willingly destroyed its email records, it will be slapped with hefty fines — in fact, 84 percent of all eeDiscovery fines are due to email destruction.

We're well past the point where organizations can plea ignorance when it comes to electronically stored information. If you haven't implemented email management in your organization, today is the day to begin. We have tons of resources available, and most of them are free.  We regularly conduct public webinars and can provide material you can use to educate your team.

We have a passion for archiving, and with more than 500 M+Archive deployments in 20+ countries to date, we’ve learned a lot about how to do things the right way. Let us know how you’d like us to help.

Got a question about Novell GroupWise that you want answered?

• Don't know how to set up an external busy search?
• Do I need to run GWCheck?
• Got a question about upgrading to GroupWise 8?

Post it here for a chance to WIN two hours of professional services with the GroupWise guru of your choice. With over 80 years of combined GroupWise expertise between them, it will be hard to stump our panel of gurus.

Meet the gurus.

How to Participate:

1. Register by creating a profile below. It's quick and easy!
2. Post your question as a comment to the GroupWise Guru of your choice.
3. Check back often to see if you’ve stumped the GroupWise Gurus. 

Thank you and good luck!

NOTE: Please enable cookies so we can log your official entry! 

So, what does “used properly” really mean?

Let's dive into the details, starting with attachments. Although usually a relatively small percentage of messages in our mailboxes contain attachments, these messages typically occupy 80 to 90 percent of mailbox disk space. Being able to remove these items from the live mail system, yet still have them easily accessible through the native client, could reduce the size of your mailbox store by 80-90 percent! This is a great example of using stubbing in an intelligent manner — a small number of items are stubbed, but you're saving a large amount of space.
 
Another smart way to use stubbing is to stub aging data. Automatically removing aging information from the live mail system is a good way to control/manage the size of the mailbox store. It's becoming more and more impractical to let users keep infinite amounts of mail in their mailboxes. Unfortunately, this can clash with the user’s need to access aging information in a seamless manner (through the client) without having to access the secondary storage (archives) using a third-party app or browser. 

Imagine a policy where all items in a user’s mailbox fall into three categories, based on their age:

0 to 6 months — Messages reside on the primary mailbox store.
6 to 12 months — Messages reside on secondary storage and are stubbed.
12 months+ — Messages reside on secondary storage (archives).

In this scenario, users would have access to a full year's worth of mail through the native client, even though half of that data resides outside the live mail system. You could even get more granular and apply different policies to different to users, or groups of users, depending on their needs or role in the organization.

How Stubbing Should NOT Be Used…

Let's stub 100,000,000 items back into the live mail system! Or not. Although you will not take a huge hit on disk space because stubs are tiny little files, most enterprise-class collaboration systems (GroupWise/Exchange/Notes) store mail items in proprietary databases and have limits on the number of items that can exist and be indexed in a mailbox or folder. Stubbing doesn't change these limitations and should NOT be used in an attempt to give access to more mail items than one would otherwise keep in the live mail system.

Ben has an original and somewhat provocative position on records retention. He argues that time-honored legal advice on records retention, especially email, doesn’t fare too well in court. Why? Because electronic records aren’t retained properly or for a sufficiently long period of time. But, there's hope. Ben considers records mangers as those "Agents of Change" who can be most effective in promoting the message that it’s time to manage email differently and change records retention policies.

The scheduling of our session on Saturday afternoon as part of the Industry Intelligence Track may turn out to be inconvenient for some attendees, so we’ve come up with a Plan B. Ben is offering highly personalized one-on-one or group discussions on this topic and surrounding issues at our booth all day Friday, October 16.

Do these questions resonate with you?

• Is it possible that organizations destroy email too quickly?
• Do organizations risk incurring great expenses recovering deleted emails?
• Do users truly understand and follow email retention policies in practice?

If so, do stop by to talk to us and share your views. It's a great opportunity to get personalized perspective that will help you out in both the court room and the server room.

If you aren’t attending this year’s ARMA International Conference, but would like the materials, send me an email or — even better — get involved in the discussion on Ben’s blog. The more we know, the stronger we are.

See you in Orlando or online!

[Begin Shameless Plug]
It’s Messaging Architects’ first participation at the conference, so come visit us at Booth # 932 and attend our session on Saturday, October 17.
Topic: Records Managers Can Become Agents of Change for eDiscovery and Records Retention
Date: Saturday, October 17, 2009
Time: 11:15AM - 12:30PM
Location: Expo Floor, Room 1230
It will be time well spent.
[End Shameless Plug]

I'm really looking forward to attending the event because I finally get to meet the records and information managers up close and personal. As part of my responsibilities at MA, I am constantly in touch with clients and getting their perspective on the ins and outs of email risk management. So, I am quite familiar with the IT point of view: Retain everything forever, ensure the messaging system doesn’t choke from the information overload and the company doesn’t go broke from the costs of legal discovery, be able to instantly recover your CEO’s emails from five years ago, don’t make your end users think ... I'm sure these concerns sound familiar to most of you.

But, I’d like some insight from some of the other players in the records retention game, i.e., the records managers. Today, where everything is regulated and mandated, what can turn them into heroes in their organizations? In fact, at the ARMA Conference, Ben is actually going to challenge some of the long-standing precepts of email. What’s more, he thinks that records managers are actually in a perfect position to become Agents of Change and bring about a much needed shift in electronic records management. Stay tuned for more about the Ben’s thoughts and provocative session in my next post.

And then last week I saw the light. At the weekly huddle, we started discussing how best to share the fall activities, webinars, events, conferences, contests, product spotlights, client success stories, industry news, and analyst reports... I got dizzy just trying to outline the communications schedule, keeping everyone in the loop without abusing email etiquette by going in email overdrive. And then it dawned on me — MA on Twitter. Short, sweet, and compelling.

And so Messaging Architects is on Twitter and I’d like to invite you to follow us: http://www.twitter.com/MPlusNews. We promise to bring to you daily useful nuggets of information to keep you informed, amused, entertained, challenged, and always connected.

This sounds pretty good, but a bit of Googling may have you wondering about the value of stubbing. Although there are some mixed opinions about stubbing, I fall into the “pro-stubbing” camp. Let me re-phrase that. I'm pro-stubbing when stubbing is done correctly.

The criticisms of stubbing are usually rooted in poor uses of stubbing. It's kind of like saying you shouldn't exercise because you might get hurt. Well sure, if you don't warm up properly, you might end up with a pulled muscle. But, does that mean you shouldn't exercise at all? (If you're looking for an excuse to skip a trip to the gym, don't answer that.)

Here's a good rule of thumb: Stubbing works well for large items and aging items. Anything else, and you're not using the technology the way it was intended.

For example, here are some of the “downsides” you might read about stubbing:

1. A stubbed message will take longer to open then a non-stubbed message.

Well … ya, it will. That's because the message resides on non-local, cheaper/slower storage. That's why it makes sense to store aging information (which isn't accessed as frequently) or large items (which one might expect to take longer to open).

2. A new point of failure is introduced. If the stubbing agent or the secondary storage become unavailable, stubbed items can no longer be opened.

There are two points to consider here. First, the instability resulting from keeping massive amounts of large and aging messages in the live system is a far greater problem than the risks introduced by a secondary storage system. Plus, even if the secondary storage becomes unavailable the organization is only temporarily losing access to aging data, not the mission-critical, newest mail.

3. Stubbed items can only be opened using the native client. For example, a GroupWise user can access their mailbox via GroupWise and the stubs will work just fine; but, if a user wants to use some other mail client, like Thunderbird, to access their GroupWise mailbox, the stubbing won't work.

It's true that you can access the live mail using any mail client via standard protocols like POP and IMAP and get basic functionality; but certain features specific to GroupWise -- like stubbing or proxy access – won't work. However, if you're using something like M+Archive, which is policy-based, it isn't an all-or-nothing scenario. You don't have to apply the same policies to all the users, so you wouldn't have to implement stubbing for users who access their mail via a POP or IMAP client. Those users could still access their archives using WebAccess.

Read between the lines

If you find someone who isn't a fan of stubbing, check the source. Is it a solution vendor whose product doesn't support stubbing? They may well be downplaying the benefits of stubbing to justify this missing feature.

Here's another gem I've come across: “To compensate for its inherent instability, Exchange has something called stubbing that is being introduced into GroupWise.” They'll then make to leap to imply that Exchange uses stubbing because it's unstable and, because GroupWise now offers stubbing, it must be unstable, too. Not true.

Here's the upshot: Stubbing addresses a common and serious problem, i.e., that users keep too much mail. This uses a lot of primary (expensive) disk space and reduces the performance of the mail system. When used intelligently, stubbing can bring huge storage management benefits by reducing the size of your mailbox store, thus improving the performance of your live mail system and reducing the amount of time it takes to perform backups.

In my next post, I'll share some tips for getting the most out of stubbing.

The simple philosophy is that if the organization can state with 99.9-percent certainty that the requested messages exists or does not exist then expensive eDiscovery exercises can be avoided. Courts will usually require proof of such statements through formalized policies and audited processes within the organization.

Part of the challenge of defining a unified retention solution is controlling the data sources inside and outside of the defined retention area. If the organization can't identify or control the records outside of the retention area, how can it implement a record-destruction policy without reverting to disparate data storage again? This is where the alignment of the various policies and procedures comes in.

There are ten areas you must address to define and manage a unified retention area:

1. Identify email sources, including: backups, personal archives, IMAP/POP3accounts, mobile messaging, and any other copies (even printed copies).
2. Evaluate the organization's ability to control those locations through either process or policy.
3. Consider alternatives for handling information that you can't realistically control via processes or you can't audit effectively with an associated policy.
4. Define some type of formal retention policy that details how and where data will be stored and retained.
5. Back up these policies with formal processes.
6. Consider an archival and retention package for the email system. This will form the basis for the unified retention area.
7. Once you've selected the archiving and retention package, the implementation should provide for 100-percent retention of all email messages in a single or multiple repositories.
8. Decide what to do with current data, for example tape backups outside the unified retention area.
9. Implement a data-destruction policy on the unified retention area. Be sure the destruction policy does not conflict with external data policies.
10. Ensure the actual integrity of the unified retention area.

If item #6 caused you to pause and wonder about my motives (after all, I do work for a company that produces an archiving product), I understand. However, as messaging expert, regardless of whom I work for, I can tell you that, although you can use a live messaging system as the unified retention area, unfortunately email systems were not designed for this function and are impractical for long-term storage and retention of information.

The retention system needs several key components in order to ensure a comprehensive retention area:

• Automatically capture 100 percent of all email
• Index and search data
• Maintain message integrity
• Provide scalable and cost-effective storage
• Perform selective destruction
• Apply litigation holds to data
• Audit deletions to validate corporate destruction policies

One final note: Unified Retention gives organizations a way to effectively handle and process eDiscovery requests in their email system. However, Unified Retention doesn't come in a box. It must be architected and deployed by skilled individuals who know the systems and the processes, and accompanied by a willingness of upper management to develop or sign off on email usage and retention policies that will ultimately protect and benefit the organization financially.

We've filled the Resource Center with interesting and relevant information that you can turn to, for example, compliancy briefs on SOX, Open Records and FRCP. These briefs were created in conjunction with our legal expert, Ben Wright, who writes a compelling and useful blog on all matters involving eDiscovery. Ever wonder about the implications of Facebook as a business record in the corporate environment? Ben talks about it here.

Learn from Your Peers

The eDiscovery Resource Center also spotlights specific Messaging Architects clients and how they use our products to manage compliance and answer eDiscovery requests. Reading how another university or major hospital handles compliance can inspire ideas for your own organization, or make you ask the questions that lead you down the path to a solution.

Not all of our solutions are products. We offer a wide range of services to help clients understand the complexities of the legal landscape. One such interesting case study comes from Jackson County, which used our e-Policy Workshop to successfully build and get buy-in for an organization-wide email retention policy.

Take Advantage of Our Experience

We work with hundreds of organizations, across many vertical markets, all over the world, so we see all kinds of issues pertaining to compliance, security, and eDiscovery. Our goal with the eDiscovery Resource Center is to give you a way to take advantage of our experience and expand your understanding of eDiscovery.

This is a growing field that is maturing. Organizations such as the EDRM Group are standardizing the processes involved with eDiscovery. We will be updating this Resource Center with the latest information around eDiscovery, so be sure to check back often!

It can be frivolous or deadly serious – it’s possible to be fired via an email, but also due to an email. Many vital decisions are made by email exchange, and the implication of our usage findings is that these may be made on the move, on tiny screens, and when otherwise off-duty.

Continue Reading

Legal precedence has shown that the courts favor the side that can produce the most credible evidence, and penalize the side that provides incomplete records or consciously and prematurely destroys records. This provides a legal dilemma: In order to properly defend your organization, you must maintain comprehensive records; but, more records bring higher processing and legal costs to locate, process, and examine those records.

Keeping comprehensive records isn't the real issue though. The issue is the management of those records and the pervasiveness of email as a record.  Once you're forced into an eDiscovery exercise, you start to see that gathering email evidence isn't as easy as it should be. The reality is that email records are pervasive and can exist in many locations, many formats, and many copies. A typical organization at any one time maintains multiple email record copies between their backup systems and their online systems.
 
While duplication may exist, so may disparateness where records exist on one media but not another. It is this potential for information or record existence that prompts court-ordered discovery of all media sources to ensure that all records are provided as part of the evidentiary process. The problem of multiple information sources is not simply related to backups, other business productivity processes factor in, too. Perhaps one of the biggest problems is that of end users circumnavigating message management policies and implementing their own retention processes. This can result in remote copies of messages on local and home workstations, personal archives, mobile devices, printed copies, and external email systems.
 
With the myriad locations that email can exist within organizations and the inability of organizations to properly control or inventory those locations, it is no wonder that projected costs for eDiscovery in 2009 are estimated at more than $10 billion. 
 
In this electronic information battlefield, organizations have to be able to defend themselves by being prepared for electronic data requests but also need to be able to provide specific records. By knowing what information they possess and where that information resides, the organization can respond quickly, efficiently, and economically to information requests. 
 
In my next post, I'll follow up with a strategy that reduces the complexity of eDiscovery. This essentially turns a technical issue — that for many organizations is an obstacle — into an advantage.

I can tell you with a very high degree of certainty where you’ll find the files — in your Enterprise Messaging System. It is pretty clear that if a document, spreadsheet, or presentation has any value whatsoever to your organization, it's being circulated among team members, partners, suppliers or customers, and at least 95 percent of the time as an attachment to an email message.

This isn't necessarily the way you want things to be done, especially if your organization has spent tons of money on a content or document management system, but it's simply the reality of how email gets used across most organizations today. As a result, we all know that email messages have come to be regarded as vital business documents, meaning they need to be stored and searchable.

However, what's driving the need for reliable, fast email search is mostly compliance and control — legislated eDiscovery, internal audits or mailtaps, and workplace litigation. It's all about finding the smoking gun. As a result most of the solutions have a narrow, negatively tinged focus. I’ve found that the decision to purchase and implement our solutions is rarely about improving knowledge sharing and enhancing productivity or competitiveness.

Time for an attitude shift! Once you approach email archiving from a new point of view and recognize it as one of the richest collaboration engines in your organization, a whole new perspective takes shape. You can start to effortlessly capture these rich conversations and content, index them, and make them available across your entire organization in new and positive ways.

Why not start to use stored email as a competitive advantage? For example, say I'm the new sales guy in an organization. The ability to search email lets me dive into the threads between customers and my company's most experienced salespeople. I can see how they walked through an opportunity with a customer. It's all right there in a threaded view: the customer's question, the account executive's reply, the attachments he included, the business case, the worksheet, the ROI information.

What a treasure trove of information. And, the organization didn't have to do anything special to compile it. Because it's email, it's organic. These conversations are taking place every day; why not leverage them for more than just that one moment of communication?

I hope I’ve got you excited about this new, more positive and broader perspective on why you should consider the deployment of an Email Archiving solution as one of your most strategic projects — instead of just a way to avoid restoring messages from backup tapes in the event of a nasty lawsuit.

Messaging Architects has always been about open standards, file format neutrality, and application independence. This is one of the design principals of the M+Platform. The new release of M+Archive simply continues this direction and achieves the milestone of fully transparent message co-location.

We recognize the reality many organizations use multiple email systems, or are investigating migration. Mailbox and message co-location is MA's open approach, and far, far better than migration.

It's also no easy accomplishment. As opposed to format transcoding, letting messages live in multiple locations at any given time is a real engineering challenge! For now, our focus has been to figure out how to let GroupWise and Exchange coexist, but Notes, Sendmail, Gmail, and others are also potential options. It all really depends on what our customers need the most.

Where are we going with this? What other milestones might be down the road? This list will probably inspire more than a few sleepless nights among my Product Managers, but here are a few things we'll probably start to work on in the coming months/years:

• Moving messages and appointments transparently from application to application (Exchange to GroupWise to Notes to Sendmail to ... ).
• Allowing these messages to move from on-premise to off (i.e., supporting private clouds, both on premise or off, and public ASP clouds from the likes of Google & Amazon).
• Conversion to/from dynamic states (live messages and attachments) to static states (archived messages and fixed content/attachment stores with both point-in-time view and recovery).
• Letting message items morph from message to appointment to task, across different messaging systems.

I'm not sure in what order these will occur — or even if they will all occur — but I can make a strong business case for each of them.

Today co-habitation is a process that involves smart agents and some heavy lifting from our pro-services team to configure the stack the right way. Eventually this will shift to intelligent message queues (pre-processors) that add meta-data to messages directly at the gateway, or as we extract and archive. This will enable our vision of boundary-less messaging and collaboration across the most important open protocols (SMTP, CalDAV, CardDav, GroupDAV) and many of the proprietary closed ones such as MAPI. This transparency will be achieved via open format translators that know how to move messages around while maintaining the meta-data as part of the message body, and our intelligent agents will understand how to process the content according to organizational policies and roles.

The message system co-habitation we are delivering in M+Archive 2009.1 is just the first step of a rather long journey, with many significant future milestones, to a destination we may never fully reach. But, we'll be making sure you enjoy the ride.

The confusion primarily results from the fact that other archive vendors rely on an enterprise database such as Oracle, MySQL (which happens to be owned by Oracle), MS SQL Server, etc. Clients need to know what database they're using in advance so they can anticipate the additional cost of licensing the database, hiring expert DBAs to manage a large enterprise database, support issues, etc.

Why relational databases and email archiving are a mismatch

Relational databases are great for storing certain structured data, like the line items of expenses we have when we make budgets in Excel. The problem is most ESI such as email is unstructured data. It just doesn't fit properly in a database. Add to that the fact that email archives can run into hundreds of millions of documents. Imagine the headache of managing a database of that size.

The good news is M+Archive doesn’t need a database. Messaging Architects' use of indexing for M+Archive is unique — no one else that I know of uses indexing technology only.

So how is search performed? That’s where indexing comes along. All of these files are indexed by the M+Archive Indexing Server. All searches go against the index to be able to retrieve results in less than a second. For a client, this means you don’t need to hire a fancy DBA, and there's no Oracle license to buy/renew. Eliminating the database dependency simplifies things greatly — and the performance is scorching fast. Indexing technology was built to handle billions of documents with unstructured content.

The best way to understand indexing is to think Google. There is no way Google would exist if they had to use traditional databases. In fact, their search engine relies on a proprietary object storage system called Bigtable. The indexing technology M+Archive uses also powers another public search engine that has indexed more than 8 billion Web pages.

Indexing just makes sense, especially in the context of archiving hundreds of millions of records where a few terms hidden in one of these records can make or break a litigation case.

The concept of native format might mean different things for different circumstances in an enterprise information system. For example, the structure and metadata applicable to a given e-mail might be different depending on whether the email is collected from an electronic mail system like Microsoft’s Exchange or from an archive appliance like Symantec’s Enterprise Vault. It’s my job to help trial counsel understand the different possibilities, evaluate options, and then document/explain the format decisions and actions that are executed in ESI collection and production. 
 
Sometimes disagreements about the format of ESI production must be resolved by the judge in a lawsuit. I asked Ben Wright, noted eDiscovery blogger whether, in his experience, he finds that judges have a good grasp on the technology issues involved with eDiscovery.

Ben's reply: "The judicial system is quickly learning about electronic discovery and digital evidence. State and federal judges are indeed gaining practical experience with e-records. In their own courses for continuing professional education, judges are being trained to apply law in new technical environments, such as e-mail and Web 2.0. They are also learning how to seek help, such as input from special masters and magistrates who are better versed in technology issues. Still, technology is evolving at such a breath-taking pace that the court system struggles to keep up. Changes in technology are accelerating, as we see new developments like social networking and cloud computing arise virtually overnight."

I bring this up as just one example but, depending on your role on the Internet, the very same victims who fall prey to Internet scams may have access to your computer systems. The rich Nigerian with no friends is only one example of a personal con. Imagine the same con playing out at the corporate level, where the goal is not money, but intellectual property, client databases, inside information sold to the competition by a disgruntled employee. These scenarios aren't just the basis for cheesy movie plots, but routine occurrences that cost organizations billions of dollars.

And so, it is our duty as IT specialists to mitigate these cyber disasters, if not completely avoid them altogether. I like to call it "Business Intelligence on the Wire,” but it is also more commonly known as DLP or "Data Leak Prevention/Protection." Often positioned as a compliance requirement enabling organizations to be "regulation X-compliant,” DLP is rarely discussed in the context where it's direly needed: to monitor an organization’s inbound and outbound traffic based not only on the law but also on patterns, such as the roles and responsibilities of people in the organization. We should be asking questions like, "Why is our accountant sending out source code?" Or, "Why is the receptionist sending our client information at 3AM?" Unfortunately, most organizations don’t ask these questions, and more importantly, can’t identify if and when this kind of communication is happening.

Fortunately, the technology exists for organizations to wield that same god-like savvy-ness about their own IT infrastructures, and there is no better time to implement it and pro-actively avoid the potential scams lurking inside our own networks.

So what’s eDiscovery? Well, eDiscovery or “Electronic Discovery” is just that – the act of discovery of electronic information. And what qualifies as electronic information? That was pretty much answered by the U.S. Supreme Court in April 2006 when it approved the amendments to the Federal Rules of Civil Procedure. The amendments basically outlined that all Electronic Stored Information (ESI) is deemed discoverable and needs to be easily accessible.

There were some big cases before 2006 that highlighted need for electronic discovery, most notably Zubulake v. UBS Warburg. In this landmark case, USB Warburg wound up paying $29.3 million in damages because it could not produce email evidence. A key factor in the decision: The jury was instructed to assume that any email USB discarded after Zubulake filed her complaint would have hurt the bank’s case. The updates to the Federal Rules of Civil Procedure, however, were what what really got people to take eDiscovery seriously because Electronic Stored Information is so pervasive.

What’s the largest source of ESI at any company? What is the number-one ESI requested by opposing parties during eDiscovery? Email. Email — the preferred way to communicate in the 21st century — is ESI. More often than not, if your company gets sued or is under investigation, your corporate email needs to be discoverable. As a result, eDiscovery has grown from being a "nice to have" feature to becoming the main driver for organizations looking to deploy an archiving solution. Fast forward a few years from 2006 and eDiscovery has matured; organizations such as EDRM are leading the way in formalizing the eDiscovery process and getting a large group of legal firms and technology vendors together.

Over the course of the next few blogs, I’ll be talking about eDiscovery in a bit more depth. I’ll take a look at how our products can help facilitate eDiscovery, but also why it’s important to understand the policy and legal reasons behind the technology.

The technology industry has adopted a lot of the vocabulary from the roadbuilding sector; we talk about product roadmaps, routes to market, paving the way and of course the ubiquitous milestone.

In many ways this first blog entry is a major milestone for Messaging Architects. It is a reference point along a road to build a more user-friendly web presence for clients and partners and is the combination of many months of work by our dedicated Product Marketing team.

Most of you have noticed the complete website overhaul that has taken place. We are quite proud of our new website and we've received numerous positive accolades and feedback about both the layout and the content. The unveiling of this blog section is part of our larger strategy to make our site a regular destination for Email Administrators and Policy Gurus, and it is part of a journey that started almost 15 years ago.

Over the years, we have helped thousands of clients and millions of end users to deploy robust and secure messaging infrastructure - or as we call it Business Driven Email. In the coming months, you will see others at Messaging Architects contribute their observations, knowledge and passion.

It is all part of what we perceive to be our mandate to provide thought leadership, awareness, conversation and perhaps even controversy on the topics that concern us, and you. It helps drive the bigger picture, our role as technology developers and global providers of risk management for enterprise e-mail. Hopefully you'll find some gems, some humor, some best practices, and many practical tips and tricks that you can implement overnight.

In future posts, I'll discuss some milestones that we've achieved recently and why I think they are significant.