novell ® brainshare ® successful deployment strategies to tackle e-mail compliance requirements...
TRANSCRIPT
Novell® BrainShare®
Successful Deployment Strategies to Tackle E-mail Compliance Requirements and Storage Bloat
Greg Smith, Director of Prof ServicesMessaging Architects
Gregg Hinchman, ConsultantHinchman Consulting
Kevin Beaver, Security ConsultantPrinciple Logic
© Novell Inc, Confidential & Proprietary
2
Overview
This seminar is designed to provide This seminar is designed to provide GroupWise administrators with the GroupWise administrators with the background steps they need to take to background steps they need to take to understand their business and infrastructure understand their business and infrastructure requirements and develop an organizational requirements and develop an organizational solution to managing Email Retentionsolution to managing Email Retention
© Novell Inc, Confidential & Proprietary
3
Speakers
Gregg A. Hinchman – [email protected] Hinchman Consulting, Consultant 10+ years of GroupWise Experience 9+ years of GroupWise Upgrading Experience 4 years of GroupWise Clustering Experience Co-Author:
“Success with Clustering GroupWise”
“Success with GroupWise Document Management”
GroupWise Advisor Magazine Articles
Cool Solutions “Consultant’s Corner” articles
© Novell Inc, Confidential & Proprietary
4
Speakers
Kevin Beaver, Consultant - [email protected] Independent Information Security Consultant, Principle Logic 18 years’ experience in Information Security matters Author & Columnist
• “Hacking Wireless Networks For Dummies” & “Hacking For Dummies” (Wiley)
• “The Definitive Guide to Email Management and Security” (Realtimepublishers.com)
• “The Practical Guide to HIPAA Privacy and Security Compliance” (Auerbach) & Contributing Editor for HCPro’s Briefings on HIPAA newsletter
© Novell Inc, Confidential & Proprietary
5
Speakers
Greg Smith - [email protected] Director of Professional Services CNI, MCNE 9+ Years GroupWise/Novell Experience Consulting, Engineering & Project Management 12,000 User Migration in 3 months (City of Toronto) Author / Speaker
• BrainShare
• Advisor Media
• Cool Solutions
© Novell Inc, Confidential & Proprietary
6
Strategy Checklist
Our Problems
Our IT Projects
Planning for a SolutionKnow Your Retention Requirements
Know Your Regulatory Requirements
Know Your Discovery Requirements
Know Your Users
Know Your Environment
Formulate Your Policies
© Novell Inc, Confidential & Proprietary
7
Problems? What Problems?
Woes of the Overworked & UnderpaidWas here till midnight restoring that tape…
Have you rebuilt those GroupWise indexes?
When was the last time we ran a contents check?
This is the third discovery request from Legal this week
HR wants access to three users’ mailboxes
Our backup is now asking for another tape
Had another corrupted GroupWise Archive yesterday
Running out of space on PO2 and no more hard drive slots available
Do you know a good divorce lawyer?
© Novell Inc, Confidential & Proprietary
8
Our Organization
County Government 1400 Employees 1100 Office / 300 Remote 3 Offices (T1 between 2, 256K FR to other)
4 Post Offices • PO1 300U/180GB• PO2 350U/260GB• PO3 250U/160GB• PO4 100U/120GB
Personal Archives across 3 servers (89GB)
© Novell Inc, Confidential & Proprietary
9
Major Projects
Things we need to do
Tackle email server space issues
Look at email disaster recovery
Things we are being told to do
Records retention
Regulatory Compliance
Access to Public Records enquiries
Provide email discovery requests to legal
© Novell Inc, Confidential & Proprietary
10
Projects
• Email Server Space Issues– Server is maxed out of hard drive space
Migrate mail system to a new server
© Novell Inc, Confidential & Proprietary
11
Projects
• Email Server Space Issues– Server is maxed out of hard drive space
Migrate mail system to a new server Acquire or allocate space on SAN for mail server
© Novell Inc, Confidential & Proprietary
12
Projects
• Email Server Space Issues– Server is maxed out of hard drive space
Migrate mail system to a new server Acquire or allocate space on SAN for mail server Split the Post Office
© Novell Inc, Confidential & Proprietary
13
Projects
• Email Server Space Issues– Server is maxed out of hard drive space
Migrate mail system to a new server Acquire or allocate space on SAN for mail server Split the Post Office Force deletion of messages from server
© Novell Inc, Confidential & Proprietary
14
Projects
• Email Server Space Issues– Server is maxed out of hard drive space
Migrate mail system to a new server Acquire or allocate space on SAN for mail server Split the Post Office Force deletion of messages from server Implement Archiving
© Novell Inc, Confidential & Proprietary
15
Projects
• Retention & Discovery Solution
Need to Keep Messages for 7 years, some longer
Need to run global and individual mailbox queries
Need to provide data to non-GroupWise users
Need to manage and delete obsolete records
Need to save deleted user email
Need to save 100% of email information for some users
Need an Archiving Solution
© Novell Inc, Confidential & Proprietary
16
Project
Developing an Archiving Solution– GroupWise Archives
> Personal Archives
> Encrypted to individual user
> Difficult to manage for size & deletion
> Unfeasible for extensive searching
> Dependence on GroupWise for long-term storage
– Third-Party Archive Solution (GWArchive)> Data is stored outside of GroupWise
> Data access has greater versatility
> Data can be managed more efficiently
© Novell Inc, Confidential & Proprietary
17
Retention Requirements
Let’s Look at Our GroupWise SystemLet’s Look at Our GroupWise System
© Novell Inc, Confidential & Proprietary
18
What Are Our Retention Requirements?
• Business Requirements– Look at current business email usage
Document Repository
Business Correspondence
Contracts & Proposals
Task Management
Financial Information
Employment Correspondence
Sensitive Information
Project Management
Personal Information
Revenue Dependent
What IS Email exactly being used for?
© Novell Inc, Confidential & Proprietary
19
What Are our Retention Requirements?
• Business Requirements– Look at how email is accessed
Determine your access patterns for older messages
Email Older than 90 Days: _____ %Email Older than 90 Days: _____ %
Email Older than 180 Day: _____ %Email Older than 180 Day: _____ %
Email Older than 1 Year _____ %Email Older than 1 Year _____ %
Email Older than 2 Years _____ %Email Older than 2 Years _____ %
Email Older than 5 Years _____ %Email Older than 5 Years _____ %
© Novell Inc, Confidential & Proprietary
20
• Business Requirements– Look at how information is shared
• Shared Folders• Proxy Access
– Look at what is stored• Large Attachments• Many Duplicate Messages
Are you using your email system efficiently or should processes be redefined?
What Are Our Retention Requirements?
© Novell Inc, Confidential & Proprietary
21
Legal Requirements
Let’s Ask Our Legal DepartmentLet’s Ask Our Legal Department
© Novell Inc, Confidential & Proprietary
22
Let’s Ask Our Legal Department
What do the laws and regulations say?
Common misconceptions about data retention
Who’s responsible?
Is there a right answer?Save nothing
Selective deletion
Save everything
Email retention policy must-haves
© Novell Inc, Confidential & Proprietary
23
Regulatory Requirements
Let’s Ask Our Compliance OfficerLet’s Ask Our Compliance Officer
© Novell Inc, Confidential & Proprietary
24
What Are Our Regulatory Obligations?
Public Institutions Access to Information Legislation
Florida Sunshine Act, Wisconsin Open Records Law
Electronic Signatures Act 36 CFR 1220.34 36 CFR 1220.38 44 USC 3101 44 USC 3106 US Department of Defense Directive 5015.2 NPG 1441.1C NARA General Records Schedule 20
© Novell Inc, Confidential & Proprietary
25
What Are Our Regulatory Obligations?
Private Institutions Sarbanes Oxley (Canadian Bill 198) HIPAA SEC Rule 17(a) 3 & 17(a) 4 Amendments to Rules 31a-2 and 204-2 NASD 3010 & 3110 NASD 2860 (b) (17) and 2210 (b) (2) NTM 98-11 (Amendments to Rules 3010 and 3110) NYSE Rule 342 Universal Market Integrity Rules for Canadian Marketplaces
© Novell Inc, Confidential & Proprietary
26
What Are Our Regulatory Obligations?
Consequences
Suspension of SEC trading license (Financial)
Prosecution of Executive Levels (Sarbanes Oxley)
Fines & Penalties
Investigations
Employment Termination
© Novell Inc, Confidential & Proprietary
27
Discovery Requirements
We Don’t Know Where They Will Come We Don’t Know Where They Will Come from:from:
HR, Legal, Security, Auditors, the Public…HR, Legal, Security, Auditors, the Public…
© Novell Inc, Confidential & Proprietary
28
What Are Our Discovery Requirements?
Who is requesting information?• Legal• Public• Human Resources• Security/Auditor
What information is being requested?• Legal (Certain individuals for past 3 years)• Public (All records dealing with certain subject)• Human Resources (Individuals for past 90 days)• Security/Auditor (Current records)
© Novell Inc, Confidential & Proprietary
29
What Are Our Discovery Requirements?
Frequency of Access• Continuous Searching
• Multiple Concurrent Searches
• Daily / Weekly / As Needed
Who will have access?• Records Management Requests
• Self-Service
Self-provisioning must include safeguards to monitor and access records
© Novell Inc, Confidential & Proprietary
30
What Are Our Discovery Requirements?
Speed of Access• Users need online access to 7 years’ worth of data?
• What are expectations for accessing older data?
• Can older data be maintained as offline records?
• Primary Archives versus Secondary Archives> Primary = 6 Months – 2 Years
> Secondary = 2 Years – 7 Years
Greater Availability & Access Speed = Higher Costs
© Novell Inc, Confidential & Proprietary
31
Our Environment
© Novell Inc, Confidential & Proprietary
32
Knowing Our Environment
Architecture - Remote Sites• Current Available Bandwidth between sites • QoS and Critical Applications
Data Discovery• Where is email data located? (User Archives)• How much data do I have?• Running GWCheck to estimate total required space
© Novell Inc, Confidential & Proprietary
33
Knowing Our Environment
GroupWise System Information
Number of Users............... 78 Number of Post Offices......... 1
Number of Mailboxes........... 157
------------------------------------------------------------------------------
Item statistics: TOTAL /MBOX Mailbox statistics: TOTAL /MBOX
normal items........141788 903.1 Boxes with mail....... 75
forwarded items.....31470 200.4 IN box entries:
reply items.........58974 375.6 read................83653 532.8
total items.........232232 1479.1 unread.............. 2864 18.2
new.................34866 222.0
Distribution statistics: total...............121383 773.1
to single user......82840 527.6 Boxes over IN limit. 55
to <= 3 users.......97630 621.8 OUT box entries:
to many users....... 3655 23.2 total...............101270 645.0
sent encrypted (%).. 0 Boxes over OUT limit 45
Schedule statistics:
Average item length.... 132KB Boxes with schedules.. 55
INcoming appointments:
Items w/ attachments... 7384 read................ 5336 33.9
Average number attach.. 1 unread.............. 9 0.0
Average attach length.. 4030 new................. 526 3.3
total............... 5871 37.3
Items hidden by rcvr... 93 OUTgoing appointments:
Items in trashcan...... 0 0.0 total............... 1679 10.6
Total items x Total items x
Average item length Average item length = =
Estimated SizeEstimated Size
© Novell Inc, Confidential & Proprietary
34
Knowing Our Environment
Storage Allocation• What is the total required space?• What is current growth?
> GroupWise Accounting Files
> Deltas between subsequent Statistic reports
• What space is required in 12 Months? 18 Months?• What are the long term requirements?
© Novell Inc, Confidential & Proprietary
35
Our Users
© Novell Inc, Confidential & Proprietary
36
Knowing Our Users
• Our users would never let us do that• Our users do not accept change• That’s going to be a really tough sell• That’s not what our users want
© Novell Inc, Confidential & Proprietary
37
Resistance to Change
The Soft Sell• The IT Department takes a lesson from Marketing• Publicizing your project• Involving User Liaison Groups• Evaluating special requirements• Providing tutorials and training
The Hard Sell• Involve upper management to define policy• Get management approval of your solution• Have Policy and Solution communicated from the top
© Novell Inc, Confidential & Proprietary
38
Resistance to Change
The Compromise• Maintaining legacy applications (GW Archives)
• Initiating a scaled implementation
• Duplication of data and management
• Customized Development
• Higher Management Costs
© Novell Inc, Confidential & Proprietary
39
The Policies
© Novell Inc, Confidential & Proprietary
40
Formulating Policies
Review Existing Email Usage Policies• Acceptable & Unacceptable Use Guidelines• Privacy Statements• Consequences
Retention Policy• How long to keep data in GroupWise and Archives
Deletion Policy• When to delete information and what information
Archiving Policy• How archives will be accessed and managed• Responsibilities of users, if not 100% retention
© Novell Inc, Confidential & Proprietary
41
Formulating Policies
Solicit the involvement of all relevant departmentsSolicit the involvement of all relevant departments
Create a Policy TeamSenior ManagementHuman Resources IT DepartmentLegal CouncilPublic Relations ManagerResearch Consultant
© Novell Inc, Confidential & Proprietary
42
Formulating Policies
Communicate the Policy Ensure users know the policies Provide education web videos / documents Distribute polices with management endorsement Manage policies accordingly
© Novell Inc, Confidential & Proprietary
43
Deploying a Solution• Checklist
Retention Requirements Definition Systems Configurations Access Requirements Developing Polices – to be cont. Choosing the Right Solution Designing Your Solution Architecture Preparing Your Plan and Your Systems Deploying a Solution
SP275 - A Hands-on Approach to Implementing an Effective SP275 - A Hands-on Approach to Implementing an Effective E-mail Retention Solution with GroupWise and GWArchive E-mail Retention Solution with GroupWise and GWArchive
Unpublished Work of Novell, Inc. All Rights Reserved.
This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.
General Disclaimer
This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. Novell, Inc., makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.
Unpublished Work of Novell, Inc. All Rights Reserved.
This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.
General Disclaimer
This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. Novell, Inc., makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.