novell ® brainshare ® successful deployment strategies to tackle e-mail compliance requirements...

Novell® BrainShare®

Successful Deployment Strategies to Tackle E-mail Compliance Requirements and Storage Bloat

Greg Smith, Director of Prof ServicesMessaging Architects

Gregg Hinchman, ConsultantHinchman Consulting

Kevin Beaver, Security ConsultantPrinciple Logic

© Novell Inc, Confidential & Proprietary

2

Overview

This seminar is designed to provide This seminar is designed to provide GroupWise administrators with the GroupWise administrators with the background steps they need to take to background steps they need to take to understand their business and infrastructure understand their business and infrastructure requirements and develop an organizational requirements and develop an organizational solution to managing Email Retentionsolution to managing Email Retention


3

Speakers

Gregg A. Hinchman – [email protected] Hinchman Consulting, Consultant 10+ years of GroupWise Experience 9+ years of GroupWise Upgrading Experience 4 years of GroupWise Clustering Experience Co-Author:

“Success with Clustering GroupWise”

“Success with GroupWise Document Management”

GroupWise Advisor Magazine Articles

Cool Solutions “Consultant’s Corner” articles


4

Speakers

Kevin Beaver, Consultant - [email protected] Independent Information Security Consultant, Principle Logic 18 years’ experience in Information Security matters Author & Columnist

• “Hacking Wireless Networks For Dummies” & “Hacking For Dummies” (Wiley)

• “The Definitive Guide to Email Management and Security” (Realtimepublishers.com)

• “The Practical Guide to HIPAA Privacy and Security Compliance” (Auerbach) & Contributing Editor for HCPro’s Briefings on HIPAA newsletter


5

Speakers

Greg Smith - [email protected] Director of Professional Services CNI, MCNE 9+ Years GroupWise/Novell Experience Consulting, Engineering & Project Management 12,000 User Migration in 3 months (City of Toronto) Author / Speaker

• BrainShare

• Advisor Media

• Cool Solutions


6

Strategy Checklist

Our Problems

Our IT Projects

Planning for a SolutionKnow Your Retention Requirements

Know Your Regulatory Requirements

Know Your Discovery Requirements

Know Your Users

Know Your Environment

Formulate Your Policies


7

Problems? What Problems?

Woes of the Overworked & UnderpaidWas here till midnight restoring that tape…

Have you rebuilt those GroupWise indexes?

When was the last time we ran a contents check?

This is the third discovery request from Legal this week

HR wants access to three users’ mailboxes

Our backup is now asking for another tape

Had another corrupted GroupWise Archive yesterday

Running out of space on PO2 and no more hard drive slots available

Do you know a good divorce lawyer?


8

Our Organization

County Government 1400 Employees 1100 Office / 300 Remote 3 Offices (T1 between 2, 256K FR to other)

4 Post Offices • PO1 300U/180GB• PO2 350U/260GB• PO3 250U/160GB• PO4 100U/120GB

Personal Archives across 3 servers (89GB)


9

Major Projects

Things we need to do

Tackle email server space issues

Look at email disaster recovery

Things we are being told to do

Records retention

Regulatory Compliance

Access to Public Records enquiries

Provide email discovery requests to legal


10

Projects

• Email Server Space Issues– Server is maxed out of hard drive space

Migrate mail system to a new server


11

Projects


Migrate mail system to a new server Acquire or allocate space on SAN for mail server


12

Projects


Migrate mail system to a new server Acquire or allocate space on SAN for mail server Split the Post Office


13

Projects


Migrate mail system to a new server Acquire or allocate space on SAN for mail server Split the Post Office Force deletion of messages from server


14

Projects


Migrate mail system to a new server Acquire or allocate space on SAN for mail server Split the Post Office Force deletion of messages from server Implement Archiving


15

Projects

• Retention & Discovery Solution

Need to Keep Messages for 7 years, some longer

Need to run global and individual mailbox queries

Need to provide data to non-GroupWise users

Need to manage and delete obsolete records

Need to save deleted user email

Need to save 100% of email information for some users

Need an Archiving Solution


16

Project

Developing an Archiving Solution– GroupWise Archives

> Personal Archives

> Encrypted to individual user

> Difficult to manage for size & deletion

> Unfeasible for extensive searching

> Dependence on GroupWise for long-term storage

– Third-Party Archive Solution (GWArchive)> Data is stored outside of GroupWise

> Data access has greater versatility

> Data can be managed more efficiently


17

Retention Requirements

Let’s Look at Our GroupWise SystemLet’s Look at Our GroupWise System


18

What Are Our Retention Requirements?

• Business Requirements– Look at current business email usage

Document Repository

Business Correspondence

Contracts & Proposals

Task Management

Financial Information

Employment Correspondence

Sensitive Information

Project Management

Personal Information

Revenue Dependent

What IS Email exactly being used for?


19

What Are our Retention Requirements?

• Business Requirements– Look at how email is accessed

Determine your access patterns for older messages

Email Older than 90 Days: _____ %Email Older than 90 Days: _____ %

Email Older than 180 Day: _____ %Email Older than 180 Day: _____ %

Email Older than 1 Year _____ %Email Older than 1 Year _____ %

Email Older than 2 Years _____ %Email Older than 2 Years _____ %

Email Older than 5 Years _____ %Email Older than 5 Years _____ %


20

• Business Requirements– Look at how information is shared

• Shared Folders• Proxy Access

– Look at what is stored• Large Attachments• Many Duplicate Messages

Are you using your email system efficiently or should processes be redefined?

What Are Our Retention Requirements?


21

Legal Requirements

Let’s Ask Our Legal DepartmentLet’s Ask Our Legal Department


22

Let’s Ask Our Legal Department

What do the laws and regulations say?

Common misconceptions about data retention

Who’s responsible?

Is there a right answer?Save nothing

Selective deletion

Save everything

Email retention policy must-haves


23

Regulatory Requirements

Let’s Ask Our Compliance OfficerLet’s Ask Our Compliance Officer


24

What Are Our Regulatory Obligations?

Public Institutions Access to Information Legislation

Florida Sunshine Act, Wisconsin Open Records Law

Electronic Signatures Act 36 CFR 1220.34 36 CFR 1220.38 44 USC 3101 44 USC 3106 US Department of Defense Directive 5015.2 NPG 1441.1C NARA General Records Schedule 20


25


Private Institutions Sarbanes Oxley (Canadian Bill 198) HIPAA SEC Rule 17(a) 3 & 17(a) 4 Amendments to Rules 31a-2 and 204-2 NASD 3010 & 3110 NASD 2860 (b) (17) and 2210 (b) (2) NTM 98-11 (Amendments to Rules 3010 and 3110) NYSE Rule 342 Universal Market Integrity Rules for Canadian Marketplaces


26


Consequences

Suspension of SEC trading license (Financial)

Prosecution of Executive Levels (Sarbanes Oxley)

Fines & Penalties

Investigations

Employment Termination


27

Discovery Requirements

We Don’t Know Where They Will Come We Don’t Know Where They Will Come from:from:

HR, Legal, Security, Auditors, the Public…HR, Legal, Security, Auditors, the Public…


28

What Are Our Discovery Requirements?

Who is requesting information?• Legal• Public• Human Resources• Security/Auditor

What information is being requested?• Legal (Certain individuals for past 3 years)• Public (All records dealing with certain subject)• Human Resources (Individuals for past 90 days)• Security/Auditor (Current records)


29


Frequency of Access• Continuous Searching

• Multiple Concurrent Searches

• Daily / Weekly / As Needed

Who will have access?• Records Management Requests

• Self-Service

Self-provisioning must include safeguards to monitor and access records


30


Speed of Access• Users need online access to 7 years’ worth of data?

• What are expectations for accessing older data?

• Can older data be maintained as offline records?

• Primary Archives versus Secondary Archives> Primary = 6 Months – 2 Years

> Secondary = 2 Years – 7 Years

Greater Availability & Access Speed = Higher Costs


31

Our Environment


32

Knowing Our Environment

Architecture - Remote Sites• Current Available Bandwidth between sites • QoS and Critical Applications

Data Discovery• Where is email data located? (User Archives)• How much data do I have?• Running GWCheck to estimate total required space


33


GroupWise System Information

Number of Users............... 78 Number of Post Offices......... 1

Number of Mailboxes........... 157

------------------------------------------------------------------------------

Item statistics: TOTAL /MBOX Mailbox statistics: TOTAL /MBOX

normal items........141788 903.1 Boxes with mail....... 75

forwarded items.....31470 200.4 IN box entries:

reply items.........58974 375.6 read................83653 532.8

total items.........232232 1479.1 unread.............. 2864 18.2

new.................34866 222.0

Distribution statistics: total...............121383 773.1

to single user......82840 527.6 Boxes over IN limit. 55

to <= 3 users.......97630 621.8 OUT box entries:

to many users....... 3655 23.2 total...............101270 645.0

sent encrypted (%).. 0 Boxes over OUT limit 45

Schedule statistics:

Average item length.... 132KB Boxes with schedules.. 55

INcoming appointments:

Items w/ attachments... 7384 read................ 5336 33.9

Average number attach.. 1 unread.............. 9 0.0

Average attach length.. 4030 new................. 526 3.3

total............... 5871 37.3

Items hidden by rcvr... 93 OUTgoing appointments:

Items in trashcan...... 0 0.0 total............... 1679 10.6

Total items x Total items x

Average item length Average item length = =

Estimated SizeEstimated Size


34


Storage Allocation• What is the total required space?• What is current growth?

> GroupWise Accounting Files

> Deltas between subsequent Statistic reports

• What space is required in 12 Months? 18 Months?• What are the long term requirements?


35

Our Users


36

Knowing Our Users

• Our users would never let us do that• Our users do not accept change• That’s going to be a really tough sell• That’s not what our users want


37

Resistance to Change

The Soft Sell• The IT Department takes a lesson from Marketing• Publicizing your project• Involving User Liaison Groups• Evaluating special requirements• Providing tutorials and training

The Hard Sell• Involve upper management to define policy• Get management approval of your solution• Have Policy and Solution communicated from the top


38

Resistance to Change

The Compromise• Maintaining legacy applications (GW Archives)

• Initiating a scaled implementation

• Duplication of data and management

• Customized Development

• Higher Management Costs


39

The Policies


40

Formulating Policies

Review Existing Email Usage Policies• Acceptable & Unacceptable Use Guidelines• Privacy Statements• Consequences

Retention Policy• How long to keep data in GroupWise and Archives

Deletion Policy• When to delete information and what information

Archiving Policy• How archives will be accessed and managed• Responsibilities of users, if not 100% retention


41


Solicit the involvement of all relevant departmentsSolicit the involvement of all relevant departments

Create a Policy TeamSenior ManagementHuman Resources IT DepartmentLegal CouncilPublic Relations ManagerResearch Consultant


42


Communicate the Policy Ensure users know the policies Provide education web videos / documents Distribute polices with management endorsement Manage policies accordingly


43

Deploying a Solution• Checklist

Retention Requirements Definition Systems Configurations Access Requirements Developing Polices – to be cont. Choosing the Right Solution Designing Your Solution Architecture Preparing Your Plan and Your Systems Deploying a Solution

SP275 - A Hands-on Approach to Implementing an Effective SP275 - A Hands-on Approach to Implementing an Effective E-mail Retention Solution with GroupWise and GWArchive E-mail Retention Solution with GroupWise and GWArchive

Unpublished Work of Novell, Inc. All Rights Reserved.

This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.

General Disclaimer

This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. Novell, Inc., makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

Unpublished Work of Novell, Inc. All Rights Reserved.

This work is an unpublished work and contains confidential, proprietary, and trade secret information of Novell, Inc. Access to this work is restricted to Novell employees who have a need to know to perform tasks within the scope of their assignments. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.

General Disclaimer

This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. Novell, Inc., makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

novell ® brainshare ® successful deployment strategies to tackle e-mail compliance requirements...

Documents

years of groupwise experience

email retention slide

years experience

groupwise administrators

groupwise indexes

gb slide

clustering groupwise

email management