Bi101 Blog … on cloud computing and SaaS, by Business Intelligence 101

To Archive Email or not?

If you’re anything at all like the majority of modern workplaces your day-to-day business is taking place almost entirely over email. Emails are what drive both your inter-employee and client-based communication and because of this they contain valuable company data assets – lots of information that you may need to access at some point in the future. This is especially true if and when any legal issues arise. Email data is able to be subpoenaed by an investigatory body and this means that you need to understand both which company data is being stored (and which is not) and how to access it appropriately when the time comes. With that valuable data scattered throughout thousands of emails in and out of employee mailboxes how can this be accomplished effectively? Archiving provides an answer and email archiving applications exist to help your business plan and manage your data accordingly.

email archive or not

Archiving is a process whereby emails are removed from inboxes but not deleted. Instead they are stored indefinitely and thus always searchable. The reasons to begin archiving your company’s emails are simple: you want to protect your business’s most important data and you need stay in compliance with the law. Think of the archive as a company-curated file cabinet that can be opened and searched easily when necessary. Because emails are such a rich source of inter-corporate information electronic discovery (e-discovery) has quickly become a major component of investigations big and small. Because of this businesses simply must have policies in place for managing their email communications effectively.

EMAIL ARCHIVING FEATURES

Microsoft Office 365 and Google each have archiving software solutions (Google’s is called Google Vault) with a similar feature set that is customizable to support your specific business needs. They each allow all users basic email archiving ability which is individually configurable as well as administrator-level multiple user configuration options. Admins can adjust the amount of time (un-archived) emails are retained after user deletion as this time period will be based on the specifics of your email data policy and on any compliance standards you are upholding. Admins can also selectively filter and auto-archive certain user emails based on search criteria (keywords, email addresses, etc…) or toggle which users’ data is being archived in full at any given point. The former means it’s easy to create and enact policy around which types of data you’d specifically like to retain indefinitely while the latter process of “placing a hold” is typically used if your company feels litigation is imminent for a specific user. Each service also provides admins with auditing features and rich data reports – on other words the ability to see what actions your users have taken over time and to analyze the information externally as you like.

Office 365 and Google Vault also offer e-discovery advanced search features for finding user data contained across calendars, archive and other email folders, and email attachments. It is worth noting that with Google Vault you can also find information about files contained on Google Drive (Office 365 has no analogue to Google Drive at this time). Office 365 on the other hand provides an interesting feature that Google lacks: the ability as an administrator to search for and delete messages from user inboxes. This would be helpful if sensitive information were accidentally sent out (Microsoft details the process here).

What’s most important to understand is that as business communications across email continue to expand e-discovery and email archiving practices will mature and expand as well. Your business needs to be prepared to file, retain, and reproduce corporate email data appropriately.

If you need more information about email archiving please don’t hesitate to contact Bi101 for a free consultation on your specific needs!

O365-trial

Deciding Between Email Archiving Solutions?

In the early days of email, business data issues were much simpler. Vital company communication was less likely to be electronically transmitted and there were fewer emails overall. This made it a much easier prospect both to find what you were looking for at any given moment and to keep your important company data locked safely away. Things have changed quickly and these days email is a company’s lifeblood – employees use it for nearly all day-to-day communication. It contains proprietary information and other potentially sensitive data. Keeping it safely stored and appropriately filed is a top priority for every modern business. This is where the need for email archiving software comes into the picture.

email archiving

HISTORY EMAIL ARCHIVING SOLUTIONS

The ways in which companies have electronically stored and protected their email data has evolved over the years. A long-standing option is called email journaling – a process by which email data is recorded and stored in a separate inbox on the same server as the rest of your email. This solution succeeds in retaining the data you want to retain but when a large amount of email is being processed your server begins to slow down quite a bit. Journalling is also less savvy from a security standpoint –  the process doesn’t hold your data in a separate server location. This creates significant data security issues and leaves your business exposed in the case of massive server failure. Depending on the type of data assets your company interacts with this could also be an issue pertinent to regulatory compliance. The limitations of the email journaling method led directly to the concept of email archiving and to the archiving software solutions that exist today.

YOUR EMAIL ARCHIVING OPTIONS

If you’re looking for an archiving solution for your business you’ll have several options to choose from. Proofpoint, McAfee, Mimecast, Microsoft and Google have all developed an answer to the issue of corporate email archiving. Microsoft’s version, called Exchange Online Archiving, is compatible with Microsoft’s Exchange Server 2010 and 2013 or as an add-on feature if you’re already using Office 365. McAfee offers McAfee SaaS Email Archiving, also compatible with the MS Exchange Servers, and Mimecast offers direct integration with Office 365. Proofpoint supports Exchange Server 2010 but is primarily aimed at small to medium sized enterprises (SMEs) in need of an archiving solution so it may be a good option if you currently use a non-Microsoft email server. Google’s archiving solution Google Vault is the most recent addition to the pack and offers seamless integration if your business is already using Google Apps Unlimited for its email services.

All these companies offer secure, customizable email archiving solutions and a support staff to help you put your company’s data retention plan in place. With any of these options you’ll be able to create and enforce a selective archiving policy and get reporting data on your email users and their activity. Choosing between these solutions is going to depend on the specifics of your business as well as your current software and user base so be certain to explore each option thoroughly and to see which one makes the most sense for your company. Regardless of which option you choose what’s most important is to take control of your company’s email data retention plan now – for security, for compliance, and for peace of mind.

If you have any questions about the various archiving solutions mentioned above don’t hesitate to contact Bi101 for a free trial of an email archiving solution!

talk-to-expert

Am I HIPAA compliant with Google Apps or Office 365?

Modern business solutions are making our office lives more convenient on an almost daily basis as well as fundamentally changing the way we transmit and store our most vital information.

Google Apps and Office 365 are each in their own right amazing tools for efficient data-sharing and document collaboration but as technology continues its steady advance into everyday life data security is becoming a primary concern – particularly in the healthcare space.

Am I HIPAA compliant with Google Apps or Office 365?

HOW TO BE HIPAA COMPLIANT

If any of the data your business will be handling is classified Protected Health Information (PHI) you’ll need to ensure that your chosen platform’s security levels are robust enough to meet HIPAA standards. So the question posed: Am I HIPAA compliant with Google Apps or Office 365? The short answer: Yes – but you may need to take action first.

For Google Apps users in order to be on your way to full compliance you’ll simply need your platform administrator to file a Business Associate Agreement (BAA) with Google. Google’s HIPAA compliance is able to extend to Gmail, Google Calendar, Google Drive, and Google Apps Vault services but action on your part (or your admin’s) is required. Note that Google excludes its legacy free accounts (those Google Apps accounts offered to customers prior to December 2012 also known as “standard accounts”) from filing a BAA – so the unfortunate news is that if you’re lucky enough be using a free Google Apps account you’ll be forced to pay for this additional layer of data security compliance. More detailed information on Google’s security policies and certifications can be found here.

Please remember: It’s important that you file a BAA before beginning to work with PHI data to ensure compliance and that it is your responsibility to determine whether or not HIPAA regulations apply to you.

HIPPA COMPLIANCE WITH OFFICE 365

For Microsoft Office 365 users: Congratulations! You are already HIPAA-compliant and can access your Microsoft-notarized BAA here. Microsoft prides itself on being the “first major business productivity public cloud service provider to sign requirements for the HIPAA BAA with all customers.” More detailed information about Microsoft’s security policies and certifications can be found here.

The great news is that both Google and Microsoft take PHI data security and HIPAA compliance very seriously and will work with your administrator to ensure that you are fully protected and up-to-code. Also if you need more information or advice we’re more than happy to help! Please don’t hesitate to contact Bi101 for a free consultation on your specific needs with Google or Microsoft!

HIPAA compliant with Google Apps or Office 365

What are the security risks of cloud computing with NetSuite?

The concept of cloud computing is simple: your business can run its applications online instead of having to download and install them to local machines or having to run your own internal company server. Cloud computing makes your business run smoother by securely storing your important program files and other data off-site and by effectively managing those files for you. But as computing on the cloud becomes both more convenient and more widely accepted, security is also becoming a larger concern. What are the major security risks here and how does enterprise cloud computing software like NetSuite address them?

Whitepaper Moving to the Cloud

THE MAJOR SECURITY RISKS WITH NETSUITE

First of all let’s discuss some common misconceptions about cloud computing. Your data is not suddenly “accessible” to everyone, or even the other users sharing your cloud storage servers. If this were a true cloud computing wouldn’t make much sense at all. In reality Netsuite and other other cloud computing providers understand that the security of sensitive company data assets is a top concern for businesses. They ensure “application-only access” for users – meaning that users cannot ever access the underlying database and thus pose a security threat to other cloud users. Users have inherently limited access no matter who they are. Your data is kept safe on the cloud through a combination of deterrent, preventative, responsive, and corrective protocols. In simple terms this means that NetSuite has policies in place to deter breaches through threat of high level prosecution, to respond quickly and appropriately to any potential issues as they arise, and to use these situations to swiftly correct and strengthen their security infrastructure.

NETSUITE DATA ENCRYPTION

From a strictly preventative standpoint NetSuite’s use of cutting-edge data encryption (the same level used by banks), high-security user password guidelines, and limitations on which IP addresses can access a user account are just a few of the ways they are keeping your company applications and data secure. By controlling employee access to data assets and to the system as a whole you are effectively ensuring that employees uphold your security policies consistently.

NETSUITE DATA LOSS

Another common concern is about data loss. How do cloud computing providers address the possibility of massive server failure and keep my company’s data records alive? NetSuite’s Data Management Plan provides multiple layers of data redundancy across several locations to ensure that you never lose access to your company data. Backups of all your most pertinent applications and data assets are completed continuously. NetSuite’s data redundancy policies across different physical locations also mean that if you experience data loss on your end they’ll be able to restore your data rapidly and reliably.

Another common concern about cloud computing is the question of data deletion. Does my data continue to exist somewhere in the cloud even after I delete it? In other words if cloud data management means copies and backups across multiple locations then how does this affect the status of files my business actually wants deleted (forever)? This issue deals directly with cloud computing’s adjustable data retention and deletion policies offered by companies like NetSuite. You are able to delete data the cloud (forever) but it will require a bit more effort and forethought. First consider your business’s specific needs for data retention and disposal then work with cloud support to set the appropriate guidelines for your company’s data management needs.

NEXT STEPS – FOR NETSUITE CLOUD COMPUTING

Getting your business to make the leap to cloud computing is no small transition and as with all transitions you’ll need a well-informed plan in order to begin. Although NetSuite is a market leader with extensive security infrastructure in place to minimize risk from the issues mentioned above, no system or company can remove all the risk associated with having your data in multiple physical locations and managed by a third party. It’s important therefore to thoroughly understand the risks that cloud providers are protecting you from and the specific solutions and security measures that they are offering. Knowing your own business needs and asking the right questions will minimize your company’s exposure to data security or file corruption issues.

Engage in business software review today to see if NetSuite is right for you.

Free Trial of NetSuite

How to Create Corporate Regulation Around BYOD

The Bring Your Own Device (BYOD) movement is changing expectations for businesses and employees. It has the ability to cut employer expenses and to give employees easier access to work materials anywhere they go. Unfortunately, it also creates a host of potential security concerns that your organization needs to be prepared for – particularly if compliance is an issue. You can combat these potential problems by creating and enforcing corporate regulations around how BYOD is going to work for your company – but how exactly to begin?

Whether you are thinking of implementing BYOD at your company soon or simply looking into the future of an increasingly connected workplace, it’s never too early to start thinking about how you’re going to handle the regulations that will keep your data secure. The regulations your company creates will be based on the specifics of your organization – your industry, business model, and the type of data assets you need protected. In most cases you’ll need to consult with your legal and compliance team for a more complete understanding of the ramifications of implementing BYOD at your firm.

STEPS TO CREATE CORPORATE REGULATION AROUND BYOD

Step 1 will be about gathering information. What kind of devices do you want to allow? What kind of (company) data will be stored on those devices? Which employees will be granted BYOD privileges?  What (if any) compliance standards does your company need to meet? Answering some or all of these questions first will provide an important framework for the regulations you’ll be putting in place.

Step 2 is making a comprehensive plan for data protection. You’ll need to ask yourself more questions like following: What data can and can’t be accessed via an employee-managed device? What specific brands and operating systems will my company support? What happens when a device is lost or when an employee leaves the firm? Simply, how can our employees protect their devices? The answers to these “deeper dive” questions will make up the meat of your corporate policy. Legal counsel can help explain some of the more nuanced aspects of data protection issues under the law and introduce you to some potential solutions – for instance “concierge” software exists which, when installed on a device, allows your company to control certain specific data and its security on that particular device.

Step 3 will be about enforcement of these regulations. Regulations don’t mean much if you can’t ensure that they are being consistently followed! You’ll need a solid plan for how to handle a number of different situations that are likely to arise. Keeping enforcement in mind will also help you draft realistic (and in some cases flexible) regulations for your company.

The bottom line about BYOD is that while it is increasingly becoming the norm it is not to be taken lightly – you will need policies in place to avoid the major pitfalls and your organization’s preparation is the key to a smooth rollout. Taking the time to create meaningful and enforceable corporate regulation around BYOD will definitely pay dividends in the long term.

If you have more questions we encourage you to contact Bi101 for a free consultation on your specific needs!

Enable BYOD at your organization with Office 365.

O365-trial

Copyright 2014 Business Intelligence 101. All Rights Reserved.

Top Cloud Solutions. Bottom Line Results.