All of Henry's emails that are more than 30 days old get moved to an offline archive now. That approach can work for some organizations.
"If you can afford to simply delete your email once you have finished reading it or taking it offline, that would be another form of securing yourself," Unveillance's Hijazi says.
Henry says he just searches his old email from a machine that stores the archives. "I'd rather not have a year or more's worth of email online," he says.
For organizations such as law firms that need more than 30 days' worth of email to work on their cases, for example, he recommends keeping emails for only 90 days. That's what Lumension did for a law firm client. "One of the principals at the firm had over four years of email literally accessible from the Internet," he says. "Now they archive and remove mail from the server every 90 days, and it's stored where it's not reachable from the Internet, only from the intranet."
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.