Email Looms as IT ThreatEmail Looms as IT Threat
AIIM survey says email's bigger than ever, and nobody's driving the train
October 11, 2006
Email is growing by leaps and bounds, both in importance and volume. So it's not good news that nobody's in the wheelhouse.
Yet that's what turned up in a survey of 1,043 email users conducted by a the Association for Information and Image Management, which calls itself the Enterprise Content Management (ECM) association (an example of what happens when you seek to modernize your name but still own a longstanding brand and URL).
Results of the industry group's online survey taken in August and September 2006 reveal that most organizations aren't managing email at all. Aside from storing it for a given time period, most respondents reported relying on end users to decide what to keep and what to throw out. (See AIIM Posts Results.)
Further, what passes for email management could raise a regulator's hackles. Forget automated policies tied to full text searches. (See Stop That Email!.) For respondents in companies of all sizes, formal policies govern things like acceptable employee use of email systems, acceptable content of messages, mailbox size, and a company's ownership of the email. When it comes to setting rules for using email to transact business, discuss human resources issues, exchange confidential information, respond to requests from regulators or lawyers, the majority of respondents reported no policies in place.
Table 1: Does your organization have any policies restricting or limiting the use of e-mail for any of the following purposes? (Percentage of 1,043 respondents)
Negotiating contracts and agreements
Discussing HR issues
Discussing operational or product strategies
Exchanging confidential or sensitive information
Responding to regulators
Answering inquiries from customers
Exchanging invoices, statements, and payment information
Filing documents with official bodies
Responding to litigation
Source: AIIM - The ECM Association
On top of having few rules about what goes into email, organizations don't do much to protect it. Just 30 percent of respondents said they had any email encryption policy in place, and 37 percent had a policy for instant messaging -- this despite 61 percent of respondents reporting concern about theft of confidential info or intellectual property via email.
What emerges from all this is far from the landscape described by email management vendors, in which organizations are eager to adopt technology to sort and save important email.
When it comes to archiving email, nearly 60 percent of respondents said they save email as part of regular backup. A full 18 percent don't archive email at all. Just 3 percent reported outsourcing email archiving. (See Outsourcing Email Not an Easy Choice.)
Table 2: How does your company/organization archive its email? (No. and percentage of 1,043 respondents)
Email is archived as part of the backup process
Using a commercial email archival tool
As part of a records management program
We don't archive email
Using .pst files
Note: The balance of the responses below not listed were "Don't Know"
Source: AIIM - The ECM Association
Mancini stresses the risks of relying on backup or leaving email management up to end users. "As anyone who has gone through an e-discovery process can attest, finding and producing relevant emails from back-up is not the same as producing them from an archive in which the content is based on the subject and relevance of the email."
On the plus side, respondents to the survey appear to be interested in some form of archiving. Just 12 percent reported that they'd continue to rely on IT's daily email server backups to manage email in the future. A full 72 percent reported interest in an email archiving solution integrated with either a records management product, an enterprise content management platform, or some other form of enterprise information platform.
For better or worse, the problems illustrated in this survey aren't likely to diminish. According to the Radicati Group consultancy, the volume of email that the average corporate user sends and/or receives every day will grow 30 percent within the next four years, from 16.4 Mbytes in 2006 to 21.4 Mbytes per day in 2010. And unless companies start taking action, Mancini implies, they'll be risking both their ability to produce relevant proof for compliance or litigation, but also their ability to benefit from increased use of email.
"Email has migrated from a proxy for conversation to a key form of organizational documentation, but most organizations have yet to make the jump to truly leverage email... Organizations largely leave the management of email up to individual employees, a precarious position at best given the critical role that email plays in documenting business decisions."
— Mary Jander, Site Editor, Byte and Switch
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023