EXCLUSIVE INTERVIEW
Postini CEO Quentin Gallivan, Part 1: The Challenges of Compliance

E-mail and other forms of electronic communications have become pervasive and essential to business growth and operational productivity. Today, with more than 170 billion e-mails and 580 billion IMs exchanged daily, companies have seen a 334 percent annual increase in bandwidth, processing and storage requirements in the last year.

This new dependency on messaging has created a whole new spectrum of major risks, vulnerabilities and requirements for companies of all sizes. Incriminating, indecent, inappropriate and important attachments and text are far too frequently ushered into cyberspace without proper encryption, archiving or security policies applied to them.

Attack Via Attachment

Postini is one of a growing number of companies developing protection strategies to guard large and small organizations from increasing e-mail exposure threats. Quentin Gallivan came to Postini as its CEO in November 2005 and now also serves as president.

He brings to Postini more than two decades of global executive leadership experience in the high technology industry. Prior to joining Postini, Gallivan spent eight years with VeriSign (Nasdaq: VRSN), a pioneer in on-demand services, as executive vice president of worldwide sales and service. While at VeriSign, Gallivan was instrumental in scaling the company from US$13 million in revenues in 1997 to more than a billion in revenues in 2004.

The E-Commerce Times discussed the state of instant message and e-mail protection with Gallivan.

E-Commerce Times: By 2005, some 24 percent of all companies had e-mail subpoenaed, and 15 percent had gone to court over lawsuits triggered by just employee e-mail. How has the litigation situation changed in the last year or two? Have companies become more aware of the dangers of unregulated corporate e-mail and taken protective steps?

Quentin Gallivan: We have observed that starting in 2006, there has been an increased awareness among enterprises that all electronic communications -- e-mail, IM, Web postings, blogs, wikis -- can be discoverable in case of an investigation or dispute. Our customers are realizing that even a simple employee complaint to a supervisor may be sufficient notice that requires them to preserve e-mail as evidence.

Fulbright and Jaworski's Third Annual Litigation Trends Survey 2006 shows that labor and employment related investigations and lawsuits are the top and fastest growing concerns to the 400-plus worldwide survey participants who responded. Therefore, the need for customers to execute fast and comprehensive discovery efforts has also increased in the last year or two.

E-Commerce Times: How are companies handling the potential for lawsuits involving their electronic communications records?

Gallivan: To reduce litigation risk, many of the large enterprise customers with whom we are speaking are implementing an online digital archiving strategy to improve the speed and accuracy of search results when it comes to responding to a regulatory inquiry or a lawsuit investigation. These customers realize that relying on backup tapes can be unwieldy.

They are also realizing the IT organization can be overwhelmed with episodic discovery requests, which results in their inability to meet other business goals. These customers are implementing online archiving solutions that enable them to respond really quickly in the event of a discovery situation.

E-Commerce Times: How has the Federal Rules of Civil Procedure (FRCP) that became effective on December 1, 2006 affected businesses?

Gallivan: Companies are realizing that the newly amended rules of FRCP affect them and are also looking ahead to how state guidelines affecting state litigation might follow. What is interesting to note about the FRCP amendments is that many states are adopting the same standards for state level civil disputes.

In addition, these amendments apply to businesses of all sizes. That means SMB (small and medium business) customers can be more vulnerable to cost overruns in case of litigation than large enterprises. The small businesses and mid-market companies with whom we speak are implementing online archiving as an insurance policy.

E-Commerce Times: In a survey conducted only two months before the FRCP amendments' effective date, only 7 percent of corporate counsel indicated that their companies were prepared for the amended Rules, and 54 percent were not even aware that the amendments would take effect in December 2006. Are companies now meeting compliance?

Gallivan: We see companies in various stages of compliance. The amendments went into effect eight months ago, and Postini customers have gained greater awareness of the need to comply. But many companies believe that they need to draft and implement a policy before they can get started. In a poll of Postini customers conducted in the spring of 2007, only 7 percent felt "fully prepared" to meet their compliance challenges. In addition, 41 percent of respondents stated that they have "implemented a policy but need to refine it." The remainder, or just over half, are still drafting a policy or need to draft one.

E-Commerce Times: What steps did they have to take to accomplish this?

Gallivan: Most companies are evaluating alternative archiving approaches to tape and disk-based backups. What most companies are now realizing is that with a managed service approach, it is easy, at any time, to get started with complying with the amended FRCP. With Postini's Message Archiving service, for example, customers can begin to archive messages with a one-year retention period and go back and modify the retention period as dictated by the legal policy.

E-Commerce Times: What stumbling blocks to compliance have you noticed?

Gallivan: The legal department may be hesitant to implement a compliance policy because they are unsure how to enforce it. Yet this is an area where the IT department can provide a simple and elegant solution that simultaneously addresses another problem. For example, when a company implements an online digital archiving strategy for discovery and compliance objectives, it can benefit the IT department with savings that accrue to their IT operations. Postini's Message Archiving service can enable IT departments to offload message data from primary servers, thereby saving time and money on backups, storage and other performance areas. It is critical to note that waiting to create a perfect policy may prove to be costly in the long run.

Postini CEO Quentin Gallivan, Part 2: Strategies and Services