E-mail and other forms of electronic communications have become pervasive andessential to business growth and operational productivity. Today, with more than 170billion e-mails and 580 billion IMs exchanged daily, companies have seen a 334percent annual increase in bandwidth, processing and storage requirements in thelast year.
This new dependency on messaging has created a whole new spectrum of major risks,vulnerabilities and requirements for companies of all sizes. Incriminating,indecent, inappropriate and important attachments and text are far too frequentlyushered into cyberspace without proper encryption, archiving or security policiesapplied to them.
Attack Via Attachment
Postini is one of a growing number of companies developing protection strategies toguard large and small organizations from increasing e-mail exposure threats.Quentin Gallivan came to Postini as its CEO in November 2005 and now also serves aspresident.
He brings to Postini more than two decades of global executive leadership experience inthe high technology industry. Prior to joining Postini, Gallivan spent eight yearswith VeriSign, a pioneer in on-demand services, as executive vice president ofworldwide sales and service. While at VeriSign, Gallivan was instrumental in scalingthe company from US$13 million in revenues in 1997 to more than a billion in revenues in2004.
The E-Commerce Times discussed the state of instant message and e-mail protection withGallivan.
E-Commerce Times: By 2005, some 24 percent of all companies had e-mail subpoenaed, and 15percent had gone to court over lawsuits triggered by just employee e-mail. How hasthe litigation situation changed in the last year or two? Have companies become moreaware of the dangers of unregulated corporate e-mail and taken protective steps?
We have observed that starting in 2006, there has been anincreased awareness among enterprises that all electronic communications — e-mail,IM, Web postings, blogs, wikis — can be discoverable in case of an investigation ordispute. Our customers are realizing that even a simple employee complaint to asupervisor may be sufficient notice that requires them to preserve e-mail asevidence.
Fulbright and Jaworski’s Third Annual Litigation Trends Survey 2006 showsthat labor and employment related investigations and lawsuits are the top andfastest growing concerns to the 400-plus worldwide survey participants whoresponded. Therefore, the need for customers to execute fast and comprehensivediscovery efforts has also increased in the last year or two.
E-Commerce Times: How are companies handling the potential for lawsuits involving theirelectronic communications records?
To reduce litigation risk, many of the large enterprise customers with whom weare speaking are implementing an online digital archiving strategy to improve thespeed and accuracy of search results when it comes to responding to a regulatoryinquiry or a lawsuit investigation. These customers realize that relying on backuptapes can be unwieldy.
They are also realizing the IT organization can be overwhelmed with episodicdiscovery requests, which results in their inability to meet other business goals.These customers are implementing online archiving solutions that enable them torespond really quickly in the event of a discovery situation.
E-Commerce Times: How has the Federal Rules of Civil Procedure (FRCP) that became effective on December 1, 2006 affected businesses?
Companies are realizing that the newly amended rules of FRCP affect them and arealso looking ahead to how state guidelines affecting state litigation might follow.What is interesting to note about the FRCP amendments is that many states areadopting the same standards for state level civil disputes.
In addition, these amendments apply to businesses of all sizes. That means SMB (small and medium business) customers can be more vulnerable to cost overruns in case of litigation than largeenterprises. The small businesses and mid-market companies with whom we speak areimplementing online archiving as an insurance policy.
E-Commerce Times: In a survey conducted only two months before the FRCP amendments’ effective date, only 7 percent of corporate counsel indicated that their companies wereprepared for the amended Rules, and 54 percent were not even aware that theamendments would take effect in December 2006. Are companies now meeting compliance?
We see companies in various stages of compliance. The amendments went intoeffect eight months ago, and Postini customers have gained greater awareness of theneed to comply. But many companies believe that they need to draft and implement apolicy before they can get started. In a poll of Postini customers conducted in thespring of 2007, only 7 percent felt “fully prepared” to meet their compliancechallenges. In addition, 41 percent of respondents stated that they have”implemented a policy but need to refine it.” The remainder, or just over half, arestill drafting a policy or need to draft one.
E-Commerce Times: What steps did they have to take to accomplish this?
Most companies are evaluating alternative archiving approaches to tape and disk-based backups. What most companies are now realizing is that with a managed serviceapproach, it is easy, at any time, to get started with complying with the amendedFRCP. With Postini’s Message Archiving service, for example, customers can begin toarchive messages with a one-year retention period and go back and modify theretention period as dictated by the legal policy.
E-Commerce Times: What stumbling blocks to compliance have you noticed?
The legal department may be hesitant to implement a compliance policy becausethey are unsure how to enforce it. Yet this is an area where the IT department canprovide a simple and elegant solution that simultaneously addresses another problem.For example, when a company implements an online digital archiving strategy fordiscovery and compliance objectives, it can benefit the IT department with savingsthat accrue to their IT operations. Postini’s Message Archiving service can enableIT departments to offload message data from primary servers, thereby saving time andmoney on backups, storage and other performance areas. It is critical to note thatwaiting to create a perfect policy may prove to be costly in the long run.