Live Journaling in Office 365/Exchange Online?

Posted by Bill Tolson • June 14, 2018

Blog06142018_GoldfishSo, you’ve decided to move your on premise email system to Office 365/Exchange Online for cost savings, higher security, and scalability. However, before you begin the migration, a question you should ask is; does my organization journal email for compliance, legal, or business requirements? If your company does, then read on.

A Journal is not a diary

For those readers that aren’t sure of what a journal is, it refers to the capture and retention of all (in this case email) incoming and outgoing messaging in a way that guarantees the content is an exact copy of the original message including all metadata. Microsoft invented the “Journal Mailbox” back in the 90s for their on premise Exchange solution back based on a new SEC requirement aimed at brokers and traders. The journaling process captures an email message (and its metadata) as soon as it is sent or received ensuring it has not been deleted or edited.

Regulatory requirements launch journaling

So far, two government regulatory requirements specify journaling of electronic communications. Journaling ensures email is immediately captured in a legally defensible manner and then transferred to an email archive with immutable properties. Many companies falsely believed the journal mailbox was, in fact, an archive and didn’t take the next step of archiving the data. The problem with this is the journal mailboxes fills up rapidly and if not emptied, will over-write current journaled email.

An interesting example of this issue occurred approx. Ten years ago when the White House IT department set up a journaling mailbox on the Vice President’s office email server to meet U.S. National Archives and Records Administration (NARA) archiving regulations that all governmental agencies archive all email. The IT department set up a journal mailbox to capture the office’s incoming and outgoing email. However, they chose to rely on a manual process of transferring journaled email to file servers - instead of utilizing an automated email archiving system that would have access and transfer journal content to a stand-alone archive regularly. Later, the Vice President’s office was served with a Freedom of Information Request (FOIA request). During the search of past email, it was revealed that huge amounts of emails were missing. It was later discovered (during a Congressional hearing) the IT department had not regularly checked the journal mailbox which resulted in large amounts of email being overwritten (deleted).

Examples of prescriptive journaling regulatory requirements include SEC Rule 17a-4 and MiFID II. Other data retention regulations where journaling can help meet retention requirements are:

  • Sarbanes-Oxley Act of 2002 (SOX)
  • Security Exchange Commission Rule 17a-4 (SEC Rule 17 A-4)
  • National Association of Securities Dealers 3010 & 3110 (NASD 3010 & 3110)
  • Gramm-Leach-Bliley Act (Financial Modernization Act)
  • Financial Institution Privacy Protection Act of 2001
  • Financial Institution Privacy Protection Act of 2003
  • Health Insurance Portability and Accountability Act of 1996 (HIPAA)
  • Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (Patriot Act)
  • European Union Data Protection Directive (EUDPD)
  • Japan’s Personal Information Protection Act

Litigation hold and journaling

Another reason companies utilize email journaling is for litigation preparedness. When a lawsuit is filed (or anticipated), the companies affected are required to find and place a litigation hold on all potentially relevant data in the expectation of a later eDiscovery order. In many cases, the opposing counsel will ask for responsive data between two specific dates – such as all email from or to target employees between specific dates.  However, in some circumstances, the date range could be open-ended requiring a litigation hold on all past, current, and all new email.

The easiest way to ensure all affected email is captured and placed on a litigation hold is to begin immediately journaling the target employee’s mailbox. In fact, many companies will automatically journal their C-Level employee's email and hold it for 1,2, or more years simply because their GC expects that those employees have a higher risk of being named in lawsuits.

Journaling and Office 365

Back to the Office 365 and the journaling question. We’ve established that journaling is not a requirement for most companies - however, many still use it. So, if your company does journal email, the question you should ask is; can Office 365 provide live journaling capability? The simple answer is no. Instead, Microsoft suggests that an on premise or third-party cloud archive be used as the journal mailbox. There are a couple of issues with this suggestion.

First, keeping an on premise email archive active to act as a journal mailbox is expensive and defeats the purpose of moving your live email to Office 365 – it will cost more than staying with your current on premise Exchange system.

Second, relying on a third-party cloud archive can be costly and lead to vendor lock-in issues. Vendor lock-in occurs when a third-party archive vendor controls data access and converts your journal data into a “more convenient” format (for them). The issue comes when you want to move your journal data to another cloud archive. The proprietary archiving vendor will charge you an exorbitant amount to “re-convert” your data back into its original format – sometimes as much as $10 + per GB. This situation is referred to as “data ransom” and depending on the amount of data in the archive, can cost millions of dollars.

Another tactic used by proprietary archives is to throttle the data extraction speed if you try to move too much of it out of their proprietary archive. Throttling produces roadblocks to make you change your mind on leaving. For example, customers have told us a third-party vendor drastically limited the data extraction speed to draw out their move to another cloud archive – in some cases estimating it would take a year or more to get their data back.

Journaling to your cloud

Neither journaling solution discussed above – keeping an on premise archive active or relying on a third-party proprietary archive, are an effective strategy.

Many CIOs have looked at the extremely low cost, security, and unlimited scalability of public clouds such as Microsoft Azure, and wished they could simply journal from their Office 365 email system to their own Azure tenancy to solve the Office 365/Journaling conundrum. This solution would address the vendor lock-in and cost issues by taking advantage of the company’s own low-cost cloud. But, up until now, public clouds were not able to accept, manage, and keep whole, a journal’s complexities.

Their hopes have been answered. Archive360 and Microsoft have partnered to offer just such an Office 365/journaling solution based on the Azure Cloud. Archive360’s Archive2Azure platform enables a live email stream from Office365 (copies of all emails etc.) to move directly into the company’s Azure tenancy where Archive2Azure then validates it (chain of custody) and manages it based on policies set by the customer. Additionally, Archive360 utilizes the customer’s encryption keys to secure data in the company’s Azure tenancy.

Several advantages to this solution is it avoids vendor lock-in – it's your data in your cloud in its original format, the cost model can be as much as 90% less than a third-party, and on premise archives, and with the Microsoft Azure platform and Archive360, you will have a live journaling solution that continues to evolve and add additional capabilities.

For more information or to talk to an Archive360 representative, click through to our Archive2Azure webpage or contact us directly.