Companies moving to Office 365 must decide what they should do with their on-premise compliance journals. The issue is Office 365 does not allow for journal mailboxes, so many companies have created workarounds. They include:
- Utilizing shared mailboxes for journal data
- Exploding legacy journals so they can migrate the journaled individual emails into the associated custodian mailboxes
- Keeping your on-premise Exchange server active is expensive.
- Using a proprietary third-party cloud is also expensive and risks the issue of vendor lock-in, otherwise known as data prison.
Journaling to an Office 365 Shared Mailbox
So, what is a shared mailbox? It is a common Office 365 mailbox that can be used by many employees in a group - for example a mailbox such as email@example.com. Many employees can have access rights to it and can send emails to anyone, all from the common email address.
The problem is Microsoft has lowered the storage limit of an Office 365 shared mailbox to 50 GB, not much for what many companies use as a catchall repository. This move is important because many companies use a shared mailbox for more than its intended use, for example as a journaling mailbox.
Also, many companies move departed employee mailbox contents to a shared mailbox, mainly because they’re free, remain in Office 365, and do not take up an Office 365 license. However, Microsoft would rather have ex-employee mailbox content declared as inactive - this keeps the mailbox intact and separate and frees up an Office 365 license. There are some downsides to using inactive mailboxes - which is why some companies have adopted the shared mailbox strategy – creating a shared mailbox that all departed employee content is dumped in.
What to do with Legacy On-Premise Journals
Many companies, especially companies in regulated industries such as financial services (Finserv), have a requirement to journal content from select mailboxes, for example, brokers and traders, and retain the data for 3-7 years.
The issue Finserv companies face is the fact that Office 365 does not have, nor allow mailboxes to be designated as journaling mailboxes. So, what can Finserv organizations do with their existing archived journals? In fact, Microsoft recommends companies either keep an on-premise Exchange server as the journaling repository or work with a third-party cloud provider to supply the journaling repository – neither considered ideal due to cost and complexity.
Fig 1: Using a third-party cloud as the Journal is expensive and risks being sentenced to data prison)
Several third-party data migration companies have come up with a scheme of exploding an on-premise archived journal (usually a huge amount of data) and migrating the exploded emails into individual custodian’s mailboxes.
An issue with this strategy is what happens to departed employee journaled email – there is usually no Office 365 mailbox to migrate it to. Another issue is that because journaled email can have 2 or more recipients, each email with multiple recipients must be duplicated so that the journaled individual email can be placed into each custodian’s mailbox. This means that one on-premise 10 TB journal, when exploded and migrated into individual Office 365 mailboxes can grow to many times the original size in Office 365 – 20 TB, 40 TB, or more. Microsoft has let it be known that they do not want their customers following this process and again, suggest using an on-premise Exchange server or a third-party cloud provider.
Fig 2: Exploding a journal can take up a great deal of space in Office 365
Another strategy some companies use is to migrate legacy archived journals into a shared Office 365 mailbox, accessing it when needed to respond to a regulatory information request or to perform eDiscovery. Again, because the new shared mailbox storage limit is now 50 GB, most legacy journals would not fit. Of course, you can split the journal among several shared mailboxes, but this complicates regulatory and eDiscovery searches. Also, for companies in the Finserv sector, shared mailboxes journals would not meet the SEC 17 very prescriptive requirements including the requirement to store data in a truly immutable or WORM format.
The other challenge Finserv organizations face when moving to Office 365 is what to do with their on-going, live email journaling requirements.
Live Journaling to Shared Mailboxes
Some companies began using an Office 365 shared mailbox as a live journaling repository (because its free) to save the expense of keeping an on-premise Exchange server active or paying the high prices for a proprietary third-party cloud.
Again, the problem with this strategy is, depending on the size of the organization, live journaling into a shared mailbox will need to be migrated regularly (raising regulatory or legal risk if not done) as the shared mailbox fills up. Remember, the new shared mailbox storage limit is now 50 GB. In actuality, the 50 GB limit is driving companies back to the existing costly and complex journaling solutions of keeping an on-premise Exchange server active or using a third-party cloud.
Is there a better solution for journaling in Office 365?
Wouldn’t it be better to keep your legacy and live journal data within the same Microsoft Cloud while retaining full regulatory compliance, security, and control over your sensitive data?
Companies can now take advantage of their Azure tenancy to store and manage their legacy journal data as well as take live journal data from Office 365. With this solution, you no longer need to worry about being caught in data prison (otherwise known as third-party vendor lock-in), the issues with shared Office 365 mailboxes, or the extra expense of keeping an on-premise Exchange server active.
Archive360’s Archive2Azure platform enables customers to onboard their legacy journal data and stream live journal data while keeping the journal contents completely intact with zero metadata loss or data conversion. Archive2Azure is the first intelligent information management and archiving platform built for the Azure Cloud. This means that your sensitive legacy and live journal data always stays in your Microsoft Cloud under your direct control. Archive2Azure provides full data migration and cloud management of your journal data, all in one solution without the need to pay for and rely on a proprietary third-party cloud provider.
Fig 3: Keep your data in your Microsoft Cloud
Not too long ago, the Archive2Azure information management solution was criticized by industry pundits due to the requirement that journal data needed to be moved to a different location – your Azure tenancy, and that would be a pain. In that same commentary, the pundit suggested that moving the legacy and live journal data to your own on-premise Exchange server or a third-party cloud would be the better practice…
Now maybe I missed something but exploding your legacy journal into many times its original size, directing your live journal stream to an expensive third-party proprietary cloud (risking vendor lock-in), or keeping a costly on-premise Exchange server active, seems to be a less than ideal practice when you have the option of keeping your sensitive journal data within your same Microsoft cloud tenancy.
Additional benefits of using your own Azure tenancy for your journal data include higher security (you use your own encryption keys), infinite scalability, immutable storage availability, and much lower costs.
For companies wondering what to do with their legacy and live journal data when migrating to Office 365, please keep the following in mind:
- Exploding legacy journals so you can migrate the individual emails into custodian mailboxes is not supported by Microsoft and for financial services companies, may put you at risk for SEC 17 non-compliance.
- Utilizing shared mailboxes for journal data no longer is possible due to the reduced storage limit of 50 GB.
- Keeping your on-premise Exchange server active is expensive.
- Using a proprietary third-party cloud is also expensive and risks the issue of vendor lock-in – otherwise known as data prison.
Additionally, each of the above strategies increases the complexity and risk of regulatory compliance and litigation support.
Only Archive2Azure and your Azure tenancy can successfully address the above issues while keeping you in complete control of your sensitive data. It's your data, in your cloud, under your control.
For more information on Archive2Azure journaling, you can download the Journaling Product Brief.