SMBs like the way ArcMail Smells; Is 'Sniffing' the Next Big Thing in Email Archiving?
If somebody had told us that a relative unknown company had come out of nowhere to capture 20% of the small and midsize business (SMB) market in email archiving (according to Gartner) since 2006, we would have thought it a joke. But, that is exactly what we discovered when we recently spoke with ArcMail's CEO Todd Gates. And while ArcMail has flown under the radar screen of most publications and analysts, once we spoke with Gates and began to understand the technology behind ArcMail, we immediately understood why SMBs like the way ArcMail archives email and why they are bringing ArcMail in-house for their email archiving needs.
SMBs struggle with many of the same email archiving issues that enterprises do. The difference is that they rarely have access to the same sorts of resources (personnel, money or time) to respond to eDiscovery requests that government regulations or rulings such as the Federal Rules of Civil Procedure (FRCP) bring about. Further, most available email archiving solutions are based on the premise that companies have some IT staff available to configure and manage their email archiving product, an assumption that does not necessarily hold true in SMBs.
It is these types of issues that ArcMail sought to address. Specifically, ArcMail sought to provide a turnkey approach to email archiving for SMBs that met the following conditions:
The feature that makes it interesting is that it sits outside of the network and "sniffs" the corporate network for e-mail. Approaching archive in this fashion allows Defender to archive email without relying on or integrating with Exchange's (or anyone else's) email engine. CEO Gates stated it best when he said, "If we can sniff it, we can archive it."
ArcMail Defender ships as an appliance and includes all of the hardware and software that organizations need in order to deploy it. Appliances range from 500 GB to 16 TB and if an organization should find itself outgrowing its storage, modules can be added that can scale Defender as large as needed. Further, based on Gates comments, ArcMail already appears to be extending its reach beyond just the SMB space as Gates claims ArcMail has customers with as many as 30,000 mailboxes. Not bad for an SMB play.
As part of ArcMail's plan to provide an answer for the eDiscovery needs of SMBs, Defender speaks directly to the needs of FRCP in its ability to search for records related to an eDiscovery request and then place those messages on legal hold. Once this legal hold occurs these messages cannot be deleted while assuring companies that they can avoid spoliation of their email data.
In terms of compliance, Defender can detect and sniff encrypted messages (even though it cannot decrypt them) as well as unencrypted messages and takes all of them and encrypts them in its archive using AES 256 encryption. Organizations that deal with regulations such as PCI and HIPAA compliance, as well as numerous state and federal statutes, will find this feature useful as encrypted archives provides them with "safe harbor" from customer notification since, should a data breach occur, if the archived data is encrypted, it eliminates the need and costs associated with notifying their clients and protects their reputation.
Gates said there is no specific industry or vertical where it is seeing a large uptick in interest, other than to say, "All of them." He did, however, point out that he is seeing more interest from school districts in using ArcMail to track the emails of students and staff so as to provide transparency for litigation in cases of faculty or student misconduct, as well as answering open records act requests.
While ArcMail's sniffing technique is unique, it does introduce some deficiencies that may preclude some organizations from deploying it. Specifically ArcMail:
ArcMail brings a new twist to a mature market that DCIG suspects will garner interest and subsequent copycat approaches from competitors. Its approach is as is refreshing as it is unique for a market segment that is constantly on the lookout for a turnkey way to solve their growing email and compliance problems without introducing a lot of administrative headaches and costs into the mix.
SMBs struggle with many of the same email archiving issues that enterprises do. The difference is that they rarely have access to the same sorts of resources (personnel, money or time) to respond to eDiscovery requests that government regulations or rulings such as the Federal Rules of Civil Procedure (FRCP) bring about. Further, most available email archiving solutions are based on the premise that companies have some IT staff available to configure and manage their email archiving product, an assumption that does not necessarily hold true in SMBs.
It is these types of issues that ArcMail sought to address. Specifically, ArcMail sought to provide a turnkey approach to email archiving for SMBs that met the following conditions:
- No full-time IT staff
- Limited or no expertise with email archiving
- Email platform agnostic
The feature that makes it interesting is that it sits outside of the network and "sniffs" the corporate network for e-mail. Approaching archive in this fashion allows Defender to archive email without relying on or integrating with Exchange's (or anyone else's) email engine. CEO Gates stated it best when he said, "If we can sniff it, we can archive it."
ArcMail Defender ships as an appliance and includes all of the hardware and software that organizations need in order to deploy it. Appliances range from 500 GB to 16 TB and if an organization should find itself outgrowing its storage, modules can be added that can scale Defender as large as needed. Further, based on Gates comments, ArcMail already appears to be extending its reach beyond just the SMB space as Gates claims ArcMail has customers with as many as 30,000 mailboxes. Not bad for an SMB play.
As part of ArcMail's plan to provide an answer for the eDiscovery needs of SMBs, Defender speaks directly to the needs of FRCP in its ability to search for records related to an eDiscovery request and then place those messages on legal hold. Once this legal hold occurs these messages cannot be deleted while assuring companies that they can avoid spoliation of their email data.
In terms of compliance, Defender can detect and sniff encrypted messages (even though it cannot decrypt them) as well as unencrypted messages and takes all of them and encrypts them in its archive using AES 256 encryption. Organizations that deal with regulations such as PCI and HIPAA compliance, as well as numerous state and federal statutes, will find this feature useful as encrypted archives provides them with "safe harbor" from customer notification since, should a data breach occur, if the archived data is encrypted, it eliminates the need and costs associated with notifying their clients and protects their reputation.
Gates said there is no specific industry or vertical where it is seeing a large uptick in interest, other than to say, "All of them." He did, however, point out that he is seeing more interest from school districts in using ArcMail to track the emails of students and staff so as to provide transparency for litigation in cases of faculty or student misconduct, as well as answering open records act requests.
While ArcMail's sniffing technique is unique, it does introduce some deficiencies that may preclude some organizations from deploying it. Specifically ArcMail:
- Does not archive existing mail on disparate e-mail systems. Since ArcMail just sniffs email messages, organizations need to think through how they will archive their existing email stores using the ArcMail appliance.
- Does not recognize 'received' and 'read' emails within and organization. ArcMail Defender only captures email messages that are sent out or received over the corporate network. It does capture information such as if an individual has received or read an email.
- Does not provide an accountability roadmap of an e-mail message. If it is necessary for an organization to have a complete accountability as to who has sent and received an e-mail as well as capturing header information, then this should be an area of caution when deploying ArcMail.
- Does not do email management. ArcMail essentially logs an organization's incoming and outgoing emails. It does not block emails from going out or coming in nor does it manage the main email data store in any way
ArcMail brings a new twist to a mature market that DCIG suspects will garner interest and subsequent copycat approaches from competitors. Its approach is as is refreshing as it is unique for a market segment that is constantly on the lookout for a turnkey way to solve their growing email and compliance problems without introducing a lot of administrative headaches and costs into the mix.
Buyers Guides
Newsletter Signup
Excellent information. ArcMail's technology is great.