Posted by: Beth Pariseau
data compliance and archiving, Storage Software as a Service
Email archiving SaaS vendor Proofpoint is adding compliance features to its services today in an effort to reach more enterprise users. The company that bought email archiving SaaS provider Fortiva last year is building new enterprise search and e-Discovery features into its service based on a newly-patented method for searching encrypted data.
Proofpoint email archiving appliances reside at the customer’s location, serving as a “gateway” into the cloud. The Microsoft Exchange email server journals emails to a special mailbox, which the gateway then draws from to send data to the cloud. The service integrates with the customer’s on-premise Active Directory to provide authentication and role-based access to the archive, and provides Web-based search of the archive for administrators as well as end users.
What makes Proofpoint’s approach unique, according to vice president of archiving product management Rick Dales, is that it provides search and other services without any visibility into customers’ data. When the data is ingested through the appliance, an encrypted index token is sent to Proofpoint’s data centers alongside the data. When users want to perform a search, the Proofpoint middleware makes a correlation between the index token and encrypted data, allowing it to return search results without ever decrypting the information. This is the process that was awarded a patent this week; new with this release is the ability for end users to perform these searches on their portion of the archive, rather than just IT admins.
Some of today’s updates to the service also build on these capabilities, like new support for the archiving and search of historical email, meaning email which belongs to users who have left the organization. In prior releases, if users were no longer visible in Active Directory, they would no longer be accessible through Proofpoint. With this release, Active Directory names and encrypted mailbox IDs are sent from the user’s appliance along with the encrypted index tokens. Proofpoint has no visibility into a correlation between the Active Directory names and the globally unique identifier (GUID), but can do a lookup on the plain-text name if requested by the user, including generating an address book showing all email addresses registered to that name.
“Often, lawsuits relate to people who are no longer with the organization,” said Dales.
Users can queue mail for supervisory review in environments where compliance dictates that, and the new version allows them to ‘whitelist’ emails that shouldn’t be sent to the queue, like newsletters. Similarly, updates to the Proofpoint policy engine mean users can apply policies to ‘all mail with exceptions’. Users will also now have the option of retaining data indefinitely, rather than having to decide on a retention period up front. The software also now supports archiving instant messages in addition to email. Finally, a new active legal hold feature flags new mail for archive that may be relevant to existing cases.
The announcement may be among signs that email archiving SaaS offerings, which one analyst described as “not ready for prime time” in the enterprise last year, are beginning to catch up with on-premise products, according to ESG’s Babineau. “They might not be able to catch up fully, because there are some inherent limitations to the cloud environment,” he said. “But the operational benefits that they deliver, i.e., they don’t require any IT ops management and you don’t have to buy any storage, make them a viable alternative to on-premise solutions, especially in this economy.”