Why You Need Email Integrity Check In Email Archiving
05 Dec 2021 - sj, tags: archiving, compliance, insights
Email is often used as evidence, therefore it’s important that organizations can prove that the archived emails are stored in their original format, and they haven’t been altered since then. To verify this fact, we need to perform an integrity check every time the archived message is retrieved.
When a message is received by the archive, it computes a cryptographic hash value of the message, and stores it as connected metadata to the original message. When the message is retrieved from the archive, it computes the hash value again, and compares the new hash to the stored hash value. If they match, then it’s a confirmation that the given message hasn’t been compromised or tampered with any way.
Most archiving products produce a visual clue about the result of the comparison, so it’s obvious for the user whether the message is intact or not. If not, then it’s likely that the archived file is corrupted or has been altered in some way. Piler enterprise uses an SHA-256 hash value for such purpose. The whole message (as well the headers and attachments) is included in the computing process.
However, we can do even better than that with a tamper-proof storage device, aka a WORM (=Write Once, Read Many) drive where it’s physically impossible to alter the message after writing it to the device. Such device can also prevent deleting its contents.
The integrity check is only part of the archive’s security. Any well rounded email archive uses timestamps and extensive logging to keep track an audit trail to record who did what and when. Such audit trail can be searched to quickly find the details of the given transaction, ie. who viewed the given message in the archive.
Another important feature is the user roles and permissions to provide a fine grained access to both messages and archiving features. Regular users can perform actions on their own emails, except altering or deleting them, eg. add notes, tags to them. HR, Legal teams are usually equipped with greater privileges regarding message scopes. They may see others’ emails, search audit records, etc.
Message encryption is another layer of defense. If someone could somehow copy the archived emails to an USB drive, eg. gaining access to backups, all he could get is a bunch of encrypted files, useless without the encryption key. Piler enterprise uses the industry standard AES-256 algorithm to encrypt messages.