1. Enterprise Vault: Addressing Critical Issues For Legal and IT

2. There’s Got To Be A Better Way
Agenda
Today’s Challenges
from an IT and Legal Perspective
There’s Got To Be A Better Way
Enterprise Vault
Real World Examples
Customer case studies

3. Today’s Challenges

4. Email: No One Expected This!
is exploding
Business growing 25–30%
Attachment sizes growing
Voic , video, …
is critical
is 75% of corporate IP
is in 75% of corporate litigation
Regulations around retention
is under attack
Over 60% of is spam **
80% of viruses are via ***
Phishing and other new threats
Increasing security threats
Worm, spam, phishing
68% of Internet are spam (according to Symantec BrightMail Field Data)
77% growth in spam for companies monitored by Symantec
Phishing: BrightMail AntiSpam antifraud filters blocked 33M phishing attempts in a week (WHEN???), vs. 9M/week in July  4.5M a day
SEC Security and Exchange Commissions
HIPPA, privacy
Cost of Managing the Infrastructure
Gartner predicts the volume of business will grow % annually through 2009
Spam Problem
Gartner and META estimate that spam consumes between % of overall volume
Threats to Business Continuity
80% of viruses enter organizations through the gateway (IDC)
Usage of as Data Repository
Enterprise Strategy Group (ESG) reports that as much as 75% of most companies' intellectual property is contained in messages
Managing Risk for Compliance and Governance Objectives
Sarbanes-Oxley Act
Securities and Exchange Commission Rule 17A-4
Health Insurance Portability and Accountability Act
Legal Discovery
* Gartner (number excludes spams)
** Symantec Internet Security Threat Report, Mar. 2005
*** IDC
**** Enterprise Strategy Group
has become the primary medium for how we communicate. The consequence is that has become a de facto record repository.
CIO Magazine, Jan 2005

5. Coleman v. Morgan Stanley Anti-Monopoly, Inc. v. Hasbro,
"The storage folks found
an additional 1,600 backup tapes in a closet,“ explained a Morgan Stanley executive. $1.45 billion awarded
Thomson v. US HUD
“…precluded from introducing into evidence in their case any of the 80,000 records that were "discovered" during last minute.”
On Backup Tapes: Skeletons In the Closet
Anti-Monopoly, Inc. v. Hasbro,
“The law is clear that data in computerized form is discoverable even if paper ‘hard copies’ of the information have been produced.”
Zubulake v. UBS Warburg
“Documents stored on backup tapes can be likened to paper records locked inside a sophisticated safe to which no one has the key or combination.”

6. And That’s Just The Beginning…
“A ‘small’ number of backup tapes with records detailing the financial information of government employees were lost in shipment to a backup center, Bank of America said on Friday.”
And That’s Just The Beginning…
“To combat data leakage, a growing number of vendors are pitching products designed to monitor sensitive information and block outgoing s or instant messages containing it.”

7. Email: Challenges for Legal
Capture
Cost and delay around restoring backups
Lack of proactive defense strategy
Risk that everything wasn’t captured
Retention
Risk around accidental/intentional deletion
Risk around inconsistent policy
Risk around non-compliance
Traditional document retention policies relate to hard copy documents and are ineffective in managing retention of electronic documents
Document retention policies usually rely on compliance by individual employees rather than systematic means of retaining records across the enterprise
Companies that manage by routine deletion of documents risk inadvertent deletion of responsive documents
Most companies have to search multiple locations to determine whether responsive documents exist (servers, home directories, individual hard drives, lap tops, back up tapes, PDAs, instant messaging, floppy disks, etc.)
Documents maintained by individual users on individual lap tops and hard drives results in lack of information control
In order to review this data, requires identification and collection of individual hard drives/lap tops
Productivity loss while collecting individual lap tops
Operationally difficult to collect laptops and hard drives
Significant costs associated with traditional review of e-documents
Law firms outsource data management because of complexity of searching data gathered from multiple sources
Formatting and consolidation of data in order to create searchable data base is costly
Creates additional layer of complexity, cost and delay in responding to discovery requests
Traditional approach promotes delay in responding to discovery requests, which is particularly problematic when dealing with matters involving regulatory agencies
Review
Delays in finding responsive information
Cost in “scrubbing” and reviewing
Finding issues early (HR, IP, profanity, …)

8. Email: Challenges for IT
Cost to store growing volumes of
Cost to scale servers
Cost to backup growing message stores
Cost
Risk around downtime
Risk around client-side archives (e.g., PST)
Risk around migration (e.g., to E2003)
Risk
Traditional document retention policies relate to hard copy documents and are ineffective in managing retention of electronic documents
Document retention policies usually rely on compliance by individual employees rather than systematic means of retaining records across the enterprise
Companies that manage by routine deletion of documents risk inadvertent deletion of responsive documents
Most companies have to search multiple locations to determine whether responsive documents exist (servers, home directories, individual hard drives, lap tops, back up tapes, PDAs, instant messaging, floppy disks, etc.)
Documents maintained by individual users on individual lap tops and hard drives results in lack of information control
In order to review this data, requires identification and collection of individual hard drives/lap tops
Productivity loss while collecting individual lap tops
Operationally difficult to collect laptops and hard drives
Significant costs associated with traditional review of e-documents
Law firms outsource data management because of complexity of searching data gathered from multiple sources
Formatting and consolidation of data in order to create searchable data base is costly
Creates additional layer of complexity, cost and delay in responding to discovery requests
Traditional approach promotes delay in responding to discovery requests, which is particularly problematic when dealing with matters involving regulatory agencies
Time to support user quota issues
Time to troubleshoot client-side archives
Time to handle user restores
Time

9. And Email Is Just The Start…
User home directories
Network file shares
Document Management systems
Microsoft SharePoint
Instant Messaging
Fax, Voic , Wireless, …

10. There’s Got To Be A Better Way

11. Enterprise Vault: Faster, Cheaper, Better Discovery
Capture
Capture and index all automatically
Capture and migrate client-side archives
Capture files, IM, SharePoint, …
Retention
Retain based upon flexible policies
Enforce retention at storage level
Filter items to archive and retain
Traditional document retention policies relate to hard copy documents and are ineffective in managing retention of electronic documents
Document retention policies usually rely on compliance by individual employees rather than systematic means of retaining records across the enterprise
Companies that manage by routine deletion of documents risk inadvertent deletion of responsive documents
Most companies have to search multiple locations to determine whether responsive documents exist (servers, home directories, individual hard drives, lap tops, back up tapes, PDAs, instant messaging, floppy disks, etc.)
Documents maintained by individual users on individual lap tops and hard drives results in lack of information control
In order to review this data, requires identification and collection of individual hard drives/lap tops
Productivity loss while collecting individual lap tops
Operationally difficult to collect laptops and hard drives
Significant costs associated with traditional review of e-documents
Law firms outsource data management because of complexity of searching data gathered from multiple sources
Formatting and consolidation of data in order to create searchable data base is costly
Creates additional layer of complexity, cost and delay in responding to discovery requests
Traditional approach promotes delay in responding to discovery requests, which is particularly problematic when dealing with matters involving regulatory agencies
Review
Search by timeframe, people, keywords, …
Manage cases, mark, produce, …
Automate regular surveillance review

12. Enterprise Vault: Faster, Cheaper, Better Email
Automatically archive to cheaper storage
Users still retain seamless access to
Compress & single instance to reduce data
Cost
Reduce backup window through archiving
Eliminate client-side archives (e.g., PSTs)
Reduce downtime during migration
Risk
Traditional document retention policies relate to hard copy documents and are ineffective in managing retention of electronic documents
Document retention policies usually rely on compliance by individual employees rather than systematic means of retaining records across the enterprise
Companies that manage by routine deletion of documents risk inadvertent deletion of responsive documents
Most companies have to search multiple locations to determine whether responsive documents exist (servers, home directories, individual hard drives, lap tops, back up tapes, PDAs, instant messaging, floppy disks, etc.)
Documents maintained by individual users on individual lap tops and hard drives results in lack of information control
In order to review this data, requires identification and collection of individual hard drives/lap tops
Productivity loss while collecting individual lap tops
Operationally difficult to collect laptops and hard drives
Significant costs associated with traditional review of e-documents
Law firms outsource data management because of complexity of searching data gathered from multiple sources
Formatting and consolidation of data in order to create searchable data base is costly
Creates additional layer of complexity, cost and delay in responding to discovery requests
Traditional approach promotes delay in responding to discovery requests, which is particularly problematic when dealing with matters involving regulatory agencies
Take away need for quotas
Give users “self-service” restore for
Allow users to search their archives
Time

13. How Enterprise Vault Works
Primary
Data Store
Transfer
Secondary
Data Store
Links
Search
Analyze
Retrieve
Disclose
Secure
Rationalize
Categorize
Retain
Index
Audit
Future Proof
Share
Expire
Use this so we can explain how we interact with Storage

14. Basic Options In Retention
Retain everything forever
No risk of losing anything
Higher storage cost
Risk of “over-retention”
Retain everything for a fixed period of time
Control risk of keeping items too long
Risk of deleting relevant business record
Reduced storage cost
Retain based upon policy / categorization
For specific users
Based upon properties or content
User-driven categorization

15. Flexible Policies To Meet Your Business Needs
What to Archive?
Capture all for users (journaling)
OR by age, quota, size, user action, …
Filters based upon subject, from, to, …
Retention Categories to enforce retention
Filters can also drive Retention Category
User folders can drive retention
How to Retain?
Traditional document retention policies relate to hard copy documents and are ineffective in managing retention of electronic documents
Document retention policies usually rely on compliance by individual employees rather than systematic means of retaining records across the enterprise
Companies that manage by routine deletion of documents risk inadvertent deletion of responsive documents
Most companies have to search multiple locations to determine whether responsive documents exist (servers, home directories, individual hard drives, lap tops, back up tapes, PDAs, instant messaging, floppy disks, etc.)
Documents maintained by individual users on individual lap tops and hard drives results in lack of information control
In order to review this data, requires identification and collection of individual hard drives/lap tops
Productivity loss while collecting individual lap tops
Operationally difficult to collect laptops and hard drives
Significant costs associated with traditional review of e-documents
Law firms outsource data management because of complexity of searching data gathered from multiple sources
Formatting and consolidation of data in order to create searchable data base is costly
Creates additional layer of complexity, cost and delay in responding to discovery requests
Traditional approach promotes delay in responding to discovery requests, which is particularly problematic when dealing with matters involving regulatory agencies
Enforce non-tampering during retention
Automatically expire content after retention
Optionally place expiration “on hold”
How to Dispose?

16. How Enterprise Vault Works: Architecture
Clients
Sources
Apps
Outlook
Web Access
SharePoint
2003
SDK
Outlook
Offline
Vault
Search
Archive Explorer
Supervision
E-Discovery
SDK
Exchange
Mailboxes, Journals
Public Folders, PSTs
Enterprise Vault
Store/Retain/Expire
Index/Search/Future-Proof
View/Restore
Compress/Migrate
Audit/Administer
Categorization/Filtering
File System
SharePoint
2003
Summary of the main sources of information to be stored in Vault along with the main clients – note that file system archiving is a mid-2003 deliverable
Adding SPS and applications using archive API as sources and MS Search as indexer.
Domino Journaling
Archive
Store
Secondary
Store
SMTP
Capture
Targets
SDK
SDK

17. Building An Archiving Platform: EV Partners
Need to archive… IM
Databases
Blackberry
SAP
Bloomberg
Need Records Mgmt…
Need a hosted solution…
Need to classify or filter what gets archived…
Need to protect rights of documents being archived…
Integration planned

18. Real World Examples

19. Recognized Market Leader
Magic Quadrant for Active-Archiving Market
Active-Archiving Market Size, 2004
2nd Time in a row as only leader
EMC 18.3%
Zantaz 9.2%
CommVault 3.9%
IBM 2.9%
iLumin 19.2%
Other 14.6%
Symantec Total 31.9%
Total New License Revenue = $88.7 Million
Source: Magic Quadrant for Active-Archiving Market (April 2005)
Source: Gartner Dataquest (April 2005)

20. Over 2000 Customers Can’t Be Wrong…
One of the biggest pieces of news that came out at VISION was the announcement that for the second year in a row, EV is the ONLY company listed as a leader in the Gartner Active Archiving Magic Quadrant. Notice how far away our competitors are. Gartner rates companies on vision and ability to execute – looking at things like past history of delivery, revenue, # of customers, happiness of references, etc. More on next slide…

21. Customers Finding Legal and IT Benefits
“Pertaining to an based public record request. 
Using our new KVS system we searched and burnt to
CD over s related to the request in under 5
hours total labor hours.  Our old methodology if done with
the same diligence would have taken an estimated
1000+  labor hours.”
“It has saved me about 20 hours a week in administration. We run our tape backups every day, get the tape, and that’s it. I don’t have to baby sit the Vault and I sleep well at night knowing that my Exchange Info store won’t crash.”

22. How We Used It Internally4 I
NTELLIGENCE
Policy Manager 3 C
ORP . R
ECORDS F IX
(Copy)
Corp. Records Vault
Categorization Tool 2 .
PST F IX
(Copy)
User Mailbox
User’s Personal Vault 1 T
APE F IX
Journal: 90-day Revolving Storage in Vault
(Copy)
Microsoft Exchange
Enterprise Vault
IBM Notes/Domino
is probably a mission critical application for your business, it certainly is in ours. However, as we’ve become more reliant on to drive the business, our IT group has seen many more challenges in keeping the system secure and available, ensuring that information is properly stored, and doing all of this in a cost-efficient way as our number of users grows .
According to the Gartner Group, more than 80% of all computer viruses enter a company’s network via . With the increase in usage and volume of s, 62% of organizations consider growth in messaging storage alone to be a serious or very serious problem according to Osterman Research.
So to keep systems secure and available to businesses, IT must block spam and viruses, efficiently manage the growing volume of , and retain messages so we can retrieve them when required but also manage the cost of storage for all of this .

23. Market Leadership In Backup/Recovery
Challengers
Leaders
Veritas NBU
IBM
Legato
Ability to
Execute
CA BEB
CommVault HP
BakBone
Syncsort
VERITAS simplifies product delivery by incorporating options into the core product.
VERITAS gives users additional value through with new functionality and greater flexibility through integrated options.
NEW OPTIONS in 5.x
1) Advanced Client – Consolidated a number of advanced functions into one option. The following were consolidated into the AC:
ServerFree Agent, Snapshots, FlashBackup, Oracle Block Level Incremental (BLI) (in 5.0)
NetApp SnapShot and SnapRestore capability (in 5.1 )
ADDITION TO CORE IN 6.0
1 ) Functionality previously provided through Global Data Manager (GDM) will now be part of the core product, plus the new Operations Manager will include alert capabilities and real-time monitoring.
NEW OPTIONS in 6.0
Bare Metal Restore (BMR), previously a separate product now an integrated option with NBU. Use one interface to control backups or BMR.
2) New Advanced Client Functionality – Further NetApp integration
PART 1: SnapVault Integration – Schedule, configure, and manage SnapVault operations. This integration provides the ability to store multiple, primary snapshots from multiple filers, on a less expensive secondary device (…the VAULT metaphor).
PART 2: Move snapshots to a secondary store (NetApp NearStore)
SnapVault only transfers changed blocks from the primary to the secondary (single instance store (SIS) or commonality factoring)
This will permits user-initiated restores with the availability of OnTap 7.1.1
Allows NetApp filers to be backed up to a NetApp NearStore
<END>
Atempo
Niche Players
Visionaries
Completeness of Vision

24. Leveraging NetBackup for Reduced Archiving TCO
Primary Storage
Enterprise Vault 6 NetBackup Migrator
Disk Archive
NetBackup Media Server 5.1+
Tape Library
Initially for 6 SP1 we will “see” the NBU media server as a storage device just as we do with Windows servers, EMC Centera, NetApp SnapLock, and IBM DR550.
This allows customers to have the opportunity of a tape integration as a secondary storage target for added data security.
There is a NBU + EV Best Practices guide that PS is using to work with deployments.

25. Market Leadership In Email Security
Magic Quadrant for Security Boundary
Source: Gartner 2005

26. Security + Availability = Integrity
Symantec enables organizations to cost-effectively mitigate risk around regulatory issues, internal policies and legal e-discovery
Records Discovery and Retrieval
Data Reduction
Risk Reduction
Internal Protection
Records Retention
Reduce unnecessary volume of mail to monitor for policies
Monitor inbound and outbound messages for unauthorized contents real time
Scan internal and outbound traffic for unauthorized content
Automatically capture, manage and retain and other records based on business policies
Monitor, search and retrieve archived content for compliance, legal discovery and other needs
Messaging
Environment
remains accessible
by IT, legal and compliance
officers
VERITAS Enterprise
Vault Server
Internet
Vault Store
Spam Retention (Regulation-dependent)
Web-based
Spam Quarantine
remains accessible
to end users

27. Summary: Key Benefits Address near-term legal needs
Automate electronic records retention
Reduce costs of legal discovery
Find issues before legal action
Simplify the environment
Faster, more highly available
Lower TCO for storage and servers
Reduced user issues around
Build a platform for the future
Archive IM, files, SharePoint, …
Prepare for upcoming regulations
“Mine” repository for business value

28. Summary: Key Offerings
Product
Description
Exchange Mailbox Archiving (and related options)
Archive Microsoft Exchange to reduce mail stores Optionally migrate PST files, enable offline access and archive Public Folders
Exchange/Domino Journal Archiving
Capture & retain Exchange or Domino for discovery and compliance purposes
Historical Vault
Restore tape to archive for historical discovery searches
SharePoint Archiving
Archive documents from Microsoft SharePoint
SMTP Capture
Capture any SMTP for retention/discovery/compliance
File System Archiving
Archive and retain files from network file servers for storage management and legal discovery
Discovery Accelerator
Automate legal search/review process
Compliance Accelerator
Automate supervision process

29. Screen Shots

30. Mailbox Archiving: Flexible Archiving Policies
Next demo steps:
Select the Mailbox Rules Tab
Explain the logic in this screen, starting from the bottom and working your way up.
We will now look at where the mailbox archiving rules are managed. It is best to start explaining this screen from the bottom-up. In other words, there are 3 main archiving methods: message age, proximity to the Exchange mailbox limit, and message size. The “Young Items” setting overrides the settings below. In the screenshot above, no messages of any size will be archived between delivery and 2 weeks in age. Between 2 weeks and 2 months, only messages that are larger than 1024KB will be archived. All remaining messages will be archived 2 months after delivery. Note that archiving logic is based on the “Received Date” field in the Exchange message object.

31. Mailbox Archiving: Seamless User Experience
To begin the mailbox archiving demonstration, we will illustrate the fact that Outlook is the software used to view messages from both Exchange and the Enterprise Vault. In many cases, the same mailbox folder may have a combination of such messages. The important point here is that the end user does not need to install or learn a new software application in order to view the archived data. When we archive, we physically move data to more appropriate “back end” storage, but we do not move the data on the “front end” interface for end users, which in this case is Microsoft Outlook.
Demo steps:
Click on the Inbox and point out that there is no change to the most recent messages that the end user accesses frequently.
Scroll down to older messages and point out the slight visual difference between the native messages still stored in Exchange, and message shortcuts pointing to the Enterprise Vault. Note the gray icon that looks like a file cabinet.
Click once on the archived message from Ian Jones with the subject Hand Crank Vault Store and point out that the preview pane functions normally, as it did prior to archiving.
Point out that the physical size of the shortcut (shown as a column in the message list) is 2KB, compared to the 5.2MB original size as indicated in the preview pane.

32. Mailbox Archiving: Integrated Search
Note the drop-down box in the EV search interface. This interface provides the ability to search data in other archives besides the end-user’s own mailbox archive. EV synchronizes the permissions granted in Exchange, to ensure that the user will have the same data access in EV as they have in Exchange. For example, if a user has Delegate access to their manager’s Exchange mailbox, their manager’s archive will be available for searching, automatically. It should also be noted that file system archives may be visible to the user in this search interface as well.
Next demo steps:
Type the words Project Alpha in the Look for text box
In the In Vault box, select Vault Administrator.
Click on the Find Now button to start the search.
The search will return 4 items archived. Compare this number to “No items found” using the Outlook Advanced Find shown earlier.
Point out that there were 3 zip files and 1 word document returned. Alta Vista has the ability to index zipped files!
Point out that a paperclip or envelope icon to the left of the file name indicates whether the item found is an attached file, or message itself.
Click on the Properties icon (looks like a hand, holding a document) to the right of file name to see the cover message that contained the attachment.
Key Points:
This is a great example of “knowledge exploitation” provided by EV. A great deal of data is contained in attachments.
The search actually looked for messages or files containing the words Project or Alpha. You could have typed “Project Alpha” in quotes for an exact phrase search (assuming EV is configured for Full indexing).

33. Mailbox Archiving: PST “Sniffer”
Location
Size (K)
User
\\ukpco1\c$\profile1
10321
JoeB
HKEY Current User…
4532
MarkH
\\uksrv03\UserShare1\
9875
JuileP
PST
First stage of PST migration is for the server to search the network and network registries and to create the central table that will form the main management ‘tool’ of the migration process. Please note also tat the client is able to copy
PST
Search remote registries and file systems
Search client Outlook profiles
Determine ownership

34. Retention: Categorization and Filtering
Don’t archive spam
s to outside
s from legal
Rules (XML)
Filter on msg. properties Don’t archive, delete, … Place in category
External
Retain 3 years
Legal
Retain 7 years X
Categories (XML)
Define retention category Define indexed props. Define target archive
Enterprise Vault
Search
Search based upon categories and added properties

35. Retention: Powerful Discovery Search
ACME CORP MERGER

36. Retention: Review, Marking and Production
Jamie Clifton

37. Retention: Automated, Regular Surveillance
From the CA home page, click on Hotwords in the far right column
Here you can see a list of Hotwords we have loaded into the system to potentially save time later when setting up our searches. It’s very common for a department (not just financial services!) to flag certain messages for management review if they contain certain inappropriate words or phrases. For example, a customer service department might not want their reps to say certain things to customers. Or, an Engineering department might be concerned about intellectual property leaks, so they might look for certain patented terminology or product feature descriptions leaving the company’s system, so management can take appropriate disciplinary action. So you can see this could be used in more scenarios than just NASD-specific financial services compliance.

38. Retention: Flexible Surveillance Criteria
From the CA home page, click Bond and Stock Brokers from the middle column, then click Searches, New Search.
As you can see, there are quite a few parameters to use when configuring a search. In addition to the date range and search terms, you can even specify the departments and/or people involved in the message. For example – your department communicating to the outside world, or your department communicating to another department, or specific people within your department and specific people in other departments.

39. Retention: Efficient Surveillance Process
From the CA home page, click the small icon on the far left next to Bond and Stock Brokers
Now we’re looking at the review screen for the messages that entered the review queue, either due to a search for specific terms, or randomly based on a configured percentage of mail traffic that needs to be randomly reviewed. Note the highlighted text in the message – this draws the reviewer’s attention to the words specified in the search parameters. Below the message, the reviewer can mark each message as “Appraised”, “Pending”, “Questioned”, or “Reviewed”. Later we will look at reports that can show statistics on the number of messages in each category, by department. This is, in a nutshell, the NASD 3010 and 3110 requirement – review the mail, assign a certain marking/category, and be able to produce reports indicating that the review is taking place on a regular basis.

40. Retention: Fully Audited Surveillance
Click the small pencil icon next to the message from
One thing that is very important in compliance is the concept of auditing what happens to each message. Here we can see that on at 3:19pm a reviewer called Joe User marked this particular message as “Pending” because he wasn’t sure how to treat this message. At 3:20pm Joe left a comment saying “we should check with Steve about this message”. At 3:32pm a reviewer named Dennis Jobs marked the message as Reviewed, and at 3:33pm Dennis left a comment saying “Steve is on vacation but I can say this looks fine for us”. This level of detail might be very useful for the SEC or NASD if they were to come in and look for a certain message.