Showing results for 
Search instead for 
Did you mean: 

Is Exchange Journaling insecure?

Level 5


Sounds strange doesn't it? Exchange Journaling, the process used by thousands of Exchange customers all over the world to ensure that have a defensible and reliable eDiscovery position, has been called into question by... Microsoft!

So why would Microsoft state that Journaling is insecure?

Microsoft consider that any data that leaves Exchange is inherently insecure as it no longer resides in the Exchange store. On this basis, that’s any data not in the store: mailboxes in Outlook cached mode, messages viewed on many common mobile devices, OWA 2013 when it caches messages, PST files (yes we all know about PST's). The reality is that "insecure" really boils down to your security practices and perimeters, and your comfort with data extending beyond it.

The other side to this is handling the volumes of messages generated as a result of enabling Exchange Journaling; it can be substantial. Enterprise Vault has customers generating in excess of 5 million messages per day just by journaling. There is no Exchange version which can handled this kind of data storage over the types of periods the data must exist - often counted in years. Mailboxes (even in Exchange 2013) just aren't built for this type of work.

So what is the solution?

Well, Microsoft also provide the answer to this too here:

They recommend the use of Journaling to a Journal mailbox to help "respond to legal, regulatory and organizational requirements". To avoid this mailbox from filling the Exchange database, thousands of customers use Enterprise Vault to securely archive the resultant Journal receipts so they can be held long term on compliant storage if necessary.

This is the reality behind this confused message. Journaling is a necessity and is something that Enterprise Vault customers have recognized for years. Journaling is the only way to ensure you are defensibly recording inbound and outbound Exchange messages in a compliant store. The use of an external compliant store like Enterprise Vault also means that any data (not just Exchange messages) can be stored in this manner and can be easily found during an eDiscovery event.

Don't be confused by Microsoft's disorganized messaging.

Use Enterprise Vault to securely store Exchange journal items to ensure you have a compliant, defensible record of email messages from which to safely perform eDiscovery searches.

While you're there, take full advantage of the compression and single instance routines built into the Enterprise Vault platform to ensure this data is stored in the smallest possible footprint.