One of the most common retorts from IT managers or finance directors is that if PST files aren’t causing you any issues right now, why invest time and money in dealing with them? Well, below I will detail all the sordid details surrounding PSTs and why they must be dealt with before they sabotage your organization.
To learn how to upgrade your PST data, read Dominik Hoefling’s excellent step-by-step guide on migrating PST files to Office 365.
PST Issues: Security and Compliance
Perhaps the most compelling issue is Security and Compliance. In the age of GDPR and other regulations, data in PST files requires modern protection. However, these files do not support such security.
Since PSTs are portable and can be stored virtually anywhere – laptops, desktops, removable media, local networks, etc. – this makes them extremely difficult to identify and vulnerable. This is especially true when you consider what information may be contained within email to begin with. Inevitably, many will contain critical and highly sensitive information, such as intellectual and industrial property; personnel data and records; marketing plans and product launch info, along with corporate financial data. In the event a company laptop goes missing or is compromised, you can see how this could potentially put the organization at risk.
To make matters worse, if PST files are saved locally to a desktop or laptop outside of company backup parameters, the issue is further compounded because they’re neither backed up nor protected. Many organizations have stopped backing up local hard drives on end-user workstations as they have adopted cloud storage such as OneDrive for Business or Box. PST files don’t live in this space well, resulting in many companies rolling the dice and losing these recovery options.
Managing PST files becomes a job in itself. Not only can these files be easily deleted, just finding them typically requires a substantial investment in both time and technology. If an organization is faced with a legal hold, or a discovery request, they will struggle to locate these files. Native tools are too limited to perform a proper search of these files across your environment. This puts an extreme burden on IT, hinders the process and increases costs of litigation discovery. Without the use of third-party tools, admins must conduct a massive search exercise and often need to work with end-users, something that may not be even allowed depending on the case.
If the costs for producing data are high, you will not find relief if something goes wrong and have to pay fines. PST files, and the content in them, are also easily deleted and there is no real control to prevent this. Depending on the laws in your country, this creates new challenges. These laws continue to evolve and take stricter stances on protecting data. For example, in the US changes were made in 2015 to the Federal Rules of Civil Procedure. According to amendment 37e, companies can now be fined for not taking the proper measures to preserve this data. In Europe, the GDPR regulations cover preservation, management, and deletion of data – all key aspects of the regulations.
Depending on the regulation, companies could find themselves faced with sanctions, fines and expenses related to the discovery order.
The fact that PSTs are portable, rarely backed up, hard to search for and easily deleted – this is all cause for a perfect storm if your organization ever needs to comply with a discovery order.
Corruptible, Irretrievable and Irreparable
PSTs are notoriously unreliable (they were never intended to store large amounts of data long-term) and there are many ways they can become corrupt. When this happens, the file simply can’t be opened, and the user is unable to access the email. PST files are also extremely fragile and have a very limited propensity for recovery, so a lot of times corruption leads to permanent data loss. Simply put: sometimes they can be repaired, sometimes they cannot be, but most often some data is lost. Here are some common scenarios that can cause corruption:
- Any interruption while the file is being created or updated such as closing Outlook abruptly, PC crash or a power outage – this will prevent the PST file from saving data correctly
- Storing PSTs on a central file server, making them accessible over the network
- Interruption in network connectivity will corrupt, as will two users attempting to open the same PST file at the same time
- Ransomware/Virus/malware that has corrupted data on the system, including PSTs
- Hardware issues, such as physical damage
- Incorrectly recovering files (often this happens with bad recovery software)
This trifecta – the fact that they are easily corruptible and, in some cases, irretrievable and irreparable – is not just a drain on IT resources, it is a costly IT nightmare. Outside of IT, this data loss can have a massive impact on users resulting in customer frustration in terms of lost contracts, poor brand image, wasted time, legal risk, and more)
They’re just annoying
Aside from the IT torment described above, PSTs are just plain annoying. For one, they are specific to a device, so they are only accessible using that copy of Outlook and they cannot be accessed through OWA (Outlook Web App) or mobile devices. They are inaccessible by any other device attempting to access that particular mailbox.
Second, because these nasty little files are housed locally, they’re able to bypass fixed data retention policies and compliance requirements including deletion or classification policies applied against the mailbox. This enables end-users to archive data for longer periods of time than may be necessary by law, which means they can be subpoenaed during litigation.
Lastly, their file growth size is an utter nuisance. Let’s say the average size in your organization is around 2GB, so multiply that by the number of employees in an organization, and you’ll see that the size of all employees’ PST files can easily exceed terabytes. This can have a major impact on enterprise storage requirements and restore times.
The Solution
Most organizations express the need for a technology solution that will help them discover the files, determine ownership, remove passwords, repair the corrupt files, and then migrate the files to Office 365 as efficiently as possible.
Migrating these files to Office 365 has a wealth of benefits. Once moved to the cloud, messages are easily accessed, storage costs are rendered nonexistent, and IT burdens are eliminated. It’s highly advisable that enterprise organizations seek out a technology solution for eliminating PSTs in their ecosystem and remove the associated risks.
Because unlike a ticking time bomb, there’s no discernible sound that will alert you to the presence of this costly, GDPR-infringing PST file in your IT environment, you never know when the contents might explode into your business, causing IT and management headaches, costs, data loss, or potential reputational damage.
Dramatic? Maybe. Has it happened to big, household name companies before? Absolutely.
In the same way a bomb disposal squad is needed to dismantle a ticking time bomb, you must do something to de-risk your PST files – and there are a handful of options depending on the situation.
To learn how to upgrade your PST data, read Dominik Hoefling’s excellent step-by-step guide on migrating PST files to Office 365.
