Taming e-mail

The next generation of intelligent e-mail management systems has some nifty new tricks up its sleeve that go beyond compliance and corporate governance.

By Gary Eastwood

In the wrong hands e-mail can be a dangerously powerful tool '“ as highlighted by the recent 'ketchup-gate' scandal. Richard Phillips, a senior associate with City law firm Baker & McKenzie, was forced to quit his job in June after he sent a message demanding £4 from a secretary, who accidentally splattered his suit with tomato sauce during lunch.

Phillip's message, dated May 25 with the subject line 'ketchup trousers', is widely reported to have said: 'Hi Jenny, I went to a dry cleaners at lunch and they said it would cost £4 to remove the ketchup stains. If you cd let me have the cash today, that wd be much appreciated.'

The secretary at the same company, Jenny Amner, replied as follows: 'I must apologise for not getting back to you straight away but due to my mother's sudden illness, death and funeral I have had more pressing issues than your £4. I apologise again for accidentally getting a few splashes of ketchup on your trousers. Obviously your financial need as a senior associate is greater than mine as a mere secretary. Having already spoken to xxx they kindly offered to do a collection to raise the £4. I however declined their kind offer but should you feel the urgent need for the £4, it will be on my desk this afternoon. Jenny'.

The correspondence was soon flying around the City before eventually being printed in the Daily Mail. It is a modern morality tale about the dangers of e-mail.

'It staggers me, considering how long we've all been using e-mail, how little discipline there still is around e-mail management,' says David Clayton, chairman of forensic e-mail compliance system specialist, Cryoserver. 'People hide behind the compliance issue, but they're missing the point '“ 40 per cent of e-mail usage in the corporate environment is non-business related'¦ at the very least that can't be good for productivity.'

But there is a growing realisation that e-mail is about far more than compliance and storage issues. What is said, how it is said and to whom, can cause irreversible damage to both personal and corporate reputations.

'People still say things in e-mail that they wouldn't dream of putting in a letter,' says Clayton. 'Why? An e-mail is more likely to be reproduced and re-distributed than most other forms of communication. Would the lawyer at the centre of the ketchup-gate scandal have written that down anywhere other than in an e-mail?'

As the sheer volume of e-mail grows, and it becomes a ubiquitous 'free-form' communication tool used for anything from confirming contract details with a supplier to organising personal relationships, there is a growing awareness that a well-thought-out e-mail-management strategy is now a matter of necessity.

But, according to Sean O'Reilly, sales director at e-mail-focused knowledge-management specialist AfterMail, organisations are still slow to cotton on. 'Two years ago, corporate governance and compliance became the main issue for e-mail management and most companies were responding to e-mail as a storage problem,' he says. 'There was little consideration given to the need for retrieving and monitoring information by context. The real emphasis now is on how to record, retrieve, search and explore the valuable information contained within e-mails.'

O'Reilly identifies three main reasons, other than compliance, for managing e-mail: human resources, internal audit and risk management. Like many of today's 'second-generation' e-mail-management and archiving systems, AfterMail's 'pre-emptive' search capability allows organisations to monitor e-mails, in real time, based on any combination of names, dates, urls, phrases, and so on.

'When the system finds something in an e-mail being sent or received it can immediately alert an investigating officer, meaning that you're one step ahead of the curve instead of reacting to it,' explains O'Reilly.

For example, if HR receives a complaint from an employee that a colleague is sexually or racially abusing them, or sending embarrassing e-mails about them, it allows the HR department to monitor messages from the accused without obvious intrusion on a constant basis. Cryoserver client, William Ransom, a fast-growing natural product healthcare company, faced exactly that problem. A distressed manager complained that one of his team was sending abusive e-mails, but that he had no evidence as he had deleted the offending message.

Paul Morgan, IT manager at William Ransom, was able to integrate Cryoserver and, within seconds, retrieve the original e-mail and conclusively deal with the case.

'It was a potentially inflammatory situation that was nipped in the bud by the software,' explains Morgan. 'Once presented with the evidence, the offending party put their hands up and said, 'In that case I'm sorry'. And the situation went away. 'It's not the most exciting story, but that's the point. The exciting stories are the payouts of millions of pounds, unfair dismissals, a company's name in the papers or brand being dragged through the mill. We didn't have any of that.'

Another problem is that of internal auditing, such as 'contract creep', whereby an inadvertent comment from an employee, such as 'Don't worry about it', to a partner or supplier can relieve, or even void, the conditions of a contract with that organisation. Again, 'pre-emptive' e-mail monitoring can prevent the situation by monitoring the e-mails of any employee dealing with third-party organisations, and alerting the appropriate body in the organisation, before the message is even sent.

Risk management, meanwhile, is a broad issue concerning all aspects of communications that could cause financial or reputational damage to an organisation. 'Most risk managers see the world differently. They just look at e-mail as the 'loose cannon' in their organisation,' says O'Reilly.

Aungate, a subsidiary of UK search engine, Autonomy, uses the same core technology as its parent and applies it to e-mail management. Again, the technology is 'pre-emptive' or, as some analysts are calling it, 'minority report' (after the Hollywood sci-film starring Tom Cruise, whereby three 'cognizants' can predict crime before it occurs).

Ian Black, MD at Aungate, agrees that the need for a well-defined e-mail-management strategy goes far beyond compliance. 'If you can monitor millions of e-mails that are transmitted and received, and present the results [of the information they contain] very simply through visualisation you can begin to spot trends about what your organisation is doing well and what it is doing badly, in real time,' he explains.

Black describes an Aungate client, a 'multinational mobile operator in the UK', which spotted that it could identify, in real time, certain concerns or queries that were repeatedly being asked by its tens of thousands of customers. 'By spotting these trends in real time, they were able to cut costs and improve customer service,' he says.

Of course, as well as 'pre-emptive' searching, archiving is a vital part of an effective e-mail-management tool, and today's systems are becoming increasingly intelligent.

'Before even considering compliance and legal disputes, there is the piece in the middle whereby organisations need to look at their policies and governance around e-mail,' says Nigel Williams, director of strategy and solutions at EMC.

'You can't keep all e-mails forever, and you can't just apply an arbitrary period. For example, if the IT department makes the decision they might want all e-mails deleted within 90 days, this could have a detrimental impact on certain business functions that need to keep certain e-mails for longer,' he adds.

EMC's E-mail Extender automatically categorises e-mails according to information held within the metadata, such as who sent it and on which date, as well as information held in the body of the message and any attachments. It will then store or archive e-mails according to a spectrum of requirements and policies.

'For effective storage management, an e-mail system needs to understand the context of the e-mail '“ it can't be just viewed as a piece of data '“ it has to see it as the application does,' says Williams. 'An e-mail is probably not just one transaction, it is a chain of transactions and to understand that [and how long to store it for] requires intelligence in the system.'

Dave Hunt, CEO of C2C Systems, an e-mail archiving specialist, agrees. 'Today's second-generation systems have the ability to define policies for automatic archiving. We can now decrease the e-mail store by one third by stripping out the spam, removing the personal communications and keeping specific types of information in a specific store. It's about applying intelligence to the process rather than storing all or nothing,' he says.

According to Black, there are additional benefits to having such intelligence in e-mail-management systems. 'Before, we were not able to analyse the meaning of our communications, but once you understand that 15 per cent of e-mails are personal or that 20 per cent could result in significant risks to the organisation, then it allows you to identify not just the risks, but also gaps in business processes and significant opportunities,' he says.