Disappearing IRS email takes more than sleight of hand

Exchange experts say the lost IRS email controversy is a reminder of why your organization needs to evaluate its plans to prevent a similar event from happening.

The controversy around lost Internal Revenue Service emails has many IT pros asking how it's possible for email to vanish, and how it could be prevented.

The investigation is still underway to determine how several Internal Revenue Service (IRS) email messages were lost. Lois Lerner, former director of the Exempt Organizations Unit of the IRS, claims a hard drive crash in 2011 took out many of the email messages during that period.

One consultant finds it a bit odd that officials say they lost about three years’ worth of emails, given the hardware technology the information was stored on, and the available software that can discover and locate it.

"Any hard drive or tape that is magnetic has layers that can be retrieved," said Frank Dzubeck, president of Communication Network Architects Inc., consultants in Washington, D.C. "You might have to rebuild it, but with all the sophisticated software available now, that's not a big problem. Things are never 'lost' unless they are physically destroyed."

Dzubeck doesn't believe the missing emails were accidentally erased and potentially written over with other data. The magnetic storage technology, which has multiple recording layers, would allow investigators to easily retrieve it.

"If you erase something, it just erases that layer," Dzubeck said. "You can even write over it, but guess what? The information on that layer underneath is still there." 

Some industry experts cast doubt on whether overwritten data can be retrieved no matter how sophisticated the recovery tools that are used. According to veteran storage analyst Howard Marks, any hard drive manufactured in the past 10 years uses perpendicular magnetic recording making it impossible to drill down to access such data.

"The idea of there being discreet layers and if you overwrite layer 1 but layer 2 is still readable is not true. There is a lot of obsolete information about how [data] used to be retrievable when disk drives were much sloppier things than they are now," Marks said.

Indeed, employees losing email is a common occurrence and happens in nearly every environment. What's uncommon is for an IT department to have problems recovering that email, said Michael Van Horenbeeck, a technology consultant at Belgian ICT services provider Xylos.

"When IT tells everyone 'Yeah, we lost your email,' that's a pretty bad thing," he said.

"You never want to do anything with an email system that results in you having to explain something to a judge."

Paul Robichaux, Exchange MVP


Losing email is difficult because every network and nearly everywhere an email travels has systems in place to prevent email loss and to facilitate the recovery of anything lost, said Kevin Beaver, an information security consultant for Principle Logic LLC in Atlanta. These systems may include the sender's workstation and email server, a third-party email filtering service and the recipient's server and workstation.

The investigation into the lost IRS email  sheds light on policies the agency had in place for handling email. In addition to backing up email on tape drives for just six months, one problem IT professionals highlight is that the agency had a 500 MB limit, or approximately 6,000 messages, for Outlook mailboxes. The low limit forced some employees to archive email on their computers to get below the limit, taking the data out of the server's backup system.

Limited email quotas may lead employees to save email data on PST files. Once employees put that data on PCs, it isn't protected and managed the way in which company data is.

"The onus is on you to know you have important files and that you have to back them up," said Paul Robichaux, Exchange MVP and global principal consultant with Dell Inc., in Huntsville, Alabama.

Backups, tools and email management tips

Organizations shouldn't worry this could happen to them. IT shops already have most of what they need to prevent such problems, Beaver said, such as log files, built-in security controls at the workstation and server levels as well as traditional and real-time system backup.

The IRS case highlights the need to have a good compliance plan in place, Robichaux said. If your organization is in a regulated segment of industry, the plan must be good enough to help you avoid a situation in which you have to explain lost email in court.

"You never want to do anything with an email system that results in you having to explain something to a judge," Robichaux said.

Compliance plans are important in all companies regardless of size, said Richard Luckett, president of LITSG LLC, a technology consulting company in Round Rock, Texas. Even if you're not in a big company, "you're still required to use compliance at some level," he said.

Having a highly available environment and end user education can also help organizations prevent vanishing email, Van Horenbeeck said. But it's important for Exchange admins to regularly test the backups they keep.

Approximately 60% of the companies Van Horenbeeck works with don't test their backups, and it’s likely higher, he said. Testing backups is often on an admin's to-do list, but many forgo testing because it takes up time, resources and money.

Only a few of the companies Van Horenbeeck works with have a policy to regularly restore tapes and verify the data on them. Tapes are especially important to check because they can be influenced by any magnetic fields within companies, he said.

"Companies think they may be protected with all of their features, but unless they test the backups they take, you might never know whether or not data is recoverable," he said.

Some believe most headaches associated with locating and accessing critical electronic documents could be eliminated by letting reliable cloud service providers host them off-premises. Not only will the provider oversee the long-term storage of critical documents, but also provide archiving, retention and disaster recovery services.

Finally, some companies may want to consider third-party tools, Luckett said. His customers have used tools such as OnTrack's PowerControls for Exchange or Dell's Recovery Manager for Exchange to help. The options aren't necessarily cheap, but they can be lifesavers, he said.

Senior Executive Editor Ed Scannell contributed to this report.

Dig deeper on Microsoft Exchange Server Email Archiving

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Related Discussions

Toni Boger asks:

What do you think of the IRS email issue?

3  Responses So Far

Join the Discussion

1 comment

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchWindowsServer

SearchEnterpriseDesktop

SearchCloudComputing

SearchSQLServer

Close