eDiscovery Part 3 - Email Discovery Hold in Microsoft Exchange

This is the third in our series of blog posts on eDiscovery, containing video excerpts from the presentation we made on September 26 at the O365 Nation Fall Conference held in Redmond. Part 1 dealt with the lifecycle of an Exchange email message, what the “Recoverable Items” folder is all about, and the role of the “Single Item Recovery” feature in Microsoft Exchange. Part 2 discussed PST files - why you may not want people using them, how to prevent their use, and why the archiving function that is built into Exchange 2010 and 2013 is a better option.

In this segment, we dive into discovery hold, and talk about the different kinds of discovery hold available in Exchange 2013, how they work, and how they differ from what was available in Exchange 2010.

Wait - Support for WHAT is ending WHEN?

You may have already heard rumblings about support for Windows 7 and Windows Server 2008 (and 2008 R2) ending in January. It’s true that mainstream support for those products ends January 15, 2015, but extended support will continue for another five years - so there is no need to panic. Here’s a helpful Microsoft graphic that clarifies the difference in the support phases:

So the most critical thing we need - security updates - we will continue to get, and if you really get into a jam, pay-per-incident support will still be available.

What this really means, particularly for the desktop side of things, is that it’s time to start seriously thinking about what comes next. No one but the purveyors of malware will benefit if we have another struggle like we did with Windows XP (“You can upgrade my Windows XP system when you pry it from my cold, dead hands!”). Yes, it was a great O.S., arguably the best that Microsoft had produced at the time, and maybe, just maybe, even better than Vista - although I’m not entirely ready to concede that. (I liked Vista - I was just annoyed by the lack of device drivers when it was released.) But Windows 7 was clearly a superior Operating System, and the resistance to change finally reached the point where it was just silly. Heck, as recently as last month, Windows XP still had a 17% market share, according to Net Applications, and that’s just crazy from a security perspective.

I’m cautiously optimistic that Windows 10 (what the heck happened to Windows 9, by the way?) will be Microsoft’s next great desktop O.S. I ran Windows 8 for quite a while, and I’m now running Windows 8.1, but I’m also running Start8 from Stardock Software, which gives me back some of the features whose absence in Windows 8.x I found most annoying. It sounds like Windows 10 may, out of the box, do the things that Windows 8.x only did with the addition of third party utilities. That may not be good news for the makers of those third party utilities, but it’s an indication that Microsoft understands that they missed the mark and plans to address those issues. So, if I was a desktop admin for a sizable company, I’d be all over the early releases of Windows 10 and already starting to plan how I’m going to transition to it, if it’s as good as it appears it may be.

On the server side, there’s no reason not to deploy Windows 2012 R2 on any new servers you’re installing these days. It’s a fine O.S., it’s stable, it’s secure. You may as well start getting your feet wet, if you haven’t already.

Bottom line: plan, don’t panic. Start planning now. Don’t repeat the Windows XP saga.

Are the Advantages of BYOD Worth the Security Risks?

Check Point Software recently released their Third Annual Mobile Security Survey, highlighting the impact of mobile devices on IT security. They surveyed more than 700 IT and security professionals in the U.S., Canada, Germany, the U.K., Australia, and New Zealand, and the respondents were spread fairly evenly across the spectrum of business sizes, with the largest segment (29%) coming from businesses with between 100 and 1,000 employees.

Here are some of their key findings (quoted from the site linked above):

  • The Greatest Threat Resides Within Your Organization – 87 percent of surveyed professionals believed that the greater security threat to mobile devices were careless employees. Nearly two-thirds of the respondents believed that recent high-profile breaches of customer data were likely due to employee carelessness.
  • Proliferate Use of Personal Mobile Devices on the Corporate Network – Despite careless employees as the weakest link into businesses, 91% of IT professionals saw an increase in the number of personal mobile devices connecting to their networks over the past two years. In 2014, 56% of those surveyed managed business data on employee-owned devices, up from 37% in 2013.
  • Mobile Security Incidents Expected to Rise – 2015 is shaping up to be a risky year, according to those surveyed. Of the security professionals surveyed this year, 82% expect the number of security incidents to grow in 2015. Additionally, nearly all of the respondents (98%) expressed their concern about the impact of a mobile security incident, with the greatest concern being the potential for lost and stolen information.
  • Cost of Mobile Security Incidents Continue to Rise – 2014 saw an increase in remediation costs for mobile security incidents. Of the IT executives surveyed, 42% noted that mobile security incidents cost their organizations more than $250,000.

Consider some additional trend data:

  • Computerworld predicts that BYOD smartphones will continue to grow at roughly a 30% CAGR through 2017 – from only 88 million two years ago to 328 million in 2017.
  • Rapid7 quotes a Cisco prediction that by 2016 there will be 1.62 billion mobile devices (of all kinds) in the workplace. They also state that more than 80% of the mobile devices in the workplace today are employee-owned.
  • Over a year ago (back in May, 2013), Gartner predicted, based on a global survey of CIOs, that, by 2017, more than half of companies will require their employees to supply their own mobile devices.

So let’s recap: 98% of the Check Point respondents were concerned about the impact of mobile security incidents on their businesses, 42% said that such incidents had already cost their businesses more than a quarter of a million dollars, 82% expect the number of security incidents to grow in 2015. Yet nearly all have seen an increase in the number of personal mobile devices connecting to their networks over the past two years, and, by all indications, the BYOD trend will continue and, if anything accelerate. Which brings up two obvious questions: (1) If BYOD is such a security risk, why are businesses overwhelmingly moving in that direction? And (2) What can a business do to leverage the benefits of BYOD while still limiting the exposure to security risks? Let’s look at these two questions…


  • It reduces the business’ capital outlay for mobile devices. Even in cases where businesses give their employees a cash allowance to purchase the mobile device of their choice, the company generally saves money in the long run by not being responsible for the maintenance and repair of an employee-owned device.
  • Employees are more productive when working on their preferred device. Someone who has been using an iPhone for years isn’t going to be happy about being handed a company-owned BlackBerry device. A Mac user isn’t going to want to deal with a company-owned Windows laptop – and vice versa. Younger workers in particular, who have grown up with technology, want to use what they’re accustomed to using, and will be more productive if allowed to do that.
  • Employees who use mobile devices for both work and personal matters tend to put in more hours per year – some surveys suggest as many as 240 more hours per year – than those who do not.
  • Given the above, business who do not implement BYOD may find themselves at a competitive disadvantage.

How to Do BYOD Safely
First of all, more and more organizations are implementing some form of mobile device management (MDM). According to the Check Point survey, 56% of organizations were managing the business data that exists on personal devices, up from 37% in 2013. There are numerous MDM products on the market, but I would suggest that managing the mobile device itself is only part of the problem. A complete solution would also include mobile application management (MAM) - some mechanism to deploy secure applications to a mobile device…applications that would be “sandboxed” away from an employee’s personal applications, such that the data accessed by those applications would be isolated from the personal applications, and information could not be copy/pasted from a secure application into a personal application. It would also be nice if the organization could selectively wipe the secure applications and associated data from a mobile device while leaving the employee’s personal data and applications untouched. Citrix XenMobile Enterprise is such a solution, and the following 16 minute video does a great job of demonstrating the XenMobile Enterprise user experience:

And, of course, if your users need access to full-blown Windows applications, not just mobile apps, they can securely access those applications via Citrix XenApp or XenDesktop, as we’ve been doing for years.

Bottom line: BYOD is here to stay. Businesses are increasingly turning to BYOD because of its advantages, even though they recognize that it brings with it significant security risks. It is, however, possible to gain the advantages of BYOD without compromising the security of your company data, and VirtualQube, by virtue of our longstanding partnership with Citrix, can help.

High Availability and Fault Tolerance Part Two

In my last post on High Availability and Fault Tolerant servers (HA/FT) we talked a little bit about redundant power, meaning you have more than one source of electricity to run your servers. But there are numerous other internal threats that can cause unplanned server outages.

After backup power the next level of redundancy comes in your servers themselves. Most server class machines have numerous redundant components built right in such as hard drives and power supplies. This means that right off the shelf, these systems have some level of Fault Tolerance (FT) built in. This can keep application and data available when a component fails. However there are still numerous threats that can cause unplanned outages. This happens when non-redundant components fail, or when multiple components fail.

Remember that High Availability means that if a virtual or physical machine goes down, it will automatically restart and come back online. Fault Tolerance means that multiple components can fail with no loss of data and no interruption of application availability.

To take HA/FT to a higher level we can turn to one of several products available on the market. Products from companies like Vision Solutions (Double Take) can provide software that allows you to create a stand-by server. More sophisticated products from VMware and Stratus allow you to mirror applications and data on identical servers using a concept known as lock-step. Lock-step means that applications and data are being processed in real time across two hosts. With these products multiple components or an entire server can fail and your applications continue to be available to users.

With Double Take Software from Vision Solutions, IT staff can create a primary and standby server pair that replicates all of your data to a stand by server in real time. This is a sufficient solution for most small to medium enterprises. However, if the primary server fails, there is still a brief interruption in application availability while the failover to the standby server occurs. In special situations that require the highest levels of High Availability and Fault Tolerance we turn to solutions from VMware or Stratus. This provides a scenario where multiple components can fail on multiple servers and your application will continue to run.

Determining which approach is right for you is really an economic decision based on the cost of downtime. If you can’t put a dollar value on what it costs your business per hour or per day when a critical application is unavailable, then that application probably isn’t sufficiently critical for you to spend a lot of money on an HA/FT solution. If you do know what that cost is, then, just like buying any other kind of business insurance, you can make a business decision as to how much money you can justify spending to protect against that risk of loss.

eDiscovery Part 2 - PST Files vs. Exchange Archiving

This is the second in a series of blog posts on eDiscovery, which will include video excerpts from the presentation we made at the O365 Nation Fall Conference held in Redmond last month. In Part 1 of this series, we discussed the lifecycle of an Exchange email message, what the “Recoverable Items” folder is all about, and the role of the “Single Item Recovery” feature in Microsoft Exchange.

In this segment, we discuss PST files - why you may not want people using them, how to prevent their use, and the archiving functionality that is built into Exchange 2010 and 2013 and why it’s a better option.