The use of PST files — archive or personal storage files that are created automatically or manually in the Microsoft Outlook client to organize and store email messages, calendar events and other items — has been standard practice for years. Users love PSTs because by simply copying or moving data from their main mailbox into their PST folders, they can keep it available for future use while complying with corporate size limits on their primary mailboxes. And the organization reaps some benefits as well: With less data on the server, backups complete faster and require less storage.
Unfortunately, however, the complete PST story is not quite so rosy. PST files can actually cause serious security, productivity and compliance challenges for the organization, including the following:
This e-book explores each of these challenges in detail to uncover the true risks and costs of PST files. With that information, you can better assess your organization's current policies and practices, and take steps to improve data security, enhance user productivity, mitigate risk and reduce costs by eliminating PSTs for good.
People love PST files. By creating PSTs in their Outlook clients, they can easily keep all the email they want, as long as they want, without worrying about the pesky corporate storage quotas and retention policies that apply to mailboxes on the server. These archives of email data provide a useful reference for employees across the enterprise.
For example, managers might create a PST file for each of their direct reports with a hierarchy of subfolders that store everything from assignment records and progress reports to emails about vacation and sick days — all handy information to have at their fingertips when performance evaluations roll around or it's time to consider candidates for a new position. Similarly, salespeople might create a PST for each client to help them keep track of the details of each sale and ideas about future opportunities, as well as the names of all the key personnel at the client organization and notes about their families and hobbies.
In fact, users may have dozens of PST files, some old and fairly static, and others that actively grow larger every week. PSTs often exceed the recommended size limits — tens or even hundreds of gigabytes per PST file is not uncommon. But with today's enormous hard drives and powerful indexing and search capabilities, there seems to be no legitimate reason for users to spend time on the tedious work of weeding out old and duplicate email instead of simply saving everything.
Or is there?
At first blush, allowing users to create PST files in their Outlook clients seems like a win-win. As we've seen, users love PSTs because they can easily keep all the email they want, as long as they want. IT is happy not to have to battle users over email policies, and since there's less data in mailboxes on the server, the organization spends less time and money on email backups.
What's not to love?
Well, for starters, PST files enable violation of email retention regulations and make effective e-discovery nearly impossible, putting the organization at risk of compliance failures that can result in fines and other penalties. And because PSTs are not included in IT data protection processes, the organization is at increased risk of loss of potentially business-critical data. In addition, as we'll see, PST files can actually hurt, rather than help, both user and IT productivity.
Most enterprises are already aware of at least some of these risks.
A survey of more than 200 technology professionals performed by Dimensional Research and sponsored by Quest found that 96 percent of organizations have concerns about the use of PST files.
Should you be concerned, too? Ask yourself these key questions:
If you answered yes to any of these questions, this e-book is for you. It will help you understand the true risks and costs of PST files by exploring in detail all of the top five reasons to eliminate them from your organization:
Take a moment and think about the email messages you received in just the last day or two. Did any of them include business-critical or sensitive data, such as employee information, customer contacts or strategic plans? Were there any attachments with performance reviews, architecture designs or financial reports?
Email has become the most critical communication tool of the enterprise, so even if you're not sending important information through email, you can be certain that virtually all of your users are. When they move those messages to PST files, the critical data they contain is at increased risk of being lost for three reasons:
The risks are real: 96 percent of IT organizations are asked for help with missing or corrupt PST files.
Don't make the mistake of thinking these risks are merely theoretical: The Dimensional Research study found that 96 percent of IT organizations are asked for help with missing or corrupt PST files.
Ask yourself what you would do if one of your users:
Recovering such PST data could require a great deal of effort from your already overburdened IT team. Or the data could simply be lost altogether — and the cost could be substantial, especially if the data is business critical or required for litigation. The only sure way to prevent PST data loss is to eliminate PST files altogether.
Users often defend their use of PST files by citing productivity benefits. However, PST files can actually hurt employee productivity by dragging down machine performance and limiting users' access to critical information.
Do your users ever complain that their desktop is sluggish or that it takes far too long for Outlook to load?
PST files might well be the culprit. As noted earlier, users often create PST files to get around storage quotas, and those PSTs can quickly become very large. If a user has multiple PST files, each tens or even hundreds of gigabytes in size, is it any wonder that Outlook is slow to start, and desktop or device performance is degraded?
PST files can further interfere with user productivity because of their limited availability. There are three key issues:
By keeping their email on the server, users can avoid all of these issues and be more productive.
Unlike data in a mailbox on the server, PSTs cannot be shared between multiple devices — so users may not be able to access the data they need to do their jobs.
Are you asked to fulfill e-discovery requests as part of legal or regulatory investigations? If so, you have an additional reason to eliminate PST files from your organization: Satisfying discovery requests is extremely difficult if email is stored in PST files.
Email archives and server mailboxes are primary targets of e-discovery requests. These data stores can be searched extensively. The same is not true for PSTs because the data resides locally. In fact, the hardest part of an e-discovery project is often locating, centralizing and processing hundreds of thousands of PSTs across the enterprise. Even if you manage to find all the PSTs across your enterprise, there is no way to search across all PSTs on all machines when you use the native Exchange Server e-discovery tools.
Failure to satisfy e-discovery requests puts the organization at risk of substantial fines and other litigation losses — risks that could be avoided if PST files were eliminated.
The hardest part of an e-discovery project is often locating, centralizing and processing hundreds of thousands of PSTs across the enterprise.
Using PST files also puts your organization at risk of compliance failures. In particular, your organization may not be properly protecting sensitive and confidential data, and users may be saving email data for either a shorter or a longer time than required by compliance mandates.
Every organization has sensitive and confidential data, such as HR records, customer information and financial reports. Both compliance regulations and internal policies often require organizations to ensure the security of such information. Failure to comply with those policies puts the organization at risk of compliance failures, as well as loss of public trust and remediation costs.
As noted earlier, users can and do transmit sensitive data through email, and move or copy that email into PST files. Because PST files are stored on the user's desktop, laptop or mobile device, they are far less secure than email stored on a server — making it far too easy for sensitive and confidential data to be made public or get into the wrong hands. Here are just three likely scenarios:
Many compliance regulations require that email be kept for a specified length of time. If you fail to retain it long enough, you could be subject to penalties. And if you store it too long, you put the organization at risk by potentially being required to provide evidence that you could have legally deleted.
In part to avoid these twin problems, many organizations establish policies to regulate the message lifecycle. In particular, they automatically purge messages of a certain age to keep them from being subpoenaed in the event of litigation. And of course, they protect the messages they are required to keep through data protection practices, such as backups and replication.
By storing email in PST files, users circumvent your message lifecycle management policies. They may delete messages that the organization was required to keep, and they may retain messages far longer than required by regulations, putting the organization at risk of compliance failures and associated penalties.
Storing sensitive data in PST files puts your organization at risk of compliance failures, penalties and loss of public trust.
For IT, PST files are like SharePoint sprawl or other shadow IT — there's business-critical data out there, but you don't know how much or exactly where, but you are ultimately responsible for protecting it and recovering it when problems arise.
Each of the preceding four reasons for eliminating PST files from your organization gives rise to IT challenges. Specifically, PST files put additional burden on IT administrators by complicating tasks, such as:
In short, allowing users to retain valuable business email outside of standard IT data protection processes wastes valuable IT time and increases costs.
Allowing users to retain email outside of standard IT data protection processes wastes valuable IT time and increases costs.
Taking control of your PST problem can save you time and money in the long run. By eliminating PSTs from your organization for good, you can improve data security, enhance user productivity, enable effective e-discovery, mitigate compliance risks, and reduce IT workload and costs.
Migration Manager for PSTs enables you to take control of PSTs once and for all. This ZeroIMPACT solution automates the identification, migration and elimination of PSTs. You can quickly and reliably migrate PST data to better targets, such as Exchange, Office 365, third-party archive solutions and hybrid configurations. Plus, you'll enjoy comprehensive project management capabilities, along with world-class services and support.
Migration Manager for PSTs enables you to take control of PSTs once and for all.
Quest helps our customers reduce tedious administration tasks so they can focus on the innovation necessary for their businesses to grow. Quest solutions are scalable, affordable and simple-to-use, and they deliver unmatched efficiency and productivity. Combined with Quest's invitation to the global community to be a part of its innovation, as well as our firm commitment to ensuring customer satisfaction, Quest will continue to accelerate the delivery of the most comprehensive solutions for Azure cloud management, SaaS, security, workforce mobility and data-driven insight.