Tag: email

You Should Not Archive Your Email and Texts

This is not a political post, I promise!

There are some lessons to be learned from the FBI no longer having access to five months worth of text messages between two staff members who were investigating former Secretary of State Hillary Clinton’s use of a private email server to conduct government business and the issue of Russian intervention in the 2016 presidential election, and Mrs. Clinton’s use of that private email server for sending classified and non-classified information. The one lesson I will discuss here is a simple one: you should not archive your email and texts.

More accurately, you, as an employee of your company, government agency or non-profit organization, should not archive your own email and texts.

Archiving should be based on pre-established and evolving corporate policy, not your choice of what content to save and what to discard. If your emails, texts, social media posts, files and other electronic content contain business records or any other content that is relevant to retain, it should be retained and archived automatically based on a set of corporate policies that have been established and approved by senior management, legal counsel, compliance, finance and any other stakeholders that are focused on the best interests of the enterprise. You, as an employee, should be involved in that process, but only as a voice among many in determining what to retain — you should not be the one who makes the final decision about what gets archived and what is discarded.

The reason for this is a simple one: there may be incriminating evidence, like mistakes or downright malicious activity in an email or text, that an individual might want to hide from the view of others. Someone responding to an email might mistakenly delete an important business record buried deep in the thread of an email that he or she did not see. Someone might fire off a text message or social media post in anger that reflects poorly on a client or colleague. In short, there is a temptation to delete information that violates corporate policy and we, as employees, should not have the ability to delete information in an attempt to cover that violation. While it might benefit us in the short term, it harms the organization in the long term.

In short, any good archiving process should prevent employees from being the key arbiter on what gets archived and what doesn’t.

Is the Cloud Always Cheaper?

Office 365 and Exchange Online are good offerings – they provide useful functionality, a growing feature set, pretty decent uptime, and they’re relatively inexpensive. Microsoft, in this third major iteration of cloud services, has done a good job at offering a comprehensive set of applications and services. (We use Exchange Online internally and are quite pleased with it.)

From Microsoft’s perspective, the primary reason to move their customers to the cloud is to make more money. In 2015, Microsoft told Wall Street financial analysts that moving its customers from a “buy” model to a “rent” model will generate anywhere from 20 percent to 80 percent more revenue for the company. As evidence of how right Microsoft was, the company’s Office 365 revenue for the fourth quarter of 2017 is now greater than its revenue generated from traditional licensing models.

From a customer perspective, one of the key reasons for migrating to Office 365 is to reduce the cost of ownership for email, applications and other functionality. Our cost modeling has demonstrated that this actually is the case.

So, Microsoft makes more money from the cloud, but its customers spend less when migrating to the cloud. On the surface, that doesn’t seem to make much sense until you realize that the cost savings for customers are coming primarily from the labor that you no longer have to pay to manage an on-premises system, and from the stuff you no longer have to buy to maintain it, especially when considering hardware and software refresh cycles.

But what if you’re a small organization that wasn’t spending much on labor because you have an easy-to-manage email server, for example, and your hardware requirements to run it are not significant? Let’s go through an example comparing Exchange Online Plan 1 with Alt-N Technologies’ MDaemon Messaging Server for a three-year period for a 50-user organization:

Exchange Online Plan 1

  • $4.00 per user per month
  • $7,200 for 50 users for three years

MDaemon Messaging Server (with priority support)

  • $2,433.04 initial cost, or $1.35 per user per month for three years

MDaemon Messaging Server (with priority support, Outlook Connector and ActiveSync)

  • $4,678.43 initial cost, or $2.60 per user per month for three years

So, the on-premises platform will save a 50-seat organization anywhere from $2,522 to $4,767 over a three-year period. If we assume that an on-premises email system like MDaemon could be managed by an IT tech making $35,839 per year (the national average for that position according to Glassdoor), that means the tech could work anywhere from 4.1 to 7.7 hours per month on the MDaemon infrastructure to bring its cost up to that of Exchange Online Plan 1, although it’s unlikely that much of a time investment would be required. Of course, I have not factored in the cost of the hardware necessary to implement an on-premises email system, but most organizations already have that hardware on-hand already.

The point here is not to abandon consideration for Exchange Online or other cloud platforms, since they offer a number of important benefits and there are good reasons to go that route. But for organizations that need to get the most bang for their buck, they will be well served to consider using on-premises solutions, especially if their hardware and software refresh cycles are longer than three to four years. That’s especially true for things like desktop productivity platforms like Word, Excel and PowerPoint, where the average refresh cycle is quite long (one survey found that Office 2010 remained the most popular version of Office in use five-and-a-half years after its release.)

Posted on by Osterman Research BlogTagged Alt-N, , Exchange Online, MDaemon, messaging, Microsoft, Office 365, TCO. Leave a comment

Some Thoughts on IBM Connect

This was my tenth IBM Lotusphere/ConnectED/Connect and, arguably, one of the best. A somewhat new focus, a new venue and a substantial number of people (2,400?) made for a very good event. The expo floor continues to shrink each year, but was still fairly busy most of the times I was there or passed by. Plus, holding the event in a new venue helps to minimize comparisons with past events that had 10,000 or more attendees.

IBM is pushing hard on its social message, integrating social collaboration across every aspect of its offerings: Notes, Domino, Verse, Connections, et al. Even more pronounced was the “cognitive” message – namely applying Watson technology to just about every aspect of the user experience, from identifying those emails that users need to address first to simplifying the calendar experience.

What was interesting is that the keynotes stressed capabilities – communicating more effectively, setting up meetings, and having better access to files – not product names. For example, while I would have expected Verse to take center stage as the hub of the user experience, the name “Verse” was surprisingly underemphasized (at least in the keynotes, although not so much in the breakout sessions). Apparently, according to the IBMers with whom I spoke about this, it was by design. IBM wants to emphasize what people can do, not the tools they use to do it. For example, the company emphasized its dashboard that is automatically populated for each user with content from Verse, Connections and other tools depending on how people work, but minimizes the identity of the specific platforms that host this information.

While I understand the capabilities-not-products approach, I’m not sure the market will agree. Microsoft’s success in the business communication space is attributable, in part, to the fact that it pushes hard on product identity: Exchange, Outlook, Office 365, Yammer and, more recently, Skype for Business. For example, there are many non-IT decision makers that tell IT they want “Outlook” as their corporate email system (when they really mean Exchange), not “the ability to manage email, calendars and tasks from a single thick or thin client interface”. I could be wrong and IBM’s research may indicate that people think in terms of capabilities and not products, but I don’t think so.

Moreover, when comparing Verse to Exchange Online or Gmail, Verse wins hands down in my opinion. The interface in Verse is cleaner, and the integration with Watson to apply analytics to email makes it the superior offering. Yet, many – even in the analyst community – have never heard of Verse. I don’t believe a strategy that deemphasizes the identity of this very good email platform is the right choice.

With regard to Verse, IBM is making headway here, although the company’s policy is not to reveal numbers from its customer base. All of IBM’s several hundred thousand users have been migrated to Verse and there are some useful new features and functions coming down the road. For example, an offline capability will be available at the end of March that will allow access to five days of email and 30 days of calendar (a future version will permit users to adjust the amount of content available offline). Two hundred IBMers are already using offline Verse. Given that the offline version using HTML 5 will suffice for the non-connected experience, there will not be a Verse client anytime soon, if ever. An on-premises version of Verse will be coming later this year. There are other developments to be made available soon, such as the ability to use Gmail and Verse simultaneously in trial accounts, that I will write about when they’re ready.

With regard to other vendors at Connect, I was quite impressed with Trustsphere’s LinksWithin offering that enables analysis of relationships within email, as well as Riva International’s server-side CRM integration capabilities that allow CRM data from a variety of leading platforms to be accessed within Notes, Exchange and other email clients and Webmail.

Posted on by Osterman Research BlogTagged analytics, Cognitive, Connections, Domino, , IBM, Microsoft, Notes, Office 365, Outlook, Riva, trustsphere, Verse. Leave a comment

Should You Be Paid Overtime for Checking Email?

In March 2014, the president directed the US Department of Labor to update key regulations for white-collar workers who are covered by the overtime and minimum wage standards under the Fair Labor Standards Act (FLSA) Act. In July 2015, a Notice of Proposed Rulemaking was published in the Federal Register for the purpose of soliciting public comments on the rule. The 98-page (!) document is available for review here.

The result of the proposed rule change will be to require employers to pay workers for after-hours activities that they are required to perform, such as checking email, being available to deal with company emergencies, or responding to a manager’s inquiries. Currently, employees who earn more than $23,660 per year (about $11.38 per hour) are exempt from these rules and can be required to work after-hours for no additional overtime pay. The current rule, last updated in 2004, would raise the exemption level to $47,892, or the 40th percentile of earnings for a full-time, salaried employee in 2013. The new rule will add approximately five million additional employees to those already covered.

Here is my two cents on the proposed rule:

  • From a technology perspective, there will be a need to block employee access to a variety of corporate systems for employees whose salaries are below the FLSA threshold. These systems include most notably email, but also SharePoint, CRM systems, corporate social media, corporate instant messaging, VoIP, and any other communication or collaboration system that can possibly be used to respond to a manager’s inquiry, a customer request, a server alert, or that can be used for any type of work activity.
  • The alternative, of course, is to simply pay employees for an additional 10-15 or more hours per week, but that creates problems that many organizations may not want to address, and it could add dramatically to labor costs.
  • Today, approximately zero email systems have the ability to block access to specific users or roles (that’s going to change very soon), but this will be an essential capability once the rule goes into effect, as it will be for all corporate systems.
  • Access control will have to be appropriately linked between HR and IT so that employees who are below the FLSA-mandated threshold will be denied access to corporate systems during certain hours. When an employee’s salary reaches the government-mandated level, however, then access can be turned on for these individuals.
  • Moreover, there will be instances in which an employee whose salary is below the threshold will temporarily be required to work after-hours (such as an administrative assistant covering for his or her manager when he or she is out sick) and so access management capabilities will have to be in place to turn these capabilities on and off quickly to ensure that the employee can fulfill their job requirements. This will necessitate a tie-in to HR systems to guarantee that the employee is compensated appropriately for his or her after-hours work.
  • Larger companies will have to maintain even tighter controls to prevent violations of the law for the same employee roles if compensation for these roles differs. For example, according to Indeed.com a customer service representative in New York City makes $60,000 per year and so will have permission to access email and other corporate systems after-hours without the need to be paid extra, while the same job title in Wichita, Kansas makes $40,000 and so will not be allowed to do so without receiving overtime. While this would apply based on geography, this could also mean that a more experienced individual whose salary is above the government-mandated level would be entitled to after-hours access to email and other corporate systems, while his or her less experienced and lower paid counterpart would not.

Philosophically, I am opposed to this type of rule. While I fully realize that some employers abuse their employees’ time and expect them to work after-hours for no additional pay or other compensation, there are employees who actually want to work after-hours: some might want to catch up on email before bed simply to get a jump on the next day, some might want to respond as quickly as possible to a customer’s inquiry to gain some sort of a competitive advantage for their employer, or some might just want to impress their boss. Employees should have the right to do all of these things – and employees in Wichita should have the same options as their counterparts in New York, as should less experienced/lower paid employees who work alongside their more experienced/better paid co-workers.

All of that said, it will be essential for employers to be able to turn email and other corporate systems on and off based on this ruling. Not to do so could end up being very expensive.

Do We Suffer from Email Information Overload?

Is “information overload” a problem in email? Yes:

  • Brits (and, presumably, most every other information-focused worker) spend 36 days each work year composing emails.
  • Seventy-two percent of email users experience “some”, “quite a bit” or “a great deal” of information overload in email according to a current study being conducted by Osterman Research. Plus, the survey is discovering that 50% of respondents are using email more than they were 12 months ago, and that only 3% are using it less.

Add to this the information overload we experience in other areas: in 2013, broadcast networks showed an average of 14 minutes 15 seconds of commercials during each of the five hours of television we watch each day; cable networks showed 15 minutes 38 seconds. Twenty-eight percent (1.72 hours) of all time spent online is focused on social media. The average user sees 1,707 banner ads per month. The typical mobile user spends 90 minutes per day on his or her phone.

What’s the problem with information overload in just email, let alone in other areas?

  • We end up missing important messages. Most of us have experienced a situation in which we missed an important email from a co-worker, customer, prospect or someone else simply because it got lost in the flood of emails with which we must contend on a daily basis.
  • We miss deadlines. Missing emails means that we miss meetings, customer deadlines and other time-sensitive events.
  • Potentially, we can lose revenue. If a customer or prospect asks a question and we either don’t answer or answer in a timely way, that can result in lost business opportunities and damage to our personal and/or corporate reputation.

So, we have two primary issues with which to contend:

  • We need to manage our information management more effectively. We deal with enormous amounts of information – so much so that we simply cannot process all of it effectively. While some may put a pleasant spin on this overload (for example, some have referred to “information overload” as “information abundance”), the fact is that we have only a fixed amount of time each day and a fixed amount of attention we can devote to important content. Much of what we encounter, particularly from social media, for example, is more drivel than meaningful information, and so placing personal limits on what we pay attention to is essential.
  • Perhaps more realistically, however, we need better tools to help us manage information more efficiently and effectively. This is particularly true for email, given that the typical information worker spends about 150 minutes per day doing work in their email system. Many vendors have attempted to manage this overload with varying degrees of success, but some of the newer tools are making good headway in actually doing something about information overload.

In short, the amount of information is growing, but the time and attention we can devote to it is not – we need better tools, particularly email tools, to address this growing mismatch.

Posted on by Osterman Research BlogTagged commercials, , information overload, mobile, overload, social media, television. Leave a comment

Go Ahead and Delete Your Email – See If You Can

Think about the process of sending a single email to one individual:

  1. You create and send an email and a copy of that email is placed into your Sent Items folder (copy 1).
  2. The recipient receives your email (copy 2).
  3. Your email admin makes a nightly backup of your email inbox (copy 3).
  4. The recipient’s admin does likewise (copy 4).
  5. Your company’s archiving system places a copy of your email into archival storage (copy 5).
  6. Ditto for the recipient’s company’s email archiving system (copy 6).
  7. The email you sent to recipient A gets forwarded to someone else (copy 7).
  8. That copy gets placed into a backup and archive (copies 8 and 9).
  9. You, your original recipient and the recipient of the forwarded copy access corporate email on a smartphone and a tablet (copies 10, 11, 12, 13, 14 and 15).

Now, let’s say you decide that you want to delete all of your old email because you’re afraid of incriminating evidence that might turn up in a lawsuit, a regulatory audit, or because you’re running for political office (ahem). Good luck with that. At best, you might be able to delete copy 1 and, if the recipient is nice, copy 2. Copies 3, 4 and 8 might disappear as admins reuse backup tapes over time or as the various mobile devices on which your email is stored deletes older content. But that means that of the 15 or so copies of your email that exist, only about one-third to one-half will ever really disappear.

What should you do? First of all, disabuse yourself of the notion that you can ever completely delete your email. You can’t – it exists and may exist forever in some cases. Second, realize that email will stick around despite your best efforts to purge it, and so plan on it reappearing at some point. That means that if you have incriminating emails floating around your company, it’s best to archive them reliably and prevent their alteration so that at least you have the same evidence that the other side will almost certainly have in a lawsuit or a regulatory audit. While the ideal state is never to have incriminating emails, if you have more than zero employees in your company that’s unlikely to happen.

All of this sounds quite basic, but our work has demonstrated that some are still under the false impression that the process of deleting email actually deletes email. In reality, it does delete email, but only your copies of them – most are still out there somewhere out of your control. The best you can do is ensure that you have copies of your email that you can reliably assume others will also have.

You Need to be Concerned About Targeted Email Attacks

Targeted email attacks are a serious issue for organizations of all sizes and across every industry. Various industry research has shown that these focused emails are by far the number one initial attack vector for targeted attacks on enterprise data. In fact, they account for more than 95% of initial intrusions that lead to important data breaches. Moreover, Osterman Research found in a survey conducted during September 2014 that 47% of organizations considered targeted email attacks to be a very high priority to address and prevent, while only one in six organizations considers them to be a low priority.

While virtually all organizations have deployed security solutions that will block spam and known malware, most have not implemented solutions that will deal with the much more serious problem of targeted email attacks.

Targeted email attacks are not run-of-the-mill malware incursions. These attacks use sophisticated delivery techniques and advanced malware that will normally not be recognized by standard email and endpoint security solutions. Additionally, these attacks provide an entry point into the larger organization and its sensitive data, wreaking havoc on an organization’s finances, its intellectual property and its other sensitive or confidential data. Organizations of all sizes are the victims of these attacks and those that are successfully breached will experience critical business impacts, inclusive of damage to reputation, unexpected legal, regulatory and response costs and more.

We recently published a white paper about Targeted Email Attacks that discusses five key issues:

  • Targeted attacks and advanced threats that result in data breaches are most often initiated by targeted email attacks. While a great deal of press attention focuses on attacks directed against large retailers and other high-profile companies, all types of organizations regardless of size and industry vertical are being subjected to attack.
  • A single employee can be an entry point for a full-blown attack on the corporate network, sensitive data assets or financial accounts. Senior staff members like CFOs or CEOs are sometimes targeted in highly specific attacks, but the much larger attack surface is comprised of every employee in an organization.
  • Users must be the first line of defense in thwarting targeted attacks; they require thorough and ongoing training to detect the social engineering techniques that these attempted attacks are employing.
  • However, because targeted email attacks employ advanced malware, employee training is simply not enough – sophisticated technology to detect these threats is essential to prevent these attacks from achieving the loss of financial or other data for which they are designed. Further, while employees should serve as an important line of defense against threats, in many cases it is unrealistic to expect employees to keep abreast of every changing social engineering tactic.
  • Ninety-one percent of organizational decision makers do not wholeheartedly agree that their current email security solution is sufficient to protect them from targeted email attacks. This, despite the fact that security professionals understand the problem.

You can download our white paper on Targeted Email Attacks here.

Some Thoughts on IBM Verse

I returned this week from ConnectED, IBM’s annual conference in Orlando, formerly named Lotusphere. A key emphasis of the conference was IBM Verse, the company’s new business email platform that is designed to go head-to-head with Office 365, Gmail and Amazon’s upcoming WorkMail, among other platforms.

Verse represents a paradigm shift in email. Where Outlook represented a major shift in the way people work with email by integrating calendar, scheduling and task management functions into a single interface, I believe Verse represents the same level of paradigm shift because of its integration with the social aspects of email. Even though a substantial proportion of business email today is application-to-person (newsletters, travel reservations, notifications, etc.), for most business users the primary reason they use email is to send information to other people, to collaborate with them, and to manage projects with employees and others – a concept that Verse’s designers had as their central focus. Verse has a very social feel to it, prominently displaying the individuals with whom you’re communicating and collaborating most often, and making suggestions about who you might want to add to your “A” list across the top of the interface.

Verse makes extensive use of Watson-based analytics to adapt to individual work and collaboration styles and provides useful information about incoming email, users, projects, etc. Watson has the potential to make Verse extraordinarily useful because of its ability to prioritize messages based on a wide variety of parameters and its “knowledge” about senders, content and the like. Verse makes extensive use of social technologies to provide information about others in an organization and your relationship to them, similar to the old Atlas for Lotus Connections. Plus, chat in Verse is powered by Sametime, IBM’s well-established, real-time communication technology.

IBM will be offering an on-premises version of Verse in the second quarter of 2015, but this likely will not include a thick client – Verse is likely to remain a browser-only offering until at least 2016. I’m unconvinced that not offering a Verse thick client is a good idea.

In a significant shift from IBM’s standard delivery model, Verse will be a freemium offering that will include an “ibmverse.com” address and a decent amount of storage. Watson’s capabilities will not be available in the freemium version, but will be in the paid version. IBM will offer the ability to import contact information so that social relationships can be identified and established.

The market for Verse will be varied. Obviously, IBM will be going after its current base of Notes/Domino users, since these companies already have a strong relationship with the IBM brand and represent a logical migration path for existing Notes users. The more difficult avenue for IBM will be Gmail users, a group of at least 500 million, many millions of whom are business users, that represents an enormous potential market for Verse, but one more difficult to crack. However, IBM is smart to go after this group because Verse provides a more elegant, useful and intuitive interface than Gmail; and the addition of Watson analytics and social interaction extend its utility further still.

Will Verse be able to penetrate the Office 365 market? Microsoft currently has more than 9.2 million Office 365 Home and Personal subscribers and in excess of 30 million total users. This is going to be a more difficult market for IBM to penetrate given that Microsoft has done a good job at providing robust functionality in their cloud offering, the fact that they own the desktop for productivity applications, and that email with a large mailbox is already included in the offering.

There are other markets IBM could go after, as well, such as the several million remaining GroupWise users that will be migrating to other platforms; and the tens of millions of Zimbra users.

So, what’s the future of Verse going to look like? I believe Verse could very definitely be a game-changer, albeit with a few “ifs”:

  • If IBM’s marketing can be streamlined to make information and pricing on Verse easily accessible to Gmail and similar types of users. IBM offers excellent technology as exemplified in Verse, but its marketing operation is currently too bureaucratic – the company has become very innovative in its design approach and needs to do the same thing for its marketing.
  • If IBM provides straightforward email migration services that allow existing mailboxes from just about any platform to be easily migrated into Verse.
  • If IBM educates the market sufficiently to help prospective users and decision makers understand the significant benefits from the integration of social, email and real-time communication into a single platform.
  • If IBM can convince business and IT decision makers that making life easier and more productive for their end users is in their best interest (it is, by the way).

The bottom line: Verse is a fantastic, game-changing platform that could significantly alter the business email market if it’s marketed correctly.