SonaVault Email Archiving Software Review & Ratings

By

Apr 4th, 2015


Nowadays business communication is pretty much exclusively via email, I mean who uses a phone, or Skype or heaven forbid a fax? pretty much no one. In fact the last survey on business communication came down at over 90% of business communication is done via email, the phone was a distant second with less than 5% and WebEx or Webinars coming in third at 3%.

So protecting your email is a pretty critical function in this day and age, especially when content is likely to be highly sensitive, valuable or just business critical. With that in mind regular archiving and backups of emails is seen as a standard business requirement. In fact in some jurisdiction it is a legal requirement to keep business communications for a length of time, particularly in financial fields, some requirements need emails to be kept for up to seven years. Email are also now being used in legal cases as part of a discovery process for civil and criminal cases.

The most popular email server solution is Microsoft Exchange and one of the strongest archive solutions in the market for Exchange is SonaVault. They have a great introduction video about their solution below:

What they point out is that a good email archiving solution should have the following attributes:

* Capture all emails
* Keep emails for a specified period of time
* Allow email Auditing
* Export emails to meet ediscovery requirements

So how does SonaVault stand up? Well let’s take a closer look at their solution.

First of all they have the advantage of allowing you to install as a piece of software, allowing you to install on a virtual server or on to your own hardware for a complete email archive. They even offer a hardware appliance, but by the looks of it, it is just a rebadged Dell box, might be cheaper just to use your own hardware.

We tested the software on our own virtual server and plugged it in to our 10 terabytes NAS storage, but theoretically your storage is only limited but how much NAS you have avliable, which s cool as not all solutions allow the use of external storage, with some solutions forcing upgrades to their next level appliance solution to get the extra storage capacity.

The one limitation when it comes to scalability that I could find was that their backend database; which is an MS SQL DB. As any SQL admin will tell you MS SQL does not scale very well in the terabyte range, I mean it works, it just becomes very slow. Some of the newer solutions coming to market are using big data databases, like Hadoop, for example, Hortonworks, which scales in to a more enterprise solution. Especially when it comes to searching through the huge archives for specific data.

Still, by using MS SQL SonaVault will have a bunch of admins within their customer base that understand the technology, which can’t be a bad thing and will certainly help if you need to export the data or re-import the data into other solutions. To help with the issue of MS SQL scalability they do give the option of splitting out their core database on to separate systems, but if they just used Hadoop this would not be needed.

The SQL limitation also impacts the implementation of stubbing. Stubbing is the process of moving most of the email out of the SQL database and keeping just the header information which can be searched against, once the email has been found a hyper link will allow you to return the externally stored email. They do this to make the SQL database more scalable, to be fair, most of the email archiving solutions out there, well at least the ones based on MS SQL or proprietary databases, do the same. But again this would not be required if they were using a big data DB. Why does it matter? Well what if you don’t want to search just the header, what if you want to search the content of the email?

The final issue I have is digital signing of emails, so I can prove chain of custody. Emails are being used more and more in the courtroom, you need to prove that the email has not been tampered with, you can either digitally sign each email in full or encrypt it, neither of which was avliable in SonaVault.

What is the conclusion on SonaVault? Look, its not bad, especially when you compare it to the other products in the market, particularly when comparing it to other MS SQL solutions, but it does not compare to the big data, Hadoop solutions they are coming to market, and if they don’t pivot to a big database in the future they are going to struggle. I would give them a solid 3 out of 5. Not the worse, not the best and at risk of being surpassed pretty quickly by the new comers to the market.

Leave a Reply

 
© 2006-2017 Security Magazine.