PST Files: How to detect, gather and centralise .pst files on your network & make informed decisions prior to a cloud migration

PST files are a type of data file created by Microsoft Outlook that contain email messages and other information. These files are saved onto a computer, freeing up storage space in the mailbox on a mail server. The items are only available on the computer where the .pst file is saved.

With a POP account, all email messages are saved in this way. In Outlook 2013 and earlier versions, IMAP accounts also used .pst. Sometimes .pst files are also used to backup or export items from any type of email account.

PST files were originally intended to provide offline/disconnected storage for email users. However, the use of PST files as an email storage overflow area under the control of end users, however, has become standard practice.

PSTs represent hidden and potentially dangerous data that can be littered across your enterprise’s network. They are open to security breaches, data theft, regulatory violations as well as presenting more practical issues. Even those that aren’t dangerous can slow down e-Discovery, increase data management costs and become corrupted, especially as the file size increases.

Let’s look at some of the threats around PST files in more detail:

PSTs aren’t encrypted and also lack adequate password protection. This makes them vulnerable to being hacked or deleted, and a very real security issue. Even deleted emails can still exist as copies within PST files. These emails within PST files can contain sensitive data so if any file goes missing, it represents a data breach.

The fact that PSTs are often distributed across many devices and, in turn, huge systems, means that the security risk grows dramatically. Users can take them home and add them onto further devices, increasing the chance of exposure.

The nature of PST files means that they can be responsible for serious data legislation compliance violations. As with any compliance-related risk, this opens up your organisation to significant fines and reputational damage.

In the UK and European Union, GDPR is the primary compliance legislation where breaches can result in significant fines. In the US, the Californian data privacy regulation CCPA is a similar piece of legislation, although the fines are not as significant. There are various other regulations on a sector-specific basis that might apply to your business.

As soon as an email is sent to someone residing in these locations, the corresponding PST file will contain data that is subject to these laws. Therefore, you will need to be able to provide reports to clients/individuals on their data, including PSTs upon request, and ensure their data is correctly managed in line with the relevant legislation.

This represents two potential issues for organisations:

1. Knowing where all the PST data is
2. Any data breach around PSTs opening you up to even larger fines

As PSTs contain unknown, out-of-scope and dispersed data, you have a responsibility to proactively consider them from a data governance perspective. Your email retention and overall compliance policies need to be expanded to include these file types.

By taking control of your PSTs with Transvault’s PST Insight software you can start to prepare and plan around data governance. Contact us today to find out more about how it can help you get a handle on PSTs across your network.

Having lots of PSTs on your network can dramatically slow down e-Discovery and make it more complex, adding a burden when speed is all important. This is down to volume and, to some extent, file size – Unicode PST files for example can be up to 50GB, although this size is rare. The data can become corrupt when it approaches larger sizes, meaning that some data can be lost. The fact that PST files are only accessible by one user at a time also adds a further layer of complexity.

You can speed up PST e-discovery by removing any unnecessary data. Transvault’s PST Insight software discovers all of your PSTs across your network and allows you to audit files, making decisions around what can be deleted easier. Our market-leading software allows for analysis and targeted collection across many thousands of PSTs, without having to first migrate all their contents centrally.

In some instances, often when there is a pressing legal requirement, it can be necessary to collect all PSTs across the network and migrate them to a centralised repository. We did this for a customer of product and services company Integro, allowing them to perform eDiscovery on the contents of their PST files. Our software located over 10K PST files including locked PST files. By being able to pre-cull data ‘at source’, we reduced the amount of data needing to be migrated and successfully reduced eDiscovery times. The amount of data that was pulled across the network was just 10% of the total PST volume – and took just a fraction of the time).

You want to be able to make decisions on managing your PSTs based on the most relevant information. This requires the ability to perform thorough audits and run reports that drill into areas of particular relevance to your organisation. PST Insight, as the name suggests, provides actionable information on PSTs across your network. Following analysis, you can use PST Insight to enforce policies to manage and migrate your data in line with business, operational and compliance needs. Let’s look at PST audits and reporting in more detail.

Once all files have been located, PST Insight allows you to carry out a comprehensive PST audit on those files and run relevant reports.

Our market-leading PST software allows you to analyse the actual contents of PST files, down to the individual emails contained within. You can filter according to many criteria, including: age, size, owner, sender, message class, and attachments. This enables your business and IT managers to audit the discovered data and, more importantly, take relevant actions, such as:

• Identifying ownership
• Removing passwords
• Deleting contents that falls outside of your retention policy

It’s also worth pointing out that PST Insight also allows you to open password-protected PSTs and deal with shortcuts in PSTs from legacy email archives, giving you the option to either delete or replace them with the full item before migration. PST Insight can also detect duplicate PSTs, avoiding multiple copies of the same item being migrated and saving lots of time, processing, storage expense, and end-user confusion.

PST Insight also gives you the ability to drill into areas of interest with custom PST reporting around:

• Which items are older than your organisation’s retention policy
• Is there business data, such as spreadsheets, that should be secured?
• Is there evidence relevant to an eDiscovery exercise out there?

With this level of analysis at your fingertips, you are now able to make a fully informed decision around which PST files can be managed in-place, migrated (those that fit criteria or all) or deleted ‘in-place’. It also allows you to search for shortcuts that have been put in PSTs, and either delete or replace them with the full item. By safely and confidently culling PST files with irrelevant data before migrating, you reduce the amount of data needing to be migrated by a significant amount.

Here are some examples of policies and commands that you may decide to use:

• Copy contents less than 3 months old into Primary Mailboxes
• Delete contents older than 7 years from the PST file without moving it
• Move other content to In-Place Archives
• Replace any legacy shortcuts in PSTs
• Copy selected contents to a given location (e.g. for Early Case Assessment)

Once you’ve audited PSTs across your network, you can continue to run reports on an ongoing basis. PST Insight lets you monitor every aspect of your PST estate and ongoing management activity. For example, you can track the progress of your policy-based enforcement and produce reports to give you peace-of-mind that your PSTs are under control.

You can manage your PSTs files using a range of commands, which can be deployed as one-off actions or enforced as ongoing policies. These include:

• Maintain a central backup copy
• Delete specified items (e.g. emails older than 5 years)
• Flag all newly created content

PST Insight gives the auditing and one-step assurance that lets you tackle your PST file with confidence, but also delivers scalability and flexibility for your PST migration.