The Security Risk Posed by PST Files

May 8th, 2018

With GDPR regulations becoming a reality this month, many organizations are attempting to remediate their PST security threat.

What’s the problem with PST files?

GDPR requires organisations to identify all personal identifiable information (PII), but how do you do this for PST files? Furthermore, if you don’t know where all your PST files are how can you discover the data?

Another GDPR requirement is that organisations are required to retain PII data only for as long as required. This means that for data within a PST file you will need a method for setting a retention time.

GDPR requires that PII data is secure but PST files can easily be corrupted due to either hardware issues or software issues. As a result, the data in the files can become inaccessible and data is lost. The fact that these types of files are portable also counts against them when we need to limit access to the data contained in them.

Part of becoming compliant with GDPR is to be able to discover PII, once files are in a secure container they can be easily discovered and classified*

What is the solution?

These files will need to be incorporated into existing containers like Exchange on premise, Office 365 or archiving solutions like Enterprise Vault. Enterprise Vault itself has a set of built-in tools for PST migration which are robust and recommended for a small number of files or data. When you have a larger PST environment that you wish to eliminate totally then you need to consider more powerful tools.


PST Flight Deck can help you comply with GDPR

PST Flight Deck workflow can be divided into three key steps:

1. Scan local drives, attached USB devices, and network shares

  • Discover the location and size of your PST files
  • Detailed reporting of PST files discovered
  • Locate the files wherever they are, identify the owner of the files

2. Migrate the files into Enterprise Vault, Exchange on-line or Office 365

  • The files are extracted and processed and then migrated with intelligent technology
  • Filter, verify, and de-duplicate files, with password removal, and corruption repair
  • Manage user policies, interaction, notification and authorizations
  • Offer secure, automatic centralization, with newly enhanced bandwidth control
  • Prevent creation of PST files.

3. After the migration management:

  • Any files that cannot be migrated are tracked and can be placed into users one drive
  • After a successful migration the original PST files are deleted
  • A backup is kept of each file and can be kept as long as required
  • Remove the PST files from the users Outlook profile

PST Flight Deck can also easily migrate legacy data to totally eliminate PST files. After the migration and elimination of PST files you will be confident that you have taken key steps towards complying with GDPR. You will have the added bonus of freeing up TB’s of storage, reducing your backup windows, costs of backup as well as reducing help desk calls for finding missing PST data.

Adept-tec have successfully carried out a number of PST file migration projects using PST Flight Deck. If you’re concerned about how existing PST files could compromise GDPR compliance, contact us today to discuss how PST Flight Deck can be incorporated as part of your solution.

*if you are using Enterprise Vault Information Classifier