Why are .PST files a security threat to Exchange Server mailboxes?

The use of .PST files can threaten mailbox security in an Exchange Server organization. Learn why these files are so problematic and how to disable them.

Exchange Server mailboxes face obvious security threats, including hackers and spam. However, the biggest security...

threat that administrators may overlook can be the most damaging to an Exchange Server organization – the use of .PST files for Microsoft Outlook mailbox data storage.

The integrity, security and availability of mailbox data is the ultimate responsibility of an Exchange Server administrator. Most Exchange administrators would list the biggest threats to their organizations' mailboxes as spam, viruses, hackers and hardware equipment failures. However, because these threats are highly recognized as such, they're secondary threats. The biggest hazards to an Exchange Server organization are those that often receive less attention than they should.

Neither Exchange Server nor Microsoft Outlook has built-in tools to centrally manage or monitor how .PST files are being used. This isn't an inherent security threat, per se; however, administrators don't want data residing somewhere that it cannot be managed or monitored.

Additionally, .PST files reside on a workstation's local hard drive. While it is possible to configure Outlook to store a .PST file on a network drive; Microsoft advises against this as certain types of network problems can result in .PST file corruption. Storing .PST files on a local hard drive means lost data if a hard drive failed.

Another way in which .PST files can result in data loss has to do with a disgruntled user. Often, a user may clear his or her hard drive before quitting or being fired. If .PST files reside on the hard drive, which isn't backed up, then nothing can stop a user from permanently deleting data.

Sometimes, exposing sensitive data can be a larger threat than data loss. Unfortunately, .PST files provide the perfect mechanism for users to transfer sensitive information out of an organization. Even if you prohibit the use of .PST files, a user could still leak information out of the organization.

For example, users could forward email messages to a mailbox outside of the organization or print messages containing sensitive information. However, it would be easier for a user to transfer the contents of his mailbox to a .PST file, and then copy that file to a USB flash drive.

The use of .PST files also complicate legal discovery (e-discovery). Administrators tend to think that legal discovery isn't an issue if they're not legally required to archive email. Keep in mind that even if your company isn't required by law to archive email, any existing messages can be subpoenaed if the company were involved in a lawsuit. In such a case, the subpoena would most likely also cover messages stored in .PST files. However, performing legal discovery against .PST files requires more time, effort and expense than it would if all messages were stored in Exchange mailboxes.

Eliminating the use of .PST files isn't simple. There are some complicated questions that must be answered before you eliminate these files, such as:

  • Is it necessary to eradicate .PST files?
  • What am I going to do with the data that currently resides in .PST files?
  • What will happen to my mailbox stores if I no longer allow users to offload messages into .PST files?
  • If users must keep certain messages long-term, what will take the place of .PST files?
  • How can I enforce the decision to eliminate .PST files?

One of the simplest, though most-expensive, solutions to the .PST file problem is purchasing a third-party email archival tool. If this solution is beyond your budget, there are other ways to deal with the problem.

The first thing that you can do is prevent the problem from getting any worse by disabling users from adding data to their .PST files. There are registry settings you can use to accomplish this.

You also may want to temporarily increase mailbox quotas. If you don't allow users to offload messages, then the number of messages stored on mailbox servers will increase. This isn't a feasible long-term solution, so it's important to implement message records management (MRM) -- using managed folders to control message-retention limits.

About the author: Brien M. Posey, MCSE, has previously received Microsoft's MVP award for Microsoft Exchange, Windows Server and Internet Information Server (IIS). Brien has served as CIO for a nationwide chain of hospitals and was once responsible for the Department of Information Management at Fort Knox. As a freelance technical writer, Brien has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal website at www.brienposey.com.

More on Microsoft Outlook .PST files:

More on Exchange Server email archiving:

Do you have comments on this tip? Let us know.

Please let others know how useful this tip was via the rating scale below. Do you know a helpful Exchange Server, Microsoft Outlook or SharePoint tip, timesaver or workaround? Email the editors to talk about writing for SearchExchange.com.

Dig Deeper on Exchange Server setup and troubleshooting