Outlook .PST Files – Why They are Evil

When an email account is added to Outlook, a local copy of your information is stored on your computer. It is this protocol that allows you to access your previously downloaded or synchronized email messages, calendar information, contacts and tasks – even without an internet connection. Certain account types, such as POP accounts, store their information in Outlook Data Files (otherwise known as “.PST files”), while others such as Outlook 365 accounts, Exchange accounts, IMAP accounts and Outlook.com accounts store their information in Offline Outlook Data Files (or “.OST files”).

Now, before we delve into what this post is really about – why .PST files are impossible to track or audit and why they represent a huge security risk to a company – allow us to give you a brief history about such files, including why they were originally created and why, given that they’re often viewed in a bad light, they are still in use.

A Quick Primer on .PST Files

In the computing world, a .PST file stands for a Personal Storage Table, an open proprietary file format used to store copies of everything from messages and calendar events to other items within Microsoft software such as Windows Messaging, Microsoft Exchange Client and Microsoft Outlook. Microsoft controls the open format and provides free specifications and irrevocable technology licensing as it relates to a Personal Storage Table.

Essentially, these files were created as local archives or storage areas to store email and attachments on a computer’s hard drive, USB drive or server share. Before Outlook 2003/2007, .PST files could only store two gigabytes of email and attachments; with the advent of Outlook 2003 and Outlook 2007, the format changed to allow the .PST files to grow as required to over 20 gigabytes in size (unless the default configuration was modified).

Why are they still in use? In a proverbial nutshell, it’s about space – most email administrators limit the size of corporate mailboxes, and the bigger the mailbox the more disk space they need, the more they need to back up and the more time they need to perform those backups. For many companies, a 200-megabyte mailbox just won’t cut it, and that’s where .PST files come in. They enable users to simply create a .PST file and drag/drop their email right into it, ultimately working just like a regular mailbox folder in Outlook.

Perhaps Good for People…Not for Companies

Now we’re going to get into why .PST files in corporate settings represent a bad idea…particularly in regulated industries.

Outlook .PST files may contain sensitive information that no one knows about, and this can have serious consequences in the event of a hacker attack or compliance audit. Indeed, take it from us when we say “peering” inside .PST files is difficult, which can make the process of uncovering information within them something of a chore.

In addition to those factors, here are some other reasons why .PST files pose a significant security risk to an organization:

  • They’re Difficult to Protect – If IT departments don’t know the location of them, .PST files are not recoverable.
  • They’re Prone to Corruption – These files bring with them a reputation for fragility, especially large ones; as such, they are easily corrupted and almost impossible to recover once they break.
  • They Aren’t Secure – Unprotected .PST files can be opened by anyone.

Another thing to keep in mind is that Microsoft does not support .PSTs executed from a network share, and it’s simply a bad idea to do so.

As DMS iTech is something of an expert in most things Microsoft, we can suggest some alternatives to getting involved with .PST files:

  • Use Office 365 Exchange Online, Microsoft Exchange Server 2013 or Microsoft Exchange Server 2010 Personal Archive mailboxes.
  • Configure Microsoft Outlook in Cached Exchange Mode.
  • Configure Outlook to run on Windows Terminal Services and to connect to the Exchange Server mailbox in online mode.

For more information about how to go about executing this, contact DMS iTech today.