Sounds strange doesn't it? Exchange Journaling, the process used by thousands of Exchange customers all over the world to ensure that have a defensible and reliable eDiscovery position, has been called into question by... Microsoft!
So why would Microsoft state that Journaling is insecure?
Microsoft consider that any data that leaves Exchange is inherently insecure as it no longer resides in the Exchange store. On this basis, that’s any data not in the store: mailboxes in Outlook cached mode, messages viewed on many common mobile devices, OWA 2013 when it caches messages, PST files (yes we all know about PST's). The reality is that "insecure" really boils down to your security practices and perimeters, and your comfort with data extending beyond it.
The other side to this is handling the volumes of messages generated as a result of enabling Exchange Journaling; it can be substantial. Enterprise Vault has customers...