difficult questions to ask your secure email provider

5 difficult questions to ask your secure email provider 02

Unfortunately it’s still the most popular platform from which to launch malware and phishing attacks. Figures from Gartner indicate that malicious and spam emails constitute 69% of email traffic worldwide, and the non-profit Spamhaus Project assert that 90% to 96% of all inbound mail today is illegitimate.

Consequently, the need for bulk email monitoring, filtering and archiving is universal. Gartner’s most recent Magic Quadrant report for the industry found that the penetration rate of commercial Secure Email Gateway (SEG) solutions among enterprises was close to 100%. And yet, unlike other IT services, high market demand is no longer driving improvements in the quality of services delivered.

The need to protect, filter and archive large volumes of emails hasn’t really changed, and yet many of the tools available today are getting increasingly feature-heavy and more complicated to use. There are two reasons for this.

First, the secure email and archiving market is crowded, and many providers are offering extra functionality, such as hyper-specific policy controls that don’t meaningfully contribute to the actual protection of the environment.

Secondly, many providers are still grappling to adapt their products to take advantage of true cloud environments, rather than simply offering ‘cloudified’ versions. The difference is key.

IDC have referred to cloud delivery models as ‘hyperdisruptive’, a major platform shift of a magnitude that only occurs once every 20-25 years. It’s therefore unsurprising that service providers are scrambling to associate themselves with true cloud platforms. As such, it’s doubly important that you actually get the cloud resources you pay for.

During this transitional period, many solutions available today have become divorced from the actual need they attempt to address. To put it plainly, as the tools have gotten more complicated (and crucially, more expensive), the job has become more difficult. It’s time for businesses with legacy email security and archiving systems to take a step back and reassess what they actually need from the solution - especially in context with newer cloud platforms.

Here are five revealing questions to ask your current provider. If they don’t have the answers, it could be time to move on.

You’re paying too much for a poor quality service

Email is still the ‘killer’ desktop application according to a recent survey from Ipsos Global Public Affairs. Not even new channels like instant messaging, voice and social networking can displace it – email remains the preferred method to communicate and collaborate at work.

Contents

1. Why should I pay for features I don’t need? 03

2. How am I protected from spam and viruses? 04

3. Where’s my data? 05

4. Why am I paying so much for storage? 06

5. How do I get my data back? 07

About Mailsphere 08

5 difficult questions to ask your secure email provider 03

Why should I pay for features I don’t need?

This is the killer question for many email security and archiving providers today. Fierce market competition has produced an arms race between vendors to bloat up their services with features and functions that are rarely needed and almost never used.

Here’s the main problem with unnecessary features: you still pay for them. It’s price, rather than feature-count, which is proving most influential for organisations investigating email security and archiving services today. Almost 80% of respondents to a survey from Gartner’s Magic Quadrant report indicated that price would be an ‘important’ or ‘very important’ factor in their next purchasing decision.

The introduction of the utility computing model in particular has changed some of the expectations. As budgets everywhere continue to decline (or at best, stagnate), IT services must provide transparent value to the business. This means individual systems must become more focused, not more broad, in the ways they address specific challenges.

Applied to email security and archiving services, we can break down the needs they must address into 3 core competencies: spam filtering, virus and malware filtering and intelligent storage and archiving. Consequently, services that are able to provide robust solutions to these three core areas whilst removing as much complexity as possible will see the highest rates of adoption in the following few years.

1. Spam filtering

2. virus & malware

filtering

3. storage & archiving

1. Spam filtering

2. virus & malware

filtering

3. storage & archiving

3 core competencies of email security and archiving:

Here’s the main problem with unnecessary features: you still pay for them.

5 difficult questions to ask your secure email provider 04

How am I protected from spam and viruses?

Spam and virus attacks have come a long way in the past decade. From the early days of the mass outbreaks of Melissa, ILOVEYOU and Sobig, malware attack vectors have shifted towards more specific targeting of individuals.

However, it’s a fallacy that security software must become more complex to keep pace with more sophisticated threats.

Quite the opposite – there’s a real risk that feature-heavy email security solutions actually obscure the principles of best practice they allegedly promote.

A common symptom of feature bloat is management complexity, which if left unchecked, can be just as risky as having no security at all. Heavily customised admin policies and user-permissions are always created with the best intentions but they regularly go untouched beyond set up.

This amount of management complexity is more than overworked sysadmins need, (or even want) to deal with. Consequently, these solutions often fail to evolve with the business over time and quickly end up posing more risk than they ever did convenience.

Conversely, cloud native email services tend to offer the best of both worlds: enterprise-class security and a straightforward user experience. Ideally, cloud native services should also offer a high degree of flexibility, meaning in this case that mailboxes are transparently priced, and can be added or subtracted at will, with no additional charge.

Services that are able to balance these factors are more likely to deliver the best protection whilst reducing management time (and the accompanying risks).

Cloud native email services tend to offer the best of both worlds: enterprise-class security and a straightforward user experience.

• Cloud-native: services inherently designed to exploit the globally scalable resources of large, purpose-built public clouds, such as AWS or Microsoft Azure.

• Cloudified: services adapted to use hosted resources without the flexibility, scalability and transparent pricing of true cloud-native services.

5 difficult questions to ask your secure email provider 05

Where’s my data?

As a critical office function, it’s understandable that the location of email data is a popular point of concern for organisations considering cloud email security and archiving services.

However, given how infrequently organisations tend to assess their email security and archiving solutions, many services in use today were not initially designed to cope with factors like data sovereignty, which can seriously impact the organisations’ access to its own data.

Broadly, data sovereignty refers to the local laws, conditions and security standards that stored data is subject to. For instance, is your archived data stored in a country subject to the PATRIOT Act? What about the physical location? How vulnerable is it?

By 2016 over 50% of commercial Secure Email Gateways will be delivered via cloud channels such as SaaS up from 37% today. As more businesses adopt cloud-based email security and archiving services, the impetus will be on cloud service providers to operate with total transparency regarding the location of stored data, the accompanying conditions it is subject to, and the degree of access their customers have to it.

Equally, customers in the secure email and archiving market must interrogate potential cloud services thoroughly, and would do well to opt for solutions that are built on well-established public, true-cloud environments to reduce risk and ensure accountability.

37%Today

50%2016

Commercial SEGs delivered via cloud channels:

Many services in use today were not initially designed to cope with factors like data sovereignty.

5 difficult questions to ask your secure email provider 06

Why am I paying so much for storage?

After licenses, storage is often one of the largest costs of legacy email archiving solutions. Indeed, email is often the most significant driver behind storage growth across the whole organisation, and there’s certainly no indication that growth rates are slowing. According to survey data from ‘Email Archiving Market Trends 5’ from the Enterprise Strategy Group, the median volume of archived mail has tripled since 2007.

However, this isn’t a problem that can be resolved with management and archiving policies alone, no matter how efficient they are. It fundamentally requires flexible cheap and tiered storage.

Traditional solutions often impose strict limits on the size and number of mailboxes protected and ‘reasonable use’ clauses around storage volumes. These kinds of restrictions can work against the growing needs of the market, and services that employ them will struggle to scale. Fortunately, these challenges around size and availability form an excellent use case for the flexibility and scalability that cloud resources deliver.

The next few years will prove particularly interesting, as the differences between ‘cloud-enabled’ and ‘cloud-native’ applications become apparent. Gartner has already identified the need to differentiate between ‘cloud infrastructure as a service’ and ‘cloud enabled system

infrastructure’ in their 2013 Magic Quadrant for Cloud Infrastructure as a Service.

In the same way, as some major vendors start to ‘cloudify’ their standard email security and archiving services, they will have to compete with the flexibility and scalability of newer, legitimately cloud-native services.

Traditional solutions often impose strict limits on the size and number of mailboxes protected.

5 difficult questions to ask your secure email provider 07

How do I get my data back?

It’s a given that businesses need uninterrupted access to their email data. Even rarely-accessed and archived data needs to be fully accounted for due to obligations around compliance and governance.

Unfortunately, traditional archiving solutions were not designed with the flexibility to retrieve, access and, when required, migrate archive data without incurring significant costs. The difficulties of accessing, let alone moving, data can paralyse businesses, and prevent them from meaningfully considering alternatives. This can result in a kind of unofficial vendor lock-in.

How easy is it to retrieve your archived data? And at what price? Were the terms ever discussed? It’s worth asking these questions: your archived data could be much less accessible, let alone portable, than initially thought.

As a general rule, cloud native services have been built from the ground up to take advantage flexibility, scalability and low costs that established cloud infrastructures provide. This flexibility extends to data portability – cloud storage offers greater visibility, easier management and better control of archived data.

Traditional archiving solutions can’t deliver flexibility without incurring significant costs.

About Mailsphere

Mailsphere Email Security and Archiving delivers enterprise-class email protection and archiving for a fraction of the cost of traditional solutions.

Built from the ground up to leverage the power of the cloud, MailSphere is the most flexible, scalable and resilient method of securing and storing your mission-critical and archive emails.

With no set-up costs, no hardware or software to buy, and flexible, low-cost pricing, getting started couldn’t be easier. There are no storage limits and email retrieval is fast and simple.

Mailsphere is a Seedcloud company. SeedCloud offers technological, strategic, propositional and market advice to turn great ideas into successful businesses.

Seedcloud works with businesses involved in corporate memory, connected graph technologies and machine learning, and actionable retail insights.

www.mailsphere.co.uk

www.seedcloud.com