Solved

To cloud or not to cloud (email security)

Posted on 2013-01-10
4
542 Views
Last Modified: 2013-01-24
Cloud solutions are slowly taking over many areas of IT, everything is moving to the safe, secure and bullet proof cloud. I do not agree with some of the statements about the cloud, but that’s why I am reaching out to many experts with cloud experience.

In particular I am looking for resources to help decide if a large company that does business in few countries should be using an in house email solution or should it move to the cloud. I am particularly looking into potential issues with data confidentiality, integrity, possible attacks against the cloud based email, data recovery, backup, recovery, liability, configuration control, etc.


Thank you
0
Comment
Question by:Coffinated
  • 2
4 Comments
 
LVL 1

Accepted Solution

by:
sarconastic earned 167 total points
ID: 38765018
After years in the cloud we are moving in the other direction. I am going back to a self hosted solution.  Especially being in a healthcare field where we are liable for HIPAA/HI-TEC regulations and fines in excess of 1.5 Million dollars per instance. i want complete control over my security. Plus the cost savings versus cloud hosting is HUGE right now.

i don't know what you classify as large, but we are just under 200 employees and we will be saving around $15K per year hosting ourselves.  Plus we can do immediate archiving with offsite backups to meet other requirements.

Of course there is more internal administration required but the control is what is important right now for us.
0
 
LVL 3

Assisted Solution

by:datadrew
datadrew earned 167 total points
ID: 38765028
Very interesting question...
First, go to Defcon, see how "secure" the cloud really is.  

Second, when it comes to moving email, it is a bit of a timely process.  I have done this for companies much smaller than what you are referring to.  I always look at it this way:
How many independent applications do we have that will need to be reconfigured.
Once you move this to the cloud, anything needing email access will have to be reconfigured, every printer, every webserver that responds via your mail services, everything.  I know how long it took me to get things back to working "normal" when I moved a 40+ person company to the cloud (not my recommendation).  They had so many DB queries tied into their internal mail server (based on relays), they all had to be changed to use outlook to send.  To get it all done for a small company, was a huge project, which was planned very carefully.  But you can only plan for what you know about.  Last item here, is mail servers do get retired.  Plan on having to make changes every so often as your data gets migrated and your smtp servers are changed (had this happen too, not fun to figure out or get someone on the phone to get current information).

Third, I would be careful of which provider you use.  I know some are very particular about access to things.  I have found (after trial and error with several companies) Office 365 to be the best.  They give you powershell access so you can make some Admin changes to items.  

Fourth, moving takes forever.  There are few different options out there.  But, that is out of the scope of the question.  Hope this is helpful.
0
 
LVL 32

Assisted Solution

by:shalomc
shalomc earned 166 total points
ID: 38771343
@coffinated,

by your question it seems like you are heavily biased towards self-managed email.  

I would like to point out that:
* control does not equal security.
* control does not equal data confidentiality.
* control does not imply better operations.

My experience is that to effectively manage a self-operated geographically dispersed operation, you must heavily invest in tools, redundant infrastructure, enterprise licensing and IT staffing.

To be fair, some of these investments and expenses must be made anyway even when using cloud services, but they are significantly smaller.

Cloud services have outages, and outages are prime target for media reporting.
But, if you consider the actual availability of a hosted solution like google apps of office 365, and compare it to the actual availability of an in-house solution, you may find that despite the very public outages the actual cloud SLA is better.

So, if you are in a heavily regulated industry that requires full control or close to it - stay with in-house email.

Otherwise - be honest with yourself and build a true model of costs, SLA and risks before you decide.
0
 
LVL 1

Expert Comment

by:sarconastic
ID: 38788684
If cost was the only comparison, in house would be by far the cheapest solution. By a 5 to 1 margin in many cases. There is no comparison.  I also believe that in house is by far the most secure, IF you have an IT department that is diligent and up to date.

If your it DEPT is someone who was dumped into it, in addition to their regular job, then I would opt for Cloud.  since the security side of things is no joke.
0

Featured Post

Shouldn't all users have the same email signature?

You wouldn't let your users design their own business cards, would you? So, why do you let them design their own email signatures? Think of the damage they could be doing to your brand reputation! Choose the easy way to manage set up and add email signatures for all users.

Join & Write a Comment

It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Find out what Office 365 Transport Rules are, how they work and their limitations managing Office 365 signatures.
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now