To cloud or not to cloud (email security)

Cloud solutions are slowly taking over many areas of IT, everything is moving to the safe, secure and bullet proof cloud. I do not agree with some of the statements about the cloud, but that’s why I am reaching out to many experts with cloud experience.

In particular I am looking for resources to help decide if a large company that does business in few countries should be using an in house email solution or should it move to the cloud. I am particularly looking into potential issues with data confidentiality, integrity, possible attacks against the cloud based email, data recovery, backup, recovery, liability, configuration control, etc.

Thank you
Who is Participating?

Improve company productivity with a Business Account.Sign Up

sarconasticConnect With a Mentor Commented:
After years in the cloud we are moving in the other direction. I am going back to a self hosted solution.  Especially being in a healthcare field where we are liable for HIPAA/HI-TEC regulations and fines in excess of 1.5 Million dollars per instance. i want complete control over my security. Plus the cost savings versus cloud hosting is HUGE right now.

i don't know what you classify as large, but we are just under 200 employees and we will be saving around $15K per year hosting ourselves.  Plus we can do immediate archiving with offsite backups to meet other requirements.

Of course there is more internal administration required but the control is what is important right now for us.
datadrewConnect With a Mentor Commented:
Very interesting question...
First, go to Defcon, see how "secure" the cloud really is.  

Second, when it comes to moving email, it is a bit of a timely process.  I have done this for companies much smaller than what you are referring to.  I always look at it this way:
How many independent applications do we have that will need to be reconfigured.
Once you move this to the cloud, anything needing email access will have to be reconfigured, every printer, every webserver that responds via your mail services, everything.  I know how long it took me to get things back to working "normal" when I moved a 40+ person company to the cloud (not my recommendation).  They had so many DB queries tied into their internal mail server (based on relays), they all had to be changed to use outlook to send.  To get it all done for a small company, was a huge project, which was planned very carefully.  But you can only plan for what you know about.  Last item here, is mail servers do get retired.  Plan on having to make changes every so often as your data gets migrated and your smtp servers are changed (had this happen too, not fun to figure out or get someone on the phone to get current information).

Third, I would be careful of which provider you use.  I know some are very particular about access to things.  I have found (after trial and error with several companies) Office 365 to be the best.  They give you powershell access so you can make some Admin changes to items.  

Fourth, moving takes forever.  There are few different options out there.  But, that is out of the scope of the question.  Hope this is helpful.
shalomcConnect With a Mentor CTOCommented:

by your question it seems like you are heavily biased towards self-managed email.  

I would like to point out that:
* control does not equal security.
* control does not equal data confidentiality.
* control does not imply better operations.

My experience is that to effectively manage a self-operated geographically dispersed operation, you must heavily invest in tools, redundant infrastructure, enterprise licensing and IT staffing.

To be fair, some of these investments and expenses must be made anyway even when using cloud services, but they are significantly smaller.

Cloud services have outages, and outages are prime target for media reporting.
But, if you consider the actual availability of a hosted solution like google apps of office 365, and compare it to the actual availability of an in-house solution, you may find that despite the very public outages the actual cloud SLA is better.

So, if you are in a heavily regulated industry that requires full control or close to it - stay with in-house email.

Otherwise - be honest with yourself and build a true model of costs, SLA and risks before you decide.
If cost was the only comparison, in house would be by far the cheapest solution. By a 5 to 1 margin in many cases. There is no comparison.  I also believe that in house is by far the most secure, IF you have an IT department that is diligent and up to date.

If your it DEPT is someone who was dumped into it, in addition to their regular job, then I would opt for Cloud.  since the security side of things is no joke.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.