Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


To cloud or not to cloud (email security)

Posted on 2013-01-10
Medium Priority
Last Modified: 2013-01-24
Cloud solutions are slowly taking over many areas of IT, everything is moving to the safe, secure and bullet proof cloud. I do not agree with some of the statements about the cloud, but that’s why I am reaching out to many experts with cloud experience.

In particular I am looking for resources to help decide if a large company that does business in few countries should be using an in house email solution or should it move to the cloud. I am particularly looking into potential issues with data confidentiality, integrity, possible attacks against the cloud based email, data recovery, backup, recovery, liability, configuration control, etc.

Thank you
Question by:Coffinated
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2

Accepted Solution

sarconastic earned 668 total points
ID: 38765018
After years in the cloud we are moving in the other direction. I am going back to a self hosted solution.  Especially being in a healthcare field where we are liable for HIPAA/HI-TEC regulations and fines in excess of 1.5 Million dollars per instance. i want complete control over my security. Plus the cost savings versus cloud hosting is HUGE right now.

i don't know what you classify as large, but we are just under 200 employees and we will be saving around $15K per year hosting ourselves.  Plus we can do immediate archiving with offsite backups to meet other requirements.

Of course there is more internal administration required but the control is what is important right now for us.

Assisted Solution

datadrew earned 668 total points
ID: 38765028
Very interesting question...
First, go to Defcon, see how "secure" the cloud really is.  

Second, when it comes to moving email, it is a bit of a timely process.  I have done this for companies much smaller than what you are referring to.  I always look at it this way:
How many independent applications do we have that will need to be reconfigured.
Once you move this to the cloud, anything needing email access will have to be reconfigured, every printer, every webserver that responds via your mail services, everything.  I know how long it took me to get things back to working "normal" when I moved a 40+ person company to the cloud (not my recommendation).  They had so many DB queries tied into their internal mail server (based on relays), they all had to be changed to use outlook to send.  To get it all done for a small company, was a huge project, which was planned very carefully.  But you can only plan for what you know about.  Last item here, is mail servers do get retired.  Plan on having to make changes every so often as your data gets migrated and your smtp servers are changed (had this happen too, not fun to figure out or get someone on the phone to get current information).

Third, I would be careful of which provider you use.  I know some are very particular about access to things.  I have found (after trial and error with several companies) Office 365 to be the best.  They give you powershell access so you can make some Admin changes to items.  

Fourth, moving takes forever.  There are few different options out there.  But, that is out of the scope of the question.  Hope this is helpful.
LVL 33

Assisted Solution

shalomc earned 664 total points
ID: 38771343

by your question it seems like you are heavily biased towards self-managed email.  

I would like to point out that:
* control does not equal security.
* control does not equal data confidentiality.
* control does not imply better operations.

My experience is that to effectively manage a self-operated geographically dispersed operation, you must heavily invest in tools, redundant infrastructure, enterprise licensing and IT staffing.

To be fair, some of these investments and expenses must be made anyway even when using cloud services, but they are significantly smaller.

Cloud services have outages, and outages are prime target for media reporting.
But, if you consider the actual availability of a hosted solution like google apps of office 365, and compare it to the actual availability of an in-house solution, you may find that despite the very public outages the actual cloud SLA is better.

So, if you are in a heavily regulated industry that requires full control or close to it - stay with in-house email.

Otherwise - be honest with yourself and build a true model of costs, SLA and risks before you decide.

Expert Comment

ID: 38788684
If cost was the only comparison, in house would be by far the cheapest solution. By a 5 to 1 margin in many cases. There is no comparison.  I also believe that in house is by far the most secure, IF you have an IT department that is diligent and up to date.

If your it DEPT is someone who was dumped into it, in addition to their regular job, then I would opt for Cloud.  since the security side of things is no joke.

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How does someone stay on the right and legal side of the hacking world?
Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question