To cloud or not to cloud (email security)

Posted on 2013-01-10
Last Modified: 2013-01-24
Cloud solutions are slowly taking over many areas of IT, everything is moving to the safe, secure and bullet proof cloud. I do not agree with some of the statements about the cloud, but that’s why I am reaching out to many experts with cloud experience.

In particular I am looking for resources to help decide if a large company that does business in few countries should be using an in house email solution or should it move to the cloud. I am particularly looking into potential issues with data confidentiality, integrity, possible attacks against the cloud based email, data recovery, backup, recovery, liability, configuration control, etc.

Thank you
Question by:Coffinated
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2

Accepted Solution

sarconastic earned 167 total points
ID: 38765018
After years in the cloud we are moving in the other direction. I am going back to a self hosted solution.  Especially being in a healthcare field where we are liable for HIPAA/HI-TEC regulations and fines in excess of 1.5 Million dollars per instance. i want complete control over my security. Plus the cost savings versus cloud hosting is HUGE right now.

i don't know what you classify as large, but we are just under 200 employees and we will be saving around $15K per year hosting ourselves.  Plus we can do immediate archiving with offsite backups to meet other requirements.

Of course there is more internal administration required but the control is what is important right now for us.

Assisted Solution

datadrew earned 167 total points
ID: 38765028
Very interesting question...
First, go to Defcon, see how "secure" the cloud really is.  

Second, when it comes to moving email, it is a bit of a timely process.  I have done this for companies much smaller than what you are referring to.  I always look at it this way:
How many independent applications do we have that will need to be reconfigured.
Once you move this to the cloud, anything needing email access will have to be reconfigured, every printer, every webserver that responds via your mail services, everything.  I know how long it took me to get things back to working "normal" when I moved a 40+ person company to the cloud (not my recommendation).  They had so many DB queries tied into their internal mail server (based on relays), they all had to be changed to use outlook to send.  To get it all done for a small company, was a huge project, which was planned very carefully.  But you can only plan for what you know about.  Last item here, is mail servers do get retired.  Plan on having to make changes every so often as your data gets migrated and your smtp servers are changed (had this happen too, not fun to figure out or get someone on the phone to get current information).

Third, I would be careful of which provider you use.  I know some are very particular about access to things.  I have found (after trial and error with several companies) Office 365 to be the best.  They give you powershell access so you can make some Admin changes to items.  

Fourth, moving takes forever.  There are few different options out there.  But, that is out of the scope of the question.  Hope this is helpful.
LVL 33

Assisted Solution

shalomc earned 166 total points
ID: 38771343

by your question it seems like you are heavily biased towards self-managed email.  

I would like to point out that:
* control does not equal security.
* control does not equal data confidentiality.
* control does not imply better operations.

My experience is that to effectively manage a self-operated geographically dispersed operation, you must heavily invest in tools, redundant infrastructure, enterprise licensing and IT staffing.

To be fair, some of these investments and expenses must be made anyway even when using cloud services, but they are significantly smaller.

Cloud services have outages, and outages are prime target for media reporting.
But, if you consider the actual availability of a hosted solution like google apps of office 365, and compare it to the actual availability of an in-house solution, you may find that despite the very public outages the actual cloud SLA is better.

So, if you are in a heavily regulated industry that requires full control or close to it - stay with in-house email.

Otherwise - be honest with yourself and build a true model of costs, SLA and risks before you decide.

Expert Comment

ID: 38788684
If cost was the only comparison, in house would be by far the cheapest solution. By a 5 to 1 margin in many cases. There is no comparison.  I also believe that in house is by far the most secure, IF you have an IT department that is diligent and up to date.

If your it DEPT is someone who was dumped into it, in addition to their regular job, then I would opt for Cloud.  since the security side of things is no joke.

Featured Post

PowerShell Core for Advanced Linux Administrators

Understand advanced principals around Powershell Core with a focus on the Linux Administrator.  This course covers how to administer numerous environments across multiple platforms including Linux, Azure, AWS, and Google Cloud from a single shell instance.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There is a lot to be said for protecting yourself and your accounts with 2 factor authentication.  I found to my own chagrin, that there is a big downside as well.
A look at what happened in the Verizon cloud breach.
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses
Course of the Month8 days, 18 hours left to enroll

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question