Beruflich Dokumente
Kultur Dokumente
www.gfi.com/max-family GFI White Paper: Protecting Business Critical Services - Email | Page 2
Synopsis
This Whitepaper looks at the challenges of managing email for
businesses, and the options that are available to organizations
looking to deploy solutions to protect their email.
The author concludes that a Cloud-based Email Security, Continuity, and Archive solution is the best option
currently available.
Contents
Introduction 4
Conclusion 11
www.gfi.com/max-family GFI White Paper: Protecting Business Critical Services - Email | Page 3
Introduction
Email is the single most important service to businesses today. The
average user spends an hour and 47 minutes per day using email
[American Management Association].
With the advent of mobile devices, email is no longer tied to the office but is read, responded to and sent
everywhere, all the time. As well as constantly checking email at work, most people check email whilst at
home, whilst travelling, and even whilst on holiday.
As many as 1/3rd of people aged 18-34 now check their email when they first wake-up, even before they
visit the bathroom [Facebook Survey].
Ask most people which business service they couldn’t live without, and they’ll answer email.
The rise of social networking has added to the number of emails sent and received, and with large
amounts of multimedia content becoming the norm, the size of email messages has dramatically
increased.
From a security perspective, the threat of spam, viruses and malware is here to stay. Companies that
aren’t protected against these threats run a serious gauntlet of issues, not least of which being the
danger of an uncaught virus wreaking havoc on a network. Additionally, if a company’s email system is
compromised and used to send outbound spam or viruses, the organization can find itself “blacklisted”
and unable to send legitimate email to partners, suppliers and clients.
Government and industry regulations now require many companies to retain their electronic
communications in a verifiable manner. And organizations that have been involved in litigation are
only too aware of the burden of electronic discovery, and the importance of being able to conclusively
demonstrate the content of historical email communications.
Additionally, due to the importance of email, many organizations and people now actively seek to retain
their email messages indefinitely. With the huge growth in storage capacity on computers and corporate
networks, people are less likely to delete email that might contain valuable information, and more likely
to retain messages for future reference.
Together, these factors have led to new challenges for businesses managing email. Security threats
are ever-present. Users are spending more time searching for information stored within old emails.
Continuous access to emails is required, all the time. Even short outages of email services can leave users
unproductive, and with no external email communication, business opportunities may be lost.
As a result, organizations are increasingly looking to protect themselves by making sure email is online,
archived and fully protected 24 hours a day, 7 days a week.
www.gfi.com/max-family GFI White Paper: Protecting Business Critical Services - Email | Page 4
1.0 How important is email?
www.gfi.com/max-family GFI White Paper: Protecting Business Critical Services - Email | Page 5
store the associated messages.
These figures relate to legitimate emails and do not consider the 90% of emails that are spam and viruses,
further adding to the amount of processing power and storage capacity required to manage email
communications.
www.gfi.com/max-family GFI White Paper: Protecting Business Critical Services - Email | Page 6
Last but not least, a backup does not facilitate a search for historical messages. Nor do most mail servers
include this functionality. Technologies enabling swift searching of large amounts of data are ever improving,
but without this technology in place specifically for an email system, individuals and organizations are left
spending considerable time searching for old emails.
In cases where the IT department does not offer a comprehensive solution to email archiving and backup
to their users, the users themselves often make their own arrangements. This might be by way of storing
emails locally on their computers or laptops, in an uncoordinated fashion completely separate from any
centralized email system. These methods of backup are unreliable and insecure, with the number of laptops
reported stolen or lost growing daily, including many high-profile cases reported in the press. Furthermore,
for legal or regulatory compliance, these individual backups scattered throughout an organization create a
logistical nightmare. Without a centralized repository for the message storage, it can be extremely difficult
to find relevant messages, particularly when a local backup is lost or an employee leaves a company.
In short, organizations need both a backup solution that can help to restore data after the failure of a
mail server, and an archive solution that provides a verifiable record of email communications as well
as a centralized and reliable means to access and search historical messages, including those that were
subsequently deleted from the mail store.
www.gfi.com/max-family GFI White Paper: Protecting Business Critical Services - Email | Page 7
And comparably few people have ready access to a fax machine.
Additional, all messages sent by these methods will bypass the organization’s archive and retention policies,
creating a compliance issue for companies subject to regulation.
Clearly, an email outage can have far reaching effects – in lost productivity, harmed communications with
customers and prospects, potential security ramifications, and in the risk of lost business.
The cost of an employee being unproductive during an email outage is a “soft” cost. That is to say,
because the business is not actually writing a check for this cost, it is tempting to ignore it when
calculating costs. As we’ve discussed, there is a real and significant cost to a business of employees being
unable to access email.
Some businesses have a Disaster Recovery (DR) plan that includes how the business will cope if struck by
a natural disaster, fire, theft or loss of building. These plans should include IT systems such as email and
how a company will cope without these services.
If you have a Disaster Recovery plan, consider how you would cope as a business without email, and
incorporate contingency plans into your DR plan.
If your business does not have a Disaster Recovery plan, creating a strategy for tackling email continuity
can be both the first and a significant step towards creating your own DR plan.
Seek more information of the regulatory and legal requirements that are placed upon your business,
dependent upon its location and the nature of the business. Often, this will dictate the requirements and
scope of any system that you need to implement for email retention.
When considering an email security and continuity plan, consider “future proofing” it. If your business
were to grow, could your email grow with it? Even replacing a single email server can be a time
consuming migration, causing downtime and loss of services. Would an email continuity platform help
alleviate any of these migration pains?
If your organization were to acquire or merge with another organization, could your email system quickly
be adapted to this purpose?
60% of critical information within a company is contained within email [Radicati]. Yet many companies
do not have the ability to easily search through this knowledge, particularly after employees have left the
organization.
www.gfi.com/max-family GFI White Paper: Protecting Business Critical Services - Email | Page 8
Additionally, the time an active employee spends searching for information within email should be
considered. How much more productive would an employee realistically be if they could find the
information they wanted from email quickly and easily.
When determining a Return-on-Investment (ROI) on any system or process that prevents email downtime
and provides archive solutions, it is prudent to include these costs.
7.6 What is your solution for email security, and is it integrated with your solution for
continuity and archive?
Almost all companies have some form of spam and virus detection. However, such solutions are often
hardware or software point solutions that are separate from any solutions for email continuity or email
archive. Using different, non-integrated solutions for spam and virus protection, a backup system for
email continuity, and an email archive solution, can greatly increase the initial investment necessary
along with the ongoing management time and costs compared to a single integrated solution. The
difference is magnified when considering the learning curve, time and costs for employees of learning to
use two or three different systems instead of one.
www.gfi.com/max-family GFI White Paper: Protecting Business Critical Services - Email | Page 9
Appliances can be deployed to a wide variety of sites, as they are not directly tied to a mail server or
operating system. They may also be easier to manage than a software solution.
An appliance solution can be an expensive option, requiring an initial capital investment to cover both the
software and hardware inherent in an appliance. Additionally, an appliance will need to be replaced every
few years, requiring time and expertise, as well as periodic additional capital investments.
An appliance, like a software solution, will also have limited capacity and may not grow with the needs
of an organization’s storage requirements. Also similar to a software solution, the appliance represents a
single point of failure.
Appliances may also suffer from being stored on the same site as the businesses primary email service. In
the event of a disaster involving fire, theft or loss of building – the appliance may suffer the same fate as
the email server.
Appliance solutions also may provide email security but not continuity or archive capabilities. Indeed, an
appliance has limited capabilities as a continuity solution, as it will be susceptible to the same network
issues as the mail server itself.
8.3 Cloud-Based Services
Cloud-based services, also known as Software-As-A-Service (SAAS) solutions, are hosted in the Internet
(or “Cloud”). They benefit from being easy to deploy, and can be easily accessed from any location. Good
solutions are engineered to have multiple points of redundancy so that they will be always available on a
24x7x365 basis.
A SAAS email security solution filters email for spam and viruses in the cloud, and delivers only legitimate
emails to a business’s email server. This reduces an organization’s bandwidth requirements as well as the
processing requirements of its mail server.
Cloud-based email security solutions can provide integrated continuity. In the event of an issue with an
organization’s email server, users can be re-directed to the Cloud-based service where they can from any
location continue to send and receive email. This reduces the urgency to restore the on-premise solution,
and makes migrations or changes that require downtime much more manageable.
Cloud-based solutions also benefit from being a secure and trusted environment for sending outbound
emails. By delivering outbound messages through the cloud service, an organization can avoid being
blacklisted, as outgoing emails are checked for spam and viruses, and would not be permitted past the 3rd
party host – which stakes its reputation, and those of all its clients, on maintaining a healthy environment.
As an archive solution, a cloud-based solution offers geographic redundancy for the message storage,
providing greater reliability compared to an on-site hardware or software solution.
A cloud-based solution also automatically scales to meet a customer’s requirements, whether that is to
provide additional protection in the event of a large spam run or denial of service attack, or to provide
additional storage space for a growing email archive.
Generally, cloud solutions are the easiest and fastest solution to deploy – with minimal training required,
no hardware or software to install or configure, and a 3rd party providing the infrastructure and assisting
with deployment.
Cloud-based services also benefit from being an Operating Expenditure (OPEX) as opposed to a Capital
Expenditure (CAPEX), meaning little or no up-front investment and predictable on-going costs with no risk
of obsolescence.
Last but not least, a cloud-based solution can provide a single integrated answer for email security, email
continuity, and email archive - saving money and time for both administrators and end users.
Longer term, cloud-based solutions may appear more expensive than on-premise solutions, due to their
ongoing monthly costs. However, those costs include all the infrastructure necessary to provide reliable
and seamlessly scalable services, which has the result of reducing other expenses for the business - namely
those for network bandwidth, IT staff time, hardware and software costs, and of course the on-going
periodic costs in maintaining and upgrading on-premise hardware and software over time.
www.gfi.com/max-family GFI White Paper: Protecting Business Critical Services - Email | Page 10
Conclusion
The author of this White Paper concludes that a Cloud-based, integrated email security, continuity, and
archive solution is the best solution for the majority of businesses. A Cloudbased solution is ultimately the
fastest and easiest to deploy, provides the most effective continuity options, offers the potential to grow
with the business, and reduces both the time and cost of on-going maintenance requirements.
www.gfi.com/max-family GFI White Paper: Protecting Business Critical Services - Email | Page 11
WP/0005/v1.0/EN
Disclaimer
The information and content in this document is provided for informational purposes only and is provided “as
is” with no warranty of any kind, either express or implied, including but not limited to the implied warranties of
merchantability, fitness for a particular purpose, and non-infringement. GFI Software is not liable for any damages,
including any consequential damages, of any kind that may result from the use of this document. The information
is obtained from publicly available sources. Though reasonable effort has been made to ensure the accuracy of the
data provided, GFI makes no claim, promise or guarantee about the completeness, accuracy, recency or adequacy of
information and is not responsible for misprints, out-of-date information, or errors. GFI makes no warranty, express
or implied, and assumes no legal liability or responsibility for the accuracy or completeness of any information
contained in this document.
If you believe there are any factual errors in this document, please contact us and we will review your concerns as
soon as practical.
© 2011. GFI Software. All rights reserved. All product and company names herein may be trademarks of their
respective owners.
www.gfi.com/max-family GFI White Paper: Protecting Business Critical Services - Email | Page 12