subscribe: Daily Newsletter

 

Securing e-mail in the cloud

0 comments

Security can’t be treated as a set of isolated point systems. That’s true of business information in general, and of e-mail architecture specifically.

Protecting information is one side of the coin; making it available and accessible is the other, according to Mark Edwards, director of product and services at technology solutions and people resources integrator, Intuate Group. If users do both right, they can improve productivity as well as avoid risk.
“The cloud isn’t just the most effective place to secure e-mail – before any threats or intruders ever reach your network – it’s also the most efficient. Cloud-based e-mail services can offer full protection with the promise of availability and reliability too.”
For e-mail in particular, having it protected in the cloud means it’s available in the cloud; as convenient as having it on a laptop, but without the security risks.
“Making e-mail available and searchable in the cloud means that it stays secure, but is still accessible. It’s the best of both worlds for the user, the IT administrator and the business. Users are no longer restricted by lack of resources and can take advantage of being able to work anywhere and at anytime,” explains Edwards.
Also, putting e-mail security in the cloud will relieve an IT department of a considerable burden. There is no need to test patches, no need to wait for updates to install – and above all, little or no downtime.
A well-designed security system, says Edwards, needs to provide businesses with four key features:
* It needs to be available at all times, to the appropriate users.
* It needs to provide a business with the means to ensure the integrity of its systems.
* It needs to be confidential (making sure that only the company and partners can access mail and mail based processes).
* It needs to give an organisation the means to control user actions.
“Delivering all four is a complex task, and requires a mix of tools and technologies making it well suited to a cloud service.”
Outsourcing e-mail security to a cloud service provides clients with a full-time security service. In addition, cloud services support large numbers of users, and economies of scale mean that they have staff dedicated to manage security tools.
Heuristic spam and malware detection tools running in the cloud can detect problematic messages quickly, because scanning all the messages targeted at clients’ mailboxes gives them so much material to work with. Malware patterns will show up quickly, and detection rules will be applied as soon as they have been reliably developed.
These techniques mean that cloud services have a very short, or non-existent, window of vulnerability to new spam and malware messages. A cloud service can also offer increased protection by using several protection mechanisms – typically using several anti-malware and anti-spam tools, or more than one heuristic analysis tool.
“With more tools, your e-mail presents a much smaller attack surface, reducing your business risk. One area where cloud services excel is helping to calculate ROI. A single place to manage all your e-mail security means there’s one place to get reports on system performance.
"A per-user billing cycle also means that it’s easy to tie costs to departments and specific business processes, making it easier to calculate the service ROI. A fixed fee also makes it easier to include the service costs in departmental budgets, rather than lumping costs into a single annual IT budget,” says Edwards.
Furthermore, all the equipment needed to run an e-mail security service is hosted and managed by the cloud service provider – so there’s no need to budget for new servers and security appliances.
“Cloud services are designed to do one thing and to do it well, so by entrusting your e-mail security to a cloud provider, you’re working with experts. Security may be part of your wider business issues, but it’s also a fundamental IT issue. Unless security is part of your business’ core expertise you’ll be able to reduce risk, cost and complexity by using cloud services to achieve unified security,” he says.