Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Top five myths of outsourcing e-mail security

May 2005 Asset Management

Scott Petry

Organisations are naturally concerned whenever anyone brings up the topic of `outsourcing security' whether it relates to e-mail communications or any other aspect of the IT infrastructure. Safeguarding the privacy and security of privileged communications is essential to meet current laws and regulations. Yet comments by leading industry analysts, as well as industry surveys, reflect changing attitudes towards outsourcing security - particularly when it comes to fighting spam and viruses. This article addresses the most common myths surrounding the concept of outsourcing e-mail security to a managed e-mail security service.

Myth #1: We will lose control if we outsource e-mail security

Mathew Kovar, a vice president for analyst firm Yankee Group's security solutions group, recently observed that many companies today are making the move to outsourcing security.

"Security outsourcing will prove attractive," says Kovar, "for reasons other than the cost savings typically cited by companies that farm out business processes. Among the drivers toward managed services are the accelerated attacks of today's threats - giving enterprises virtually no time to put up defences on their own before an attack infiltrates a network - legislative requirements such as HIPAA and Sarbanes-Oxley, and the trend toward pushing out the network perimeter to include partners and remote workers." (1)

Kovar cites anti-spam services as a prime example of this trend. "One of the easiest managed services to see success is e-mail anti-spam services," Kovar says, "People saw the pain and saw that they needed to outsource the solution."(1)

Phebe Waterfield, another analyst at Yankee Group was more specific. "Many companies once tried to manage spam internally because they were concerned about entrusting their e-mail to an outside company. That is considered a little paranoid these days," she says, "now that the aggressive and ubiquitous nature of spam has led to a change in mindset."

Myth #2: We cannot comply with policies or regulatory standards if we outsource e-mail security

Many anti-spam managed service firms must first accept and store messages on their own servers, filter out spam and viruses from those messages and then pass along legitimate messages to their customers. Other managed services, however, are able to conduct analysis of messages in memory, in realtime, so that no legitimate messages get stored but rather they are instantly passed along to their respective recipients. It is an important distinction when evaluating an outsourced e-mail security solution that will minimise privacy and security concerns.

If your firm's e-mail system goes down for any reason, an e-mail security managed service should also have the ability to spool or hold messages for several hours rather than letting them bounce back to senders. This assures that in the event of an e-mail server outage inside your firm's network, messages can be retained by the managed service until your e-mail server is able to accept them again.

For an extra measure of assurance you should look for an e-mail security managed service that has been SAS-70 or WebTrust certified. Developed by the American Institute of Certified Public Accountants (AICPA) and based on the global ISO 17799 standards, both SAS-70 and WebTrust certifications mean that the managed service's business and security practices pass inspection for ensuring the availability, integrity and confidentiality of its systems and your firm's communications.

Myth #3: It is more expensive to outsource anti-spam and e-mail security

The perception that outsourced services are more expensive than in-house solutions is clearly a myth when one considers the total cost of ownership involved in purchasing, updating and maintaining anti-spam software or appliances. Choosing a managed service for e-mail protection can provide immediate reduced costs and increased efficiency and effectiveness compared to in-house anti-spam software and appliance products.

Lower infrastructure costs - by keeping spam, viruses and attacks from ever reaching an enterprise's internal e-mail servers, companies can eliminate or avoid purchasing additional servers because e-mail traffic is significantly less. This also reduces your firm's e-mail archiving storage space requirements since no spam messages are ever accepted or stored.

Reduced administrative burden on IT staff - by eliminating the burden of maintaining additional in-house IT infrastructure, your firm IT personnel are free to focus on supporting firm activities, and supporting revenue enhancing tasks.

Restored user productivity - beyond e-mail infrastructure and IT staff-time savings, an e-mail security managed service can easily pays for itself with improved productivity by all users in the firm.

Less complexity managing and maintaining e-mail security - most e-mail security managed services are effective regardless of the mix of e-mail platforms or operating systems in a firm's IT environment.

Minimised risk of e-mail system performance degradation or failure - Since intrusions cannot reach the firm's e-mail gateway, your network cannot be overloaded or comprised from e-mail threats, thus avoiding slowdowns or e-mail system downtime.

Myth #4: Outsourcing e-mail security cannot accommodate my diverse users

While some anti-spam service vendors require a 'one size fits all' approach, others offer administrative flexibility that can reduce the necessity of time-consuming IT staff oversight and allow your attorneys and other users to customise their e-mail filtering within limits set by your firm's overall e-mail policy. A managed service should allow individual users to control the aggressiveness of spam and blocking within limits set by the administrator, as well as give them the option to review quarantined (suspect) messages if they choose. This permits the administrator to satisfy the requests of individuals who may want to review all quarantined messages.

Myth #5: Outsourcing e-mail only lets me conduct content policy filtering for inbound mail

Nothing could be further from the truth, since an e-mail security managed service can block viruses for both inbound and outbound e-mails, and enforce policy compliance for inbound and outbound messages. Look for Web-based access that will allow your e-mail administrator to set policies for individual users, user groups, as well as the entire firm. This kind of flexibility is particularly important for firms that want to vary message policies according to the roles of specific attorneys or other firm employees.

Scott Petry is a founder and senior vice president of Products and Engineering for Postini. He helped define and deliver Perimeter Manager, and Perimeter Manager Enterprise Edition, Postini's award winning enterprise e-mail security and management services products.





Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

Simplified fire and facilities management from one screen
Fire & Instrument Services Facilities & Building Management Fire & Safety Asset Management
Fire & Instrument Services (F&IS) and Scansoft are simplifying the complexities of facilities management, including fire safety, with iBMS Adrenaline, an integrated building and facilities management system enabling companies to monitor, control, and manage system hardware through a single interface.

Read more...
Natural catastrophes and fire risks top concerns
Security Services & Risk Management Asset Management Residential Estate (Industry)
Natural disasters are the highest risk in the real estate industry, followed by fire and explosions, and then business interruption. Estates must prioritise risk management and take proactive measures to safeguard their assets, employees, and reputation.

Read more...
Building a solid foundation
Alwinco Security Services & Risk Management Asset Management Residential Estate (Industry)
Understanding the roles of a Risk Assessor and a Risk Manager is like building a solid and secure foundation in the security world. Andre Mundell makes it easy to understand.

Read more...
Simplify AARTO compliance for fleets
Guardian Eye IoT & Automation Asset Management Transport (Industry) Logistics (Industry)
While there are challenges around the management and implementation of the AARTO Amendment Act, there are also benefits that need to be understood today to ensure compliance and value tomorrow.

Read more...
Logistics operators stand up to safety challenges
Logistics (Industry) Asset Management Transport (Industry)
The second annual Webfleet Road Safety Report for 2023 outlines common safety factors, challenges and solutions that South African transport operators face; deteriorating roads, poor vehicle maintenance, congestion and driver fatigue are common challenges.

Read more...
People screening goes mobile
Xscann Technologies News & Events Asset Management
Xscann Technologies has delivered a new mobile solution with added value for people screening. This turnkey solution requires no civil works as it is an all-in-one complete body scanning solution built in a shipping container.

Read more...
Securing road transport across Africa
Technews Publishing Editor's Choice Asset Management Security Services & Risk Management Transport (Industry) Logistics (Industry)
SMART Security Solutions spoke to Filipe de Almeida, the Portugal & Spain Regional TAPA EMEA Lead, and Massimo Carelle, the TAPA EMEA Africa Region Lead, about securing transport and logistics in hostile environments.

Read more...
Electronic Document Centre uses Synology
Infrastructure Asset Management
Electronic Document Centre (EDC), a semi-government company operating under Emirates Post Group, opted for Synology to streamline its data management infrastructure. This decision has led to improved operational efficiency and enhanced collaboration.

Read more...
Telematics help protect SA trucks against expanding risks
Logistics (Industry) Asset Management
South Africa’s road freight transport sector currently accounts for about 85% of all goods transported in the country and is growing rapidly annually. “To ensure that goods are delivered safely, promptly, and affordably is a challenge,” says Justin Manson of Webfleet.

Read more...
The right security solution removes the opportunity
Asset Management Retail (Industry)
South African retailers are facing a multitude of challenges, including economic fluctuations, changing consumer behaviour, increased competition, supply chain disruptions, regulatory changes and the need to adapt to digital transformation, not to mention theft.

Read more...











SMART Security Business Directory



Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.