There’s a good reason that so many businesses are moving to cloud-based email services like Gmail and Microsoft Office 365. These are familiar vendors with a promise of exceptional performance and ease of use with seemingly zero trade-offs. Unlike the headache of managing on-premises email systems, cloud vendors take care of hardware, upgrades, availability and more. Your company’s email “just works,” and all you have to do is pay the bill every month. Right?
Unfortunately, it’s not that simple. Despite the hype, cloud-based email is far from perfect because it can introduce significant vulnerabilities and risk into your organisation. Let’s look at three of the top concerns – and how to mitigate them.
Microsoft, Google and their competitors put on a big dog-and-pony show about how secure their solutions are. And they certainly do take security seriously; solutions like Gmail and Office 365 roll out new security features with every release. Hackers, however, work faster. Today’s cybersecurity threats are more sophisticated, more numerous and less discriminating than ever before. The bad guys used to only target organisations of a certain size, industry or reputation, but these days, no business is safe.
Some companies still make more enticing targets, and the Microsofts and Googles of the world are at the top of that list. An attack on a major vendor delivers an almost unfathomable amount of data in one fell swoop. This is largely possible because Gmail, Office 365 and the like operate as security monocultures: a multi-tenant email solution monopoly backed by a single security code base designed to protect every tenant. That means every user is putting their security eggs in one very large basket – always a dangerous proposition.
You can’t control these macro-threats (though it’s smart to be aware of the context), but you can control what protective measures come with your cloud-based email plan. Basic anti-spam, anti-malware and virus scanning will almost certainly be included, and that’s a good start. But protection from more sophisticated vectors is frequently offered as a series of add-ons. Some of these are widely promoted, although some are not, so it’s important to ask your vendor what’s available, the level of security that they offer, any impact to performance, and how the add-ons will increase your total cost of ownership.
For some companies, particularly those with specific and/or robust security needs, the basics and the add-ons won’t be enough – those eggs are simply too important and sensitive to keep in one communal basket. That doesn’t mean cloud-based email won’t work; it may just require supplemental tools from a third-party provider. While this diminishes the “one-stop-shop” luster of cloud-based email services, it allows organizations to create a more holistic solution, complete with independent backups.
Archiving doesn’t sound nearly as important or urgent as security, but it has grown into a serious need for organizations of all shapes and sizes. From law firms to healthcare organizations to small businesses, for legal, regulatory or compliance reasons, email archival services have evolved from a nice-to-have to a necessity. Unfortunately, archiving features within cloud-based email solutions have failed to keep up with this shift.
Both the on-premises and cloud versions of Microsoft Exchange rely on third-party solutions for enterprise-grade data archiving. Its built-in archiving feature is weak, and while add-ons are available (at additional cost and performance compromise, of course), they still don’t meet the needs of the modern enterprise. Specifically, neither Microsoft or Google offer point-in-time recovery. That means that if they face a data loss situation in their data center(s), they cannot guarantee the availability and integrity of your archived data up to and including the time of the breach. If you’re facing a lawsuit or audit, that’s a risk that you can’t afford to take.
Organisations address this vulnerability in a similar way to the security challenges with cloud-based email, by adding a point product on top of their email service to meet their archiving needs. For companies with serious archiving needs, point-in-time recovery is non-negotiable.
3. Business continuity
Availability is kind of like security – no matter what you do, no matter how many 9s are in your vendor’s guaranteed uptime, it’s a matter of “when,” not “if,” the service goes down. Large providers have significant redundancy strategies in place, but that doesn’t mean that you’re off the hook for backing up your own data and processes.
When your cloud-based email and all of its attendant features suddenly aren’t available, how will it impact your business? For most companies, offline email is far more than an inconvenience – it’s a productivity and profitability killer. Consider:
- 72 percent of companies will experience unplanned email outages in a year
- IT downtime reduces companies’ ability to generate income by more than 22 percent annually
- Companies lose about 300,000 hours annually through unplanned downtime
- 54 percent of companies have experienced downtime from a single event lasting more than eight hours
- Information and communication technology downtime costs North American organizations $700 billion per year, largely through lost employee productivity
These stats hit especially hard given the current climate of natural disasters, political uncertainty, terrorism and cyber attacks. Communications is the lifeblood of your business. Without a backup strategy in place to guarantee email’s availability, you’re at the mercy of a much bigger machine.
Like the previous two use cases, a backup strategy typically comes in the form of a backup system. Email business continuity solutions automatically encrypt and store your email communications and provide instant, reliable access to past and current email if/when your primary system goes down. Some also come with additional features, like security and archiving, to fill in the other gaps with your cloud-based email service.
Cloud-based email solutions like Gmail and Office 365 give businesses more flexibility and agility for far less hassle than traditional solutions. However, it’s crucial to understand that like their on-premises counterparts, cloud email services aren’t comprehensive. Before making the switch, dig deeper into the three common gaps covered above. Make sure that your specific security, archiving and business continuity requirements are met – not just to the minimum standard, but in anticipation of where your business, and technology as a whole, are headed.
Rachel Collins, General Manager and Senior Vice President, Aurea Software
Image Credit: Kpatyhka / Shutterstock