Hosted Vs. On-Premise: Email Security Critical to Cloud Communications
Security continues to rank high on the list of concerns among CXOs considering shifting their communications to the cloud. Although more organizations are moving their email to the cloud and cloud-based email security is growing in acceptance in some sectors, moving security off premise continues to be a concern in relation to hosting solutions.
Cloud communications continues to grow in the SMB sector, according to Gartner (News - Alert), as by 2013 82 percent of businesses will still be using on-premise email hosting solutions, most commonly in the form of an on-site email server, either in the form of an integrated small business server package or as a standalone server solution, such as Microsoft (News - Alert) Exchange.
However, a hosted email security solution is not an all-or-nothing approach. Cloud-based email security works as a buffer between the mail server and the wider Internet, GFI Software pointed out in a recent white paper, which weighs the pros and cons of a hosted versus on-premise email security solution. Often, hybrid services – which combine on-premise and cloud resources – are ideal for any organization transitioning its IT services off-premise.
With cloud-based email security, all inbound and outbound email is received at the security service before being passed to the mail server, whether that server is also in the same cloud, a different cloud, or even back on the premises. This process makes sure that the content is virus-free and confirms with content policy before it is released for sending or for downloading to a client PC. ?
This “buffer” approach offers many end user and IT department benefits, according to GFI, which include the following:
- Inbound and outbound virus scanning – all email traffic passes through the cloud product, ensuring that malware is stripped from messages before they reach the client computer in either direction.
- Spam filtering before the point of reception – spam and blacklisted content can be intercepted and retained off-site before it ever reaches the mail server, let alone the client.
- Centralized maintenance and updates – email security in the cloud benefits from faster deployment of new definition files, system updates, refreshed blacklists and content filters. One update by a solution provider updates all cloud instances.
- Ease of administration – Web-based consoles make it easy to configure and alter security settings from any location, as well as monitor email traffic and the level of malware being intercepted.
- Point of failover – if the email server fails or has to be taken down for planned maintenance; mail can be queued in the cloud until the mail server is back online.
For a variety of reasons, some companies may opt to use a combination of both on-premise and hosted cloud communications services. A hybrid email security solution allows for a staged migration from conventional on-site email services to a fully cloud-based environment. A hybrid model also allows an organization to retain on-site services that it is required under compliance regulations.
The hybrid approach also allows for a multi-layered approach to email security and can also allow organizations to implement multiple instances of the same technology type, such as multiple AV engines, separated by a security platform to avoid false-positives.
Working with the right vendor will allow businesses the confidence of taking a staged approach to moving to the cloud, in which case, a hybrid multi-layer security solution can provide the flexibility needed to gradually migrate to the cloud.
Edited by Carrie Schmelkin
and MSPs GFI's solutions for OEMs & Cloud Providers