A well-planned move to outsourced email security service should allow most organizations to reduce capital costs, achieve predictable costs, as well as improve performance, reliability and security. An obvious advantage of using such a service is the convenience of having someone else manage messaging processes and infrastructure associated with message filtering, delivery and the elimination of spam-related network traffic.
Another advantage of email security outsourcing is its relatively easy implementation. Outsourcing doesn't require on-site equipment or third-party access to private servers and networks. Setup usually just involves changing a domain name system's MX (mail exchange) record to point to the service provider's mail gateway.
Such an arrangement also provides a side benefit: your email servers will be protected from denial-of-service attacks. If your mail server only picks up mail from the service provider, all DoD mail attacks will have been filtered and handled by the service provider's defense infrastructure. Also, because filtering is performed outside of your own network, it won't interfere with your perimeter defense devices. With outsourcing, it's often easy to avoid over-engineered systems. In many cases, the services can be scaled to current usage requirements.
When reviewing possible service providers, you must verify that the service level agreement (SLA) is going to deliver the security, reliability and costs that you require. A good email service provider should offer the following:
I would also look for a provider who offers outbound message cleansing and policy enforcement. Secure connections are also important so that encrypted email pathways can be set up between offices and business partners.
So, are there any downsides to outsourcing? Some organizations may feel uncomfortable losing control over some of their infrastructure. A service provider does add another hop to the email chain, and that may cause concern for some, since email is inherently insecure. My opinion is that outsourcing email is no more or less risky than using an ISP or using mail delivery services such as FedEx or UPS.
However, there are the risks that exist in any commercial relationship. How financially stable is the provider? How easy would it be to move to another provider or bring email back in-house if you weren't happy with the outsourced service? As with any outsourcing decision, you must do proper due diligence when choosing from one of the many outsourcing services. You should try to find a provider that will protect against such issues.
Dig Deeper on Email Security Guidelines, Encryption and Appliances
Related Q&A from Michael Cobb
A new programming language called Wyvern is helping developers use multiple languages in one app securely. Application security expert Michael Cobb ...continue reading
Gartner predicts more than half of all mobile apps will use HTML5 by 2016, but what threats will this cause the enterprise? Expert Michael Cobb ...continue reading
Public key pinning aims to reduce the lack of trust associated with digital certificates and certificate authorities. Expert Michael Cobb explains ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.