A well-planned move to outsourced email security service should allow most organizations to reduce capital costs,...
achieve predictable costs, as well as improve performance, reliability and security. An obvious advantage of using such a service is the convenience of having someone else manage messaging processes and infrastructure associated with message filtering, delivery and the elimination of spam-related network traffic.
Another advantage of email security outsourcing is its relatively easy implementation. Outsourcing doesn't require on-site equipment or third-party access to private servers and networks. Setup usually just involves changing a domain name system's MX (mail exchange) record to point to the service provider's mail gateway.
Such an arrangement also provides a side benefit: your email servers will be protected from denial-of-service attacks. If your mail server only picks up mail from the service provider, all DoD mail attacks will have been filtered and handled by the service provider's defense infrastructure. Also, because filtering is performed outside of your own network, it won't interfere with your perimeter defense devices. With outsourcing, it's often easy to avoid over-engineered systems. In many cases, the services can be scaled to current usage requirements.
When reviewing possible service providers, you must verify that the service level agreement (SLA) is going to deliver the security, reliability and costs that you require. A good email service provider should offer the following:
- Anytime, anywhere, reliable access to email
- Load balancing and a fully redundant infrastructure
- A wide range of messaging features such as webmail
- Filtering of incoming mail for viruses, spam and inappropriate content
I would also look for a provider who offers outbound message cleansing and policy enforcement. Secure connections are also important so that encrypted email pathways can be set up between offices and business partners.
So, are there any downsides to outsourcing? Some organizations may feel uncomfortable losing control over some of their infrastructure. A service provider does add another hop to the email chain, and that may cause concern for some, since email is inherently insecure. My opinion is that outsourcing email is no more or less risky than using an ISP or using mail delivery services such as FedEx or UPS.
However, there are the risks that exist in any commercial relationship. How financially stable is the provider? How easy would it be to move to another provider or bring email back in-house if you weren't happy with the outsourced service? As with any outsourcing decision, you must do proper due diligence when choosing from one of the many outsourcing services. You should try to find a provider that will protect against such issues.
- Learn how to maintain compliance when outsourcing enterprise services.
- Visit Messaging Security School and review email security basics.
Dig Deeper on Email and Messaging Threats-Information Security Threats
Related Q&A from Michael Cobb
By performing ongoing risk assessments, organizations can keep their SSH vulnerabilities at a minimum and ensure their remote access foundation is ... Continue Reading
Sending sensitive information in attachments is inherently unsafe, and the main way to secure them -- encryption -- can be implemented inconsistently... Continue Reading
Spyware can steal mundane information, track a user's every move and everything in between. Read up on the types of spyware and how to best fix ... Continue Reading