A well-planned move to outsourced email security service should allow most organizations to reduce capital costs,...
achieve predictable costs, as well as improve performance, reliability and security. An obvious advantage of using such a service is the convenience of having someone else manage messaging processes and infrastructure associated with message filtering, delivery and the elimination of spam-related network traffic.
Another advantage of email security outsourcing is its relatively easy implementation. Outsourcing doesn't require on-site equipment or third-party access to private servers and networks. Setup usually just involves changing a domain name system's MX (mail exchange) record to point to the service provider's mail gateway.
Such an arrangement also provides a side benefit: your email servers will be protected from denial-of-service attacks. If your mail server only picks up mail from the service provider, all DoD mail attacks will have been filtered and handled by the service provider's defense infrastructure. Also, because filtering is performed outside of your own network, it won't interfere with your perimeter defense devices. With outsourcing, it's often easy to avoid over-engineered systems. In many cases, the services can be scaled to current usage requirements.
When reviewing possible service providers, you must verify that the service level agreement (SLA) is going to deliver the security, reliability and costs that you require. A good email service provider should offer the following:
I would also look for a provider who offers outbound message cleansing and policy enforcement. Secure connections are also important so that encrypted email pathways can be set up between offices and business partners.
So, are there any downsides to outsourcing? Some organizations may feel uncomfortable losing control over some of their infrastructure. A service provider does add another hop to the email chain, and that may cause concern for some, since email is inherently insecure. My opinion is that outsourcing email is no more or less risky than using an ISP or using mail delivery services such as FedEx or UPS.
However, there are the risks that exist in any commercial relationship. How financially stable is the provider? How easy would it be to move to another provider or bring email back in-house if you weren't happy with the outsourced service? As with any outsourcing decision, you must do proper due diligence when choosing from one of the many outsourcing services. You should try to find a provider that will protect against such issues.
Dig Deeper on Email and Messaging Threats-Information Security Threats
Related Q&A from Michael Cobb
Expert Michael Cobb details how to argue for a multistep secure code review process, like Microsoft SDL, and the pros of secure coding practices. Continue Reading
Researchers developed a tool to help prevent improper certificate pinning that causes security issues. Expert Michael Cobb reviews the issue and the ... Continue Reading
Google Project Zero discovered a WPAD attack that could target systems running Windows 10. Expert Michael Cobb explains how the attack works and how ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.