Problem solve Get help with specific problems with your technologies, process and projects.

The case for outsourcing e-mail security

Which is better for the enterprise -- installing, maintaining and managing an in-house solution, or outsourcing to an experienced managed service provider?

Dan Nadir

As spam and viruses continue to ravage enterprise infrastructures, IT departments are becoming overtaxed and employees are frustrated with lost productivity. The negative financial and productivity effects of spam are well documented and thankfully numerous vendors have developed solutions to preserve the true nature of e-mail as an efficient channel of communication.

Within these solutions lay two primary options: installing, maintaining and managing an in-house solution, or outsourcing to an experienced managed service provider. Which solution is optimal for the enterprise?

In-house e-mail security = in-house IT headaches
At first, developing an in-house e-mail security and message management system seems like the safer choice. But ask most companies that chose this route and they'll share with you the burden in-house e-mail security and message management has brought their IT department. Beyond the substantial expense needed to solve the problem of spam and viruses, already overtaxed IT managers will add maintaining e-mail infrastructure, updating spam filters and virus definitions, setting policy and ensuring policy enforcement to their to-do lists.

As the spam problem continues to propagate daily, these tasks become exponentially difficult. Managing an existing solution and then scaling the solution to eliminate more spam is extremely difficult because of unpredictable volumes. Capacity planning becomes impossible and many systems that appear solid initially die because of their inability to scale within the limits of an already constrained IT budget.

In addition, in-house systems allow spam and viruses to reach the enterprise network, where they consume heavy amounts of bandwidth and introduce a single point of failure. Should a network outage occur, high amounts of e-mail could be lost resulting in days of lost productivity and priceless levels of lost information.

Outsourced message management = control, performance and savings
Outsourced message management, by contrast, leaves message management and e-mail security in the hands of a trusted third-party. Managed e-mail services deliver the optimal balance between control, cost containment and performance. Managed services provide IT managers the control they require while removing the administrative overhead of managing and scaling the system for their organization.

Most companies are coming to realize that outsourcing e-mail security for their external Internet e-mail is no more or less risky than "outsourcing" their phone service or "outsourcing" overnight packages to FedEx or UPS. Many savvy security managers have commented that it is far more risky to send documents via overnight carrier -- packages are left unattended in (or on) drop boxes; drivers have total control over those packages while on the truck where there are no controls for tampering; and the package is physically in transit for longer than twelve hours. Yet, no company seriously contemplates bringing package delivery "in house" and staffing the organization with a fleet of jets and delivery personnel.

On the other hand, managed e-mail security providers are handling the public Internet message for just a fraction of a second, and in some cases, they layer on more security via automatic server-to-server encryption using standards like TLS or third-party products. Managed e-mail security providers also mask the identity of the corporate e-mail servers, protecting them from attack either by DoS or through an exploitable vulnerability. All in all, the corporate messaging infrastructure enjoys more security than it would have if e-mail was delivered without benefit of a security provider.

Managed service providers ensure the integrity and security of e-mail before it enters the corporate network infrastructure, and do so without scalability worries. The service model requires no capital investment and sets a fixed maintenance and upgrade cost, regardless of e-mail volume. Companies are protected 24 hours a day, seven days a week, even as new spam and virus techniques are introduced. Also, in the event of a disaster, managed service providers are able to securely queue e-mail in multiple locations, resuming delivery as soon as the local network and servers are operational, so that an organization is back up and running quickly.

Spam is more than a time-consuming annoyance and its presence in the enterprise threatens productivity and jeopardizes business goals. Unlike the substantial time and expense required by in-house message management, using a managed e-mail service provider requires little to no administrative effort to block viruses and spam before they enter the enterprise. In addition, managed e-mail services provide excellent reliability and fixed cost over time.

IT analysts are supportive of managed services for e-mail security. Of the four vendors positioned in the "leader" category of the recent Gartner Magic Quadrant for Anti-Spam, one was software, one was an appliance, and two of them were managed services.

Dan Nadir is vice president of product management at FrontBridge Technologies.
This was last published in July 2004

Dig Deeper on Network Security Best Practices and Products

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.