InfoWorld Home / Windows / Enterprise Windows / How to choose the right e-mail security approach
July 07, 2009

How to choose the right e-mail security approach

A 10-point checklist for selecting a software, hardware, or hosted e-mail security service

| Print | 3 comments|
240 Recommendations

E-mail is arguably the most sensitive information application in a company's software suite. With e-mail downtime, corporate data loss, and financial threats being major concerns for any business, strong e-mail security is a must. For companies where employees cannot send communications through e-mail, business relationships with partners, customers, and other constituents can grind to a halt, resulting in executive panic. However, with differences in culture, markets, operations, and business models, companies all have varying IT requirements that continue to fuel the need for choices in the e-mail security space.

[ See which e-mail security service wins in InfoWorld's comparisons: "Test Center: E-mail security services square off" and "Test Center guide: Mail security appliances." | Learn more about fighting spam with Exchange 2007. ]

To protect against e-mail-borne threats, IT professionals can approach security from three angles: 1) by deploying on-premise software, 2) by deploying an on-premise security appliance, or 3) by contracting with a hosted e-mail security provider. Each approach has pros and cons, and the decision as to which to use depends on your specific corporate requirements. But here are the top 10 areas* to consider when researching e-mail security for your organization:

  1. Lowest total cost of ownership, upfront capital investment, ongoing administration, and user training
  2. Access to experienced live customer support to quickly address issues
  3. Preservation of network and server bandwidth
  4. Processing of security threats inside or outside the corporate perimeter
  5. Fastest time to value delivery -- can it be deployed and working quickly?
  6. Reduced risk -- ensuring your choice does not introduce a single point of failure within the organization
  7. Interoperability with network systems and software
  8. Multiple layers of protection against spam, malware, phishing, viruses, vulnerabilities, and other attacks
  9. Simple operation and management to reduce IT burden and allow focus on more strategic IT initiatives
  10. Very little or no user training requirements

*List is restructured version from a Mailprotector security presentation.

Of the three approaches to address e-mail security, software is arguably the most popular.

Related Content...

White Paper

D2D Virtual Tape Library Replication Primer

This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.

Download now »

White Paper

An Alternative to Virtualization for Datacenter Cost Savings

Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.

Download now »

White Paper

Why Your Firewall, VPN, and IEEE 802.11i Aren't Enough to Protect Your Network

The emergence of WLANs has created a new breed of security threats to enterprise networks.

Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation

Download now »

White Paper

Bringing the Edge to the Data Center

Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.

Download now »
3 of 3 comments
Sign In or Register to comment
stevesm 8-Jul-09 11:14am

We have used the hosted email security methond for 2 years now (Postini now part of Google) and have had great success. It kept the unwanted traffic off our network, was easy and quick to implement. It is well worth the money to have the problems and maintenance issues related to a software system removed from our staff. We were spending up to a day a week with our old system. Hosted was the way to go for us!

MobileAdmin 8-Jul-09 4:41pm
Probably the best things we've done the past year or so was put a appliance in the DMZ as the initial gateway for all email. It drops the bulk of invalid email / spam at the door via IP reputation and email verification (helps stop those harvesting attacks). Combating SPAM is a full time job for two engineers on our staff and they are constantly tweaking our policies for emails that get into the next gateway (such as the new image based and # attacks) We're currently blocking 94% of all SPAM. Users need to expect some things will slip through. Our email security vendor updates their bad IP / spam identification file every 30 mins so it will be difficult to get 97-100% SPAM free. We have an onsite medical department so alot of words cannot be blocked as well one users SPAM is anothers marketing / newsletter so it's a large work effort to keep ahead of this. Unless you have a good budget, bright people I agree hosted is the way to for most companies.
cvar 9-Jul-09 6:40am
With the growth of blended threats (email & web), one other thing to consider in an email solution is mult-vector threat protection (think Web-based threats delivered via email - aka phishing attacks). A couple of reasons. First, protecting employees and the business from email and web threats are equally important, especially as web-based threats (think "Check out this video of you" messages on Facebook) become more prevalent. And since a lot of Web-borne threats are delivered via email, doesn't it make sense to have a single security policy or solution that cuts across both vectors? Second, if you're choosing a SaaS or cloud-based solution, wouldn't you prefer working with one vendor and solution versus two? After all, the point of outsourcing this stuff is to eliminate the work and hassle, not create more. Plus, you're likely to get additional cost savings. SaaS security vendors like MX Logic, for example, offer both email and web security services. According to their website, users can administer both services using a single control console that users (IT managers) log into. The other advantage, according to MX Logic, is that they're more effective at catching spam and stopping Web-based threats because they have a view into both "streams" (email and Web traffic). Simply put, if they see a new threat vector on the Web side, they can be proactive versus reactive and be on the look out for it on the email side - and visa-versa. Seems to make sense. For what it's worth.....

Sign up to receive InfoWorld Resource Alerts

Subscribe to the Today's Headlines: First Look Newsletter

Find out what will be news for the day, with our first-thing-in-the-morning briefing.

©1994-2009 Infoworld, Inc.