1 difficult questions to ask your secure provider
2 You re paying too much for a poor quality service is still the killer desktop application according to a recent survey from Ipsos Global Public Affairs. Not even new channels like instant messaging, voice and social networking can displace it remains the preferred method to communicate and collaborate at work. Unfortunately it s still the most popular platform from which to launch malware and phishing attacks. Figures from Gartner indicate that malicious and spam s constitute 69% of traffic worldwide, and the non-profit Spamhaus Project assert that 90% to 96% of all inbound mail today is illegitimate. Consequently, the need for bulk monitoring, filtering and archiving is universal. Gartner s most recent Magic Quadrant report for the industry found that the penetration rate of commercial Secure Gateway (SEG) solutions among enterprises was close to 100%. And yet, unlike other IT services, high market demand is no longer driving improvements in the quality of services delivered. The need to protect, filter and archive large volumes of s hasn t really changed, and yet many of the tools available today are getting increasingly feature-heavy and more complicated to use. There are two reasons for this. First, the secure and archiving market is crowded, and many providers are offering extra functionality, such as hyper-specific policy controls that don t meaningfully contribute to the actual protection of the environment. Secondly, many providers are still grappling to adapt their products to take advantage of true cloud environments, rather than simply offering cloudified versions. The difference is key. IDC have referred to cloud delivery models as hyperdisruptive, a major platform shift of a magnitude that only occurs once every years. It s therefore unsurprising that service providers are scrambling to associate themselves with true cloud platforms. As such, it s doubly important that you actually get the cloud resources you pay for. During this transitional period, many solutions available today have become divorced from the actual need they attempt to address. To put it plainly, as the tools have gotten more complicated (and crucially, more expensive), the job has become more difficult. It s time for businesses with legacy security and archiving systems to take a step back and reassess what they actually need from the solution - especially in context with newer cloud platforms. Here are five revealing questions to ask your current provider. If they don t have the answers, it could be time to move on. Contents 1. Why should I pay for features I don t need? How am I protected from spam and viruses? Where s my data? Why am I paying so much for storage? How do I get my data back? 07 About Mailsphere 08 5 difficult questions to ask your secure provider 02
3 Here s the main problem with unnecessary features: you still pay for them. Why should I pay for features I don t need? This is the killer question for many security and archiving providers today. Fierce market competition has produced an arms race between vendors to bloat up their services with features and functions that are rarely needed and almost never used. Here s the main problem with unnecessary features: you still pay for them. It s price, rather than featurecount, which is proving most influential for organisations investigating security and archiving services today. Almost 80% of respondents to a survey from Gartner s Magic Quadrant report indicated that price would be an important or very important factor in their next purchasing decision. The introduction of the utility computing model in particular has changed some of the expectations. As budgets everywhere continue to decline (or at best, stagnate), IT services must provide transparent value to the business. This means individual systems must become more focused, not more broad, in the ways they address specific challenges. 1. Spam filtering 2. virus & malware filtering Applied to security and archiving services, we can break down the needs they must address into 3 core competencies: spam filtering, virus and malware filtering and intelligent storage and archiving. Consequently, services that are able to provide robust solutions to these three core areas whilst removing as much complexity as possible will see the highest rates of adoption in the following few years. 3 core competencies of security and archiving: 3. storage & archiving 5 difficult questions to ask your secure provider 03
4 Cloud-native: services inherently designed to exploit the globally scalable resources of large, purpose-built public clouds, such as AWS or Microsoft Azure. Cloudified: services adapted to use hosted resources without the flexibility, scalability and transparent pricing of true cloudnative services. How am I protected from spam and viruses? Spam and virus attacks have come a long way in the past decade. From the early days of the mass outbreaks of Melissa, ILOVEYOU and Sobig, malware attack vectors have shifted towards more specific targeting of individuals. However, it s a fallacy that security software must become more complex to keep pace with more sophisticated threats. Quite the opposite there s a real risk that feature-heavy security solutions actually obscure the principles of best practice they allegedly promote. A common symptom of feature bloat is management complexity, which if left unchecked, can be just as risky as having no security at all. Heavily customised admin policies and userpermissions are always created with the best intentions but they regularly go untouched beyond set up. This amount of management complexity is more than overworked sysadmins need, (or even want) to deal with. Consequently, these solutions often fail to evolve with the business over time and quickly end up posing more risk than they ever did convenience. Conversely, cloud native services tend to offer the best of both worlds: enterprise-class security and a straightforward user experience. Ideally, cloud native services should also offer a high degree of flexibility, meaning in this case that mailboxes are transparently priced, and can be added or subtracted at will, with no additional charge. Services that are able to balance these factors are more likely to deliver the best protection whilst reducing management time (and the accompanying risks). Cloud native services tend to offer the best of both worlds: enterprise-class security and a straightforward user experience. 5 difficult questions to ask your secure provider 04
5 Many services in use today were not initially designed to cope with factors like data sovereignty. Where s my data? As a critical office function, it s understandable that the location of data is a popular point of concern for organisations considering cloud security and archiving services. However, given how infrequently organisations tend to assess their security and archiving solutions, many services in use today were not initially designed to cope with factors like data sovereignty, which can seriously impact the organisations access to its own data. Broadly, data sovereignty refers to the local laws, conditions and security standards that stored data is subject to. For instance, is your archived data stored in a country subject to the PATRIOT Act? What about the physical location? How vulnerable is it? By 2016 over 50% of commercial Secure Gateways will be delivered via cloud channels such as SaaS up from 37% today. As more businesses adopt cloud-based security and archiving services, the impetus will be on cloud service providers to operate with total transparency regarding the location of stored data, the accompanying conditions it is subject to, and the degree of access their customers have to it. Equally, customers in the secure and archiving market must interrogate potential cloud services thoroughly, and would do well to opt for solutions that are built on well-established public, true-cloud environments to reduce risk and ensure accountability. Commercial SEGs delivered via cloud channels: 50% % Today 5 difficult questions to ask your secure provider 05
6 Traditional solutions often impose strict limits on the size and number of mailboxes protected. Why am I paying so much for storage? After licenses, storage is often one of the largest costs of legacy archiving solutions. Indeed, is often the most significant driver behind storage growth across the whole organisation, and there s certainly no indication that growth rates are slowing. According to survey data from Archiving Market Trends 5 from the Enterprise Strategy Group, the median volume of archived mail has tripled since However, this isn t a problem that can be resolved with management and archiving policies alone, no matter how efficient they are. It fundamentally requires flexible cheap and tiered storage. Traditional solutions often impose strict limits on the size and number of mailboxes protected and reasonable use clauses around storage volumes. These kinds of restrictions can work against the growing needs of the market, and services that employ them will struggle to scale. Fortunately, these challenges around size and availability form an excellent use case for the flexibility and scalability that cloud resources deliver. The next few years will prove particularly interesting, as the differences between cloud-enabled and cloud-native applications become apparent. Gartner has already identified the need to differentiate between cloud infrastructure as a service and cloud enabled system infrastructure in their 2013 Magic Quadrant for Cloud Infrastructure as a Service. In the same way, as some major vendors start to cloudify their standard security and archiving services, they will have to compete with the flexibility and scalability of newer, legitimately cloud-native services. 5 difficult questions to ask your secure provider 06
7 How do I get my data back? It s a given that businesses need uninterrupted access to their data. Even rarely-accessed and archived data needs to be fully accounted for due to obligations around compliance and governance. Unfortunately, traditional archiving solutions were not designed with the flexibility to retrieve, access and, when required, migrate archive data without incurring significant costs. The difficulties of accessing, let alone moving, data can paralyse businesses, and prevent them from meaningfully considering alternatives. This can result in a kind of unofficial vendor lock-in. How easy is it to retrieve your archived data? And at what price? Were the terms ever discussed? It s worth asking these questions: your archived data could be much less accessible, let alone portable, than initially thought. As a general rule, cloud native services have been built from the ground up to take advantage flexibility, scalability and low costs that established cloud infrastructures provide. This flexibility extends to data portability cloud storage offers greater visibility, easier management and better control of archived data. Traditional archiving solutions can t deliver flexibility without incurring significant costs. 5 difficult questions to ask your secure provider 07
8 About Mailsphere Mailsphere Security and Archiving delivers enterprise-class protection and archiving for a fraction of the cost of traditional solutions. Built from the ground up to leverage the power of the cloud, MailSphere is the most flexible, scalable and resilient method of securing and storing your mission-critical and archive s. With no set-up costs, no hardware or software to buy, and flexible, low-cost pricing, getting started couldn t be easier. There are no storage limits and retrieval is fast and simple. Mailsphere is a Seedcloud company. SeedCloud offers technological, strategic, propositional and market advice to turn great ideas into successful businesses. Seedcloud works with businesses involved in corporate memory, connected graph technologies and machine learning, and actionable retail insights.