Email Continuity And Cloud Security Standards

Email continuity is critical to the business model of many organisations. Without continuity any business is dependent on hardware which, when it goes down, as inevitably it does at some point, can slow or stop operations which can have both short and long term consequences.

There are two approaches to email continuity. The first and traditional approach is to replicate hardware so that when one server goes down another can take over. This has many drawbacks; it involves a substantial investment in hardware and it can become extremely complex. The alternative is to use third party cloud based continuity solutions which provides seamless continuity even in disaster situations. Such solutions use a secure email gateway as a bridgehead between the cloud service provider and the user.

However many organisations have concerns regarding hosted email security. They feel that their email is more vulnerable when it is managed by third parties than when it is on their own premises. When they manage their own email they can control the security protocols, but when using cloud based services they are dependent on the security protocols of the vendor. The problem is that vendors use different protocols, and there is not yet a single standard that has been adopted generally.

Email Security

Nathaniel Borenstein, a prime developer of the MIME protocol and the chief scientist of Mimecast, a software as a service company that specialises in providing cloud based email solutions, believes that a lack of standards is often used as an excuse that organisations use when they explain why they are reluctant to adopt cloud based solutions, however the fact is that while there are some issues regarding standards, as so many organisations have already adopted the cloud without security problems, there is no reason why standards, or the lack of them should be a show stopper.

One problem that is often cited regarding the lack of standards is so-called vendor lock in. This means that the user is so reliant on the current vendor’s systems that migrating to an alternative vendor becomes extremely difficult or even impossible. This is obviously in inequitable position for any organisation; it destroys competition and leads to possible client exploitation. However reputable vendors always provide their clients with an exit strategy and undertake to assist them migrate to an alternative vendor should it ever prove necessary.

The issue of cross-industry cloud security standards is being addressed by the Cloud Security Alliance (CSA) and substantial progress is being made.

Image Courtesy  :

Leave a Reply

Your email address will not be published. Required fields are marked *