Murphy’s Law states that if anything can go wrong, it will. While this popular phrase originated long before the invention of computers and the Internet, it seems eerily apropos when it comes to technology—and to email in particular.
Of all the technologies that exist today, email is arguably the single most important business application ever invented. For most of us, email has become the central hub for our daily work lives, holding and organizing all the work we do, the relationships we keep and the information we create and exchange. For companies, email has long replaced the telephone as its primary link to the outside world. The thought of going without email for a week, a day or even an hour seems unimaginable. As a result, message continuity has moved up the agenda in email services for many organizations and IT managers.
Message continuity or disaster recovery isn’t anything new. Small and large organizations have long recognized the need to have a back-up plan in the event of a network outage or major natural disaster. However, designing and implementing a bulletproof continuity plan and system is not only complicated, but it often requires a significant investment of time and money. That is changing. A few managed security services are now offering continuity services, making it both easier and significantly more affordable to get a back-up plan in place for email.
At their core, managed security services aim to provide a low cost, hands-off alternative to hardware and software security solutions that scan and filter inbound and outbound email messages for spam, viruses and other Internet-borne threats. Rather than installing, managing and constantly maintaining these physical, on-site solutions, users simply redirect inbound and outbound email to a managed security service provider where the messages are scanned and filtered. Because the scanning and filtering occurs outside the network perimeter, this method is often referred to as “in the cloud” security.
With managed security services, the service provider is responsible for monitoring, maintaining and updating the service 24x7x365. In addition, service providers often use multiple virus engines and several spam filters, providing greater overall protection than what could be purchased in any single piece of hardware or software solution. Most of the security service providers charge a monthly fee based on the number of users, and require little to no upfront costs. This allows businesses to spread out the costs of email security throughout the entire year versus trying to budget for one big lump payment. It’s simply pay as you go.
In addition to the obvious benefits of outsourcing email scanning and filtering, IT managers are increasingly recognizing the messaging continuity benefits that some managed security services now offer. In the event of a major disaster, planned or unplanned email outage, some managed security services will continue to accept and save all incoming messages automatically. Once the email network or systems are restored, the messages are successfully delivered.
A select few premium service providers are taking it a step further. For example, during a planned or unplanned email outage, the MX Logic Email Defense Service with Message Continuity can automatically detect an outage. Once it does, the service instantly activates, allowing businesses and their employees to access, read, respond and send emails through a secure Web portal. The service provides 60 days of unlimited access and storage of emails. To the outside world, it’s business as usual.
Once the network or email system has been restored, the emails are delivered to and synchronized with the network, showing all activity during the outage (e.g., emails marked as read).
While message continuity services are primarily there for unplanned outages, some organizations are using the service during “planned” outages. For example, a business that needs to upgrade its network or email system by adding or replacing hardware or software typically schedule network changes on the weekends or during the very early morning hours when network traffic is typically low. But with a managed service, IT managers simply activate the continuity service and make the necessary network fixes or changes. This, of course, allows IT manages to make necessary network changes or adjustments at anytime without interrupting email flow.
Despite all the benefits and advantages, a managed security service isn’t for everyone. IT managers who prefer to manage security internally or want the ability to manually make the most subtle adjustments to messaging policies and filters should continue to use onsite hardware and software solutions. Others may have recently invested heavily in internal hardware and software systems, and don’t or need to switch. Still, businesses that rely primarily on internal hardware and software solutions can use managed security services to augment their security and extend the life of their network. A low-cost solution like MX Logic Perimeter Defense helps stop as much as 50 to 60 percent of incoming spam at the network perimeter, therefore, freeing up valuable network bandwidth and reducing the load placed on internal security solutions.
If managed security services are something you’d like to consider, there are a few things you should consider.
Although managed security services have been around for several years, a flurry of acquisitions and mergers occurred in 2005. As a result, many larger vendors often offer a managed security service as one of many different service offerings. For those considering a variety of services beyond security, this may be appealing. Others may prefer going with a dedicated managed security service provider who focuses entirely on email and Web protection. Dedicated managed security companies are often at the forefront of new security trends and technologies because of their targeted focus.
Read the Fine Print Regarding Support
Given the complexity of email and messaging security, having “great” support is crucial. Most of the managed security vendors offer some form of support, but they’re not all the same and it’s important to understand the differences. For example, some vendors charge for support or require a minimum spend to get any support at all. Businesses that don’t spend a certain amount each month with the service provider are simply on their own. Other vendors include support as part of the service, which is clearly an advantage. It’s also important to understand support hours, since outages don’t just occur during normal business hours. Some vendors limit live telephone support to certain hours while others offer it 24x7x365. Anticipating your support needs can be difficult, but knowing you can call someone at 2 a.m. when you need help is a very important consideration.
Effectiveness Rates and Usability
Most of today’s managed services do an excellent job scanning and filtering spam and virus. And because many of the service providers use multiple filtering and scanning technologies, they often do a better job than stand-alone hardware and software. Regardless of the security solution, there are two primary measurements of effectiveness. The first is often referred to as “catch rate” or “spam effectiveness” rate. These typically range from 95 to 99.999 percent, depending on a plethora of complex variables. This figure simply means how often the service identifies and stops a spam message or virus—of course, the higher the number, the better.
No vendor can claim 100 percent effectiveness, which is partially explained by the second important measurement—false-positive rates. False-positive rates measure how often a legitimate piece of email is incorrectly classified as spam and stopped. For example, if you subscribe to an alumni newsletter and it’s identified as spam and stopped, this would be considered a false-positive. In this case, the lower the false-positive number, the better. However, don’t rely on these published numbers alone. Ask around. Making sure a service is easy to use and manage is often as important—if not more important—than the published effectiveness rates. After all, the most effective service is of little value if it’s too complicated or cumbersome to use.
Whether you choose to use hardware, software or a managed service to keep your email humming along, the key is not to wait until the inevitable happens. When Murphy’s Law hits your network—and it will sooner or later—do yourself a favor and be prepared. Your customers, partners and bosses will thank you.
MX Logic vice president of Marketing, Ryan Walsh, has more than 15 years of experience in providing product marketing strategy and business process improvement for technology startups and world-class operating organizations. Walsh received an MBA from Harvard Business School. He can be contacted at firstname.lastname@example.org