Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Email security: Pedigree versus hybrid

How much of the cloud computing benefit is lost when you must also maintain an on-premise piece to deliver comprehensive email security?

Ten years ago, preceding the dot com bomb, only a handful of organisations had bought email security software. The overwhelming business driver was the growing number of incidents of workers being sacked for using company email to send pornographic material on the corporate email system and highly embarrassing public email gaffes like the infamous Claire Swire case.

The problem was significant enough to spawn a small industry of software providers bent on solving the world’s corporate porn problems. Content control was the key to commercial success; in fact, the embedded technologies for recognising skin colour and form were so advanced they were licensed from ex-military applications designed to detect tank tracks from satellites. Integrated artificial intelligence systems designed to automatically learn an organisation’s confidential information to avoid data loss formed the earliest data leakage prevention systems.

These feature-rich, deep content inspection features were only available due to the underlying Windows operating system’s ability to present the content to the inspection engine. In 2002, however, the technology took an abrupt turn with the arrival of spam.

By 2003 more than 30 per cent of email volume was estimated to be made up of spam and Windows based anti-spam systems ran into trouble. In order to determine whether content is spam, porn or confidential information, you need to write a file to disk or memory. But anti-spam systems based on Windows couldn’t keep up.

Another industry was launched; a much, much larger one — anti-spam appliances. They were pedigree solutions that were very good at performing a specific stated task. Based mainly on Linux and without the file system limitations of Windows, they could write thousands of files for inspection to memory rather than disk, vastly improving throughput.

Spam control became very specialised but was at the cost of broader content control capabilities such as porn and data loss prevention. Since the introduction of appliances, however, one thing hasn’t changed — the relentless growth in spam.

Spam now accounts for more than 90 per cent of overall email volumes but the capabilities of anti-spam appliances have reached their limitations and organizations are increasingly relying on a handful of cloud computing services to solve the problem.

And solve it they have — at least to the extent that spam can credibly be solved. Most anti-spam products and services publish spam capture and false positive rates that are within a percentage or fractions of a per cent of one another. This leveling of the playing field has shined new light on the other thing that hasn’t changed: Companies continue to have problems with Internet porn in the workplace and the accidental leakage of corporate confidential information via email.

Content Control is still an issue and both anti-spam appliances and cloud based security services have failed to solve it. Many organisations have retained their legacy on-premise email security infrastructure specifically to mitigate the risk of content control. The phenomenon is so entrenched that several security vendors have offered an email security cloud computing strategy spruiking a hybrid approach of ‘Cloud for spam’ and ‘on premise’ to solve data leakage and porn problems.

The question begging to be asked here is how much of the cloud computing benefit is lost by the fact that an on-premise piece needs to be maintained to deliver comprehensive email security? I would argue all of it. Cloud computing provides unlimited scalability, 5 x 9 service availability and performance guarantees which are all but made redundant if they are dependent on a component single point of failure on the network. It is the greatest flaw in the email security ‘hybrid’ strategy.

You are always going to be better served with a pedigree solution that allows you to benefit from all of its features caveat-free with service guarantees intact. You need to be able to decommission legacy on-premise email security infrastructure and move all the content control functionally into the cloud alongside your anti-spam and anti virus defense strategy. Your organisation gets to enjoy all the benefits that cloud computing has to offer as well as solving the original problem. Hybrid applications for any technology do little more than expose a glaring deficit in their technology strategy: The benefit gained via the problem they are trying to solve is ultimately defeated by the increased management overhead.

Charles Heunemann is managing director, Asia Pacific operations, at Webroot Software.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

Comments

1

JonBays

Thu 12/08/2010 - 09:35

Cloud email and web security services have come of age and we are finding that in the SME and small local governement space the benefits are conclusive although the global enterprise is slowly moving from on premise to hybrid model in careful selected steps as latency, data security and privacy issues are being addressed.

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: anti-spam, cloud security, hybrid, security, spam, Webroot
Latest Blog Posts
Whitepapers
  • Mobile Security: Don’t leave employees to their own devices
    No organisation can afford to ignore the rising march of consumer devices in today’s workplace. But neither can they ignore the risks that consumerisation brings. Companies must adapt IT and security strategies accordingly, balancing the needs and demands of more flexible work models with the often thorough information security safeguards that were implemented to protect the business in the first place. Fortunately, there are ways of doing just that and achieving a balance that works for all concerned.
    Learn more »
  • INFORMATION FOR SUCCESS - Customers Achieve Extreme Performance at Lowest Cost with Oracle Exadata Database Machine
    How do you prioritize IT investments to ensure support for growing volumes of data and still meet your business users’ evolving requirements—such as competing more effectively, reducing IT costs, meeting compliance requirements, or anticipating changing market conditions? Read on.
    Learn more »
  • The Top 5 Server Monitoring Battles—and How You Can Win Them
    The role of servers in your organization has changed substantially—with their uses, requirements, and complexity all increasing dramatically in recent years. Many of the traditional tools and techniques that worked in the past don’t suffice any more. Consequently, server monitoring presents several critical battles in today’s demanding environments. This guide looks at some of the most pressing challenges administrators face in ensuring optimal server performance, and it offers insights into the tools and strategies required to address these demands.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments