Web Hosting And Domain Registration

E-mail Important?

This is a “white paper” we found totally explaining the use of e-mail in today’s business world.

Email is the single most important service to businesses today.

The average user spends an hour and 47 minutes per day using email [American Management Association].

With the advent of mobile devices, email is no longer tied to the office but is read, responded to and sent everywhere, all the time. As well as constantly checking email at work, most people check email whilst at home, whilst traveling, and even whilst on holiday. As many as 1/3rd of people aged 18-34 now check their email when they first wake-up, even before they visit the bathroom [Facebook Survey].

Ask most people which business service they couldn’t live without, and they’ll answer email. The rise of social networking has added to the number of emails sent and received, and with large amounts of multimedia content becoming the norm, the size of email messages has dramatically increased.

From a security perspective, the threat of spam, viruses and malware is here to stay. Companies that aren’t protected against these threats run a serious gauntlet of issues, not least of which being the danger of an uncaught virus wreaking havoc on a network.

Additionally, if a company’s email system is compromised and used to send outbound spam or viruses, the organization can find itself “blacklisted” and unable to send legitimate email to partners, suppliers and clients.

Government and industry regulations now require many companies to retain their electronic communications in a verifiable manner. And organizations that have been involved in litigation are only too aware of the burden of electronic discovery, and the importance of being able to conclusively demonstrate the content of historical email communications.

Additionally, due to the importance of email, many organizations and people now actively seek to retain their email messages indefinitely. With the huge growth in storage capacity on computers and corporate networks, people are less likely to delete email that might contain valuable information, and more likely to retain messages for future reference.

Together, these factors have led to new challenges for businesses managing email. Security threats are ever-present. Users are spending more time searching for information stored within old emails. Continuous access to emails is required, all the time. Even short outages of email services can leave users unproductive, and with no external email communication, business opportunities may be lost.

As a result, organizations are increasingly looking to protect themselves by making sure email is online, archived and fully protected 24 hours a day, 7 days a week.

How important is email?

One of the earliest services available on the Internet, electronic mail (email) was originally conceived for sending text based messages between users. Over time, email became the “killer app” of the Internet – with the ability for users of any technical ability to easily send messages with any contents and any manner of file attachments.

Most users view their email client software – most commonly Microsoft Outlook but with many other alternatives also available – not only as a tool for sending and receiving email, but also as their “trusted source” for keeping track of documents, presentations and spreadsheets, and requests for appointments.

Email client software is also frequently used for managing to-do lists and tasks, for keeping information about contacts, and for making notes. For many people, no other software is used as frequently. Outside of general correspondence, messages from customer relationship management (CRM) systems, telephone voicemail systems, external supply-chain systems, transaction processing, e-commerce and other business critical systems all rely on email for notifications.

The explosion in popularity of social networking has created yet another reason for email communications, since people now receive frequent updates from both friends and business contacts through email. In summary, email has become the de-facto standard for communication within virtually all organizations and is widely relied on.

How much is email used?

Email is the single most used application for the business user. In research, 26% of an individual’s time was spent checking, reading and sending emails [Radicati Group]. That’s well over 2 hours a day – more time than is spent on the telephone or using social networking combined.

15% of Americans claim to be addicted to email [AOL Survey]. Certainly, research shows that 62% of people admit to regularly checking work email over the weekend whilst at home, and 50% of people confess to checking email whilst on holiday, 78% of this checking being through mobile devices (AOL Survey).

The number of emails sent worldwide is 294 billion messages per day, and some 90 trillion email messages per year. The typical business user sends 43 emails per day, and receives 130 [Radicati Group].

Disturbingly, 90% of these billions of emails sent are spam and viruses [Nucleus Research]. For companies not protecting themselves against these threats, there is a very high chance they’ll suffer damage in one way or another.

How much storage does email require?

The average size of an email is now 75KB [About.com]. Whilst the majority of email messages are still short and text based in nature, many messages contain images and formatting information in addition to mere text.

Newsletters and other marketing emails typically contain both text and HTML versions of their contents, along with inline images, increasing the size of the average email message as they grow in prevalence.

People also frequently use email to send a wide variety of file types. Even though more efficient and more secure alternative methods are available to transfer files, the convenience of simply attaching files to an email message has made email the most popular method for sending large documents. With email attachments reaching as much as 10 or 20 MB in size, significant capacity is required to both transmit and store the associated messages.

These figures relate to legitimate emails and do not consider the 90% of emails that are spam and viruses, further adding to the amount of processing power and storage capacity required to manage email communications.

Why is there a need for email security?

While most individuals consider spam emails a nuisance, for businesses it is a much greater concern. With 90% of all emails being spam and viruses, research shows that without any protection in place, lost employee productivity from dealing with spam will cost businesses a minimum of over $1,000 per worker per year [Nucleus Research].

There is the added risk that if a virus is received by email, and infects an employee’s computer, then it may cause loss of data and at least loss of productivity. Further, the virus will try to replicate itself – often sending messages to the contents of a user’s address book, or by trying to connect to other devices on the network. Frequently a virus or other malware on an infected workstation will be used to send out spam from an organization’s network without their being aware of the activity.

Quite apart from the damage done to an organization’s reputation when suppliers, clients and prospective clients receive spam messages from a business in this way, the business itself can end up being “blacklisted”. This occurs when an email server is identified as a source of spam messages (including those generated by a virus-infected PC), with the effect that other email servers will subsequently reject legitimate messages from that server and that organization. The process of getting removed from an email blacklist is extremely time consuming and difficult; often the reputation of that mail server or domain will be harmed for a long time.

Many organizations now deploy spam and virus filtering on their email servers. Whilst this has the benefit of reducing the levels of junk mail that end users see in their inboxes, the email message is still being sent through the company’s network, received by the email server, and processed as any other message before it is classified as spam. This may have the effect of slowing down the processing of legitimate email, and that spam message is typically also stored on the company’s email server along with legitimate email. If a company is retaining emails for legal or regulatory compliance, this can add massive overhead to storage requirements.

Why is there a need to archive and backup email?

Many countries now place legal or regulatory requirements on email. Organizations that are heavily regulated, such as those in the financial or legal industry, must archive all inbound and outbound emails.

Quite apart from the requirements to archive email for legal or regulatory compliance, the majority of users now use email as a storage system – deleting few messages, and instead attempting to keep their emails for potential future reference.

Given the growing quantity of emails received each day and the increasing size of an average email message, this requirement to retain old emails can put a significant strain on storage systems. For many businesses, the storage requirement for email backup no longer grows annually, but quarterly. Whilst the cost of storage space has fallen considerably, the continuous need to backup systems, and to monitor and regularly verify the backup procedure, is an on-going load for the IT department.

Additionally, there is a significant distinction between backup and archive. A backup provides a point in time snapshot of the data on the customer’s mail server. If there is a problem with an organization’s mail server, the email data may be recovered from the backup. However, if a user wants to retrieve a message that was deleted, or if an organization is trying to locate messages that are no longer part of their message store, a backup will not help.

Furthermore, a backup is not verifiable evidence of email communications in the event of litigation or other disputes – only an archive solution that provides verifiable evidence of the date and contents of a given message will satisfy those requirements. Last but not least, a backup does not facilitate a search for historical messages. Nor do most mail servers include this functionality.

Technologies enabling swift searching of large amounts of data are ever improving, but without this technology in place specifically for an email system, individuals and organizations are left spending considerable time searching for old emails. In cases where the IT department does not offer a comprehensive solution to email archiving and backup to their users, the users themselves often make their own arrangements. This might be by way of storing emails locally on their computers or laptops, in an uncoordinated fashion completely separate from any centralized email system. These methods of backup are unreliable and insecure, with the number of laptops reported stolen or lost growing daily, including many high-profile cases reported in the press. Furthermore, for legal or regulatory compliance, these individual backups scattered throughout an organization create a logistical nightmare.

Without a centralized repository for the message storage, it can be extremely difficult to find relevant messages, particularly when a local backup is lost or an employee leaves a company.

In short, organizations need both a backup solution that can help to restore data after the failure of a mail server, and an archive solution that provides a verifiable record of email communications as well as a centralized and reliable means to access and search historical messages, including those that were subsequently deleted from the mail store.

What happens when email is unavailable? Modern email systems are considered reliable, although 26% of Small and Medium Sized Businesses still suffer almost 30 minutes of unplanned downtime each month, and half of those organizations reported unplanned downtime of 2 hours+ each month. [Osterman Research Group]

This is quite apart from planned downtime – where email services are unavailable due to necessary upgrades, patches and security fixes. With 26% of a typical worker’s day being spent working on email, any unplanned downtime can have a significant impact on productivity.

Workers suffer with being unable to find the information they require readily; find lack of email a significant roadblock to external communication with suppliers and clients; and indicate that they spend as much time catching up on email when service is restored as passed during the outage itself.

The effect of any email outages on an internal IT department can be considerable. Due to the critical nature of email systems, staff in the IT department will be compelled to drop what they are doing and work on the emergency at hand. Other work is delayed, and IT staff may spend whole days absorbed by responding to the after-effects of an outage, even after email services are restored. Where email is unavailable for extended periods, the costs are multiplied. It is not uncommon to see a 100% loss in productivity if a department or entire organization is sent home due to unplanned email downtime. Such is the reliance upon email systems in modern business.

Mobile workers are also significantly impacted by even short periods of email downtime. With email replacing telephone as the primary means of communication, mobile workers can be severely disrupted when email is not available. This can particularly affect people who work during short windows of opportunity for communication, such as in between meetings. The impact of downtime on a business’s reputation can be significant.

The most common worry for businesses during an email outage is that the downtime may impact communications with prospects or pending orders. When suppliers or clients receive a “bounced” email message as a result of an email outage, it undermines confidence in a business. When a prospective client receives the same “bounced” response, they often won’t re-send the email at all. Even if no bounce messages created, a delay in receiving an important email can result in lost business.

When email is unavailable, many workers look to alternative methods of communication. This can include sending faxes, and using personal web-mail systems such as Hotmail and Gmail. Sensitive information sent outside the corporate email system via these mediums can be insecure.

In October 2009, 21 million people and businesses using the Hotmail service were warned their data was potentially at risk after passwords to the system were acquired illegally. Faxes can very easily be read by unintended recipients, making it a very poor system for sending sensitive information. And comparably few people have ready access to a fax machine.

Additional, all messages sent by these methods will bypass the organization’s archive and retention policies, creating a compliance issue for companies subject to regulation. Clearly, an email outage can have far reaching effects – in lost productivity, harmed communications with customers and prospects, potential security ramifications, and in the risk of lost business.

Understanding how to protect your business email The first step to protecting your organizations email services is to answer the following questions.

What are email outages currently costing your business?

The cost of an employee being unproductive during an email outage is a “soft” cost. That is to say, because the business is not actually writing a check for this cost, it is tempting to ignore it when calculating costs.

As we’ve discussed, there is a real and significant cost to a business of employees being unable to access email. Do you have a Disaster Recovery plan? Some businesses have a Disaster Recovery (DR) plan that includes how the business will cope if struck by a natural disaster, fire, theft or loss of building. These plans should include IT systems such as email and how a company will cope without these services.

If you have a Disaster Recovery plan, consider how you would cope as a business without email, and incorporate contingency plans into your DR plan. If your business does not have a Disaster Recovery plan, creating a strategy for tackling email continuity can be both the first and a significant step towards creating your own DR plan.

What are the Regulatory and Legal Requirements Seek more information of the regulatory and legal requirements that are placed upon your business, dependent upon its location and the nature of the business. Often, this will dictate the requirements and scope of any system that you need to implement for email retention.

Do you need an agile Email solution? When considering an email security and continuity plan, consider “future proofing” it. If your business were to grow, could your email grow with it? Even replacing a single email server can be a time consuming migration, causing downtime and loss of services.

Would an email continuity platform help alleviate any of these migration pains? If your organization were to acquire or merge with another organization, could your email system quickly be adapted to this purpose? Can you ensure the organizational knowledge in email is retained? 60% of critical information within a company is contained within email [Radicati]. Yet many companies do not have the ability to easily search through this knowledge, particularly after employees have left the organization.

Additionally, the time an active employee spends searching for information within email should be considered. How much more productive would an employee realistically be if they could find the information they wanted from email quickly and easily. When determining a Return-on-Investment (ROI) on any system or process that prevents email downtime and provides archive solutions, it is prudent to include these costs. What is your solution for email security, and is it integrated with your solution for continuity and archive?

Almost all companies have some form of spam and virus detection. However, such solutions are often hardware or software point solutions that are separate from any solutions for email continuity or email archive. Using different, non-integrated solutions for spam and virus protection, a backup system for email continuity, and an email archive solution, can greatly increase the initial investment necessary along with the ongoing management time and costs compared to a single integrated solution. The difference is magnified when considering the learning curve, time and costs for employees of learning to use two or three different systems instead of one.

Potential Solutions

Given the factors discussed in this document, an email management solution for organizations should encompass three different elements:

1) Email security – to provide robust, comprehensive defense against email borne spam, viruses, and other threats

2) Email continuity – to provide organizations with continued access to their email in the event that their own infrastructure is off-line

3) Email archive – to provide organizations with reliable, secure storage of all of their historical communications, for subsequent search and retrieval

The options for meeting these goals can broadly be split into three categories. Software Solutions Typically installed on the same server that is used for email services, or on another server that is locally connected to the main email server, a software solution can at first glance appear to be the least expensive approach, especially if older server hardware can be repurposed. This solution does suffer from the fact it is hosted inside the company’s premises, if not on the mail server itself. This means that spam and virus emails will be downloaded to the server before being processed, potentially slowing down the process of legitimate email and adding storage overhead.

It is also a single point of failure, susceptible to any problems with the server running the anti-spam/antivirus software. FAs an archive solution, a software approach is also less than ideal, as the archived messages will typically be stored in the same datacenter or server closet as the primary mail server – meaning that a fire, earthquake, flood, or other local issue could impact the archive along with the primary mail server. A software solution can also be the most expensive solution to manage on a longer-term basis, as IT staff in-house need to maintain and monitor the underlying hardware as well as make ongoing configuration changes to the software itself.

Last but not least, a software solution cannot provide continuity in the event that primary mail server is off-line. And a software solution for spam and virus protection will typically not be integrated with a solution for email archiving. Appliance Solutions An appliance solution typically consists of a pre-built set of hardware running specialized software, specifically for the purposes of filtering and/or archiving email data. Appliances can be deployed to a wide variety of sites, as they are not directly tied to a mail server or operating system. They may also be easier to manage than a software solution. An appliance solution can be an expensive option, requiring an initial capital investment to cover both the software and hardware inherent in an appliance.

Additionally, an appliance will need to be replaced every few years, requiring time and expertise, as well as periodic additional capital investments. An appliance, like a software solution, will also have limited capacity and may not grow with the needs of an organization’s storage requirements.

Also similar to a software solution, the appliance represents a single point of failure. Appliances may also suffer from being stored on the same site as the businesses primary email service. In the event of a disaster involving fire, theft or loss of building – the appliance may suffer the same fate as the email server. Appliance solutions also may provide email security but not continuity or archive capabilities.

Indeed, an appliance has limited capabilities as a continuity solution, as it will be susceptible to the same network issues as the mail server itself. Cloud Based Services Cloud-based services, also known as Software-As-A-Service (SAAS) solutions, are hosted in the Internet (or “Cloud”). They benefit from being easy to deploy, and can be easily accessed from any location.

Good solutions are engineered to have multiple points of redundancy so that they will be always available on a 24x7x365 basis. A SAAS email security solution filters email for spam and viruses in the cloud, and delivers only legitimate emails to a business’s email server.

This reduces an organization’s bandwidth requirements as well as the processing requirements of its mail server. Cloud-based email security solutions can provide integrated continuity.

In the event of an issue with an organization’s email server, users can be re-directed to the Cloud-based service where they can from any location continue to send and receive email. This reduces the urgency to restore the on-premise solution, and makes migrations or changes that require downtime much more manageable. Cloud-based solutions also benefit from being a secure and trusted environment for sending outbound emails.

By delivering outbound messages through the cloud service, an organization can avoid being blacklisted, as outgoing emails are checked for spam and viruses, and would not be permitted past the 3rd party host – which stakes its reputation, and those of all its clients, on maintaining a healthy environment.

As an archive solution, a cloud-based solution offers geographic redundancy for the message storage, providing greater reliability compared to an on-site hardware or software solution. A cloud-based solution also automatically scales to meet a customer’s requirements, whether that is to provide additional protection in the event of a large spam run or denial of service attack, or to provide additional storage space for a growing email archive.

Generally, cloud solutions are the easiest and fastest solution to deploy – with minimal training required, no hardware or software to install or configure, and a 3rd party providing the infrastructure and assisting with deployment. Cloud-based services also benefit from being an Operating Expenditure (OPEX) as opposed to a Capital Expenditure (CAPEX), meaning little or no up-front investment and predictable on-going costs with no risk of obsolescence.

Last but not least, a cloud-based solution can provide a single integrated answer for email security, email continuity, and email archive – saving money and time for both administrators and end users. Longer term, cloud-based solutions may appear more expensive than on-premise solutions, due to their ongoing monthly costs.

However, those costs include all the infrastructure necessary to provide reliable and seamlessly scalable services, which has the result of reducing other expenses for the business – namely those for network bandwidth, IT staff time, hardware and software costs, and of course the on-going periodic costs in maintaining and upgrading on-premise hardware and software over time.

Conclusion The author of this White Paper concludes that a Cloud-based, integrated email security, continuity, and archive solution is the best solution for the majority of businesses.

A Cloudbased solution is ultimately the fastest and easiest to deploy, provides the most effective continuity options, offers the potential to grow with the business, and reduces both the time and cost of on-going maintenance requirements.