For IT departments, the decision to outsource any function is based on the interplay of three primary criteria: control, performance, and savings in terms of dollars and resources. Traditionally, both performance and control have been associated with in-house solutions—and for good reason! Many hosted services, including connectivity (VPNs, etc.), include a significant trade-off in the amount of control IT has over the service, as well as the performance of specific cloud-based security solutions. This has led many to perceive all hosted services as suffering from these twin maladies. Likewise, hosted solutions are associated with cost savings, since IT departments are intimately acquainted with the costs of deploying and maintaining new, complex technologies. IT managers ultimately seek to achieve the optimum balance of control, cost containment, and performance. Outsourced message management is a new animal—a hosted service that has better performance (including reliability) than an in-house solution, as well as a substantive level of control. Moreover, it retains the significant cost savings and ease of implementation associated with hosted services.
The reasons for this are clear: while maintaining full control of the process, internal IT departments must put forth substantial time and expense to build a sufficiently secure messaging network. Unlike networking or server maintenance, spam and virus expertise is not readily available to all organizations. Even for those organizations that have the resources to maintain in-house experts, these professionals are responsible for screening, processing, and storing messages on a daily basis, the amount of which can number in the millions. In addition, in most corporations, this responsibility includes several e-mail domains. The company also bears sole responsibility for security, policy definition, and enforcement, including the need to install and update spam filters, virus definitions, and encryption schemes, as well as hardware and software maintenance, capacity planning, and upgrades. One HSP has five experts evaluating spam and updating a rules database of more than 30,000 rules, adding 400 to 500 per day. Even the largest organizations may have issues justifying this cost. Additionally, the ability to do proper capacity planning covering hardware, software, and personnel can be challenging.
By way of comparison, outsourced or perimeter-based message management services are designed to ensure the integrity and security of e-mail before it enters the corporate network infrastructure, thus keeping all threats outside the network for evaluating and significantly reducing risk. The service delivery model requires no capital outlays for software and hardware and covers all maintenance and upgrade responsibilities and costs. Of course, a company must have absolute confidence in the HSP to entrust its business-critical e-mail messaging to a third party. This is a serious point of evaluation when considering an outsourced solution, since some HSPs lack financial stability and a reliable infrastructure. Likewise, services vary among HSPs, though some provide a complete range of messaging services, including spam and virus filtering and content and policy filtering, along with disaster recovery for both inbound and outbound e-mail.
While there are many points of comparison between in-house- and fully hosted solutions (see Figure 1), the three interrelated functional requirements below stand out as most important for an e-mail filtering solution. Strengths and weaknesses of each approach follow.
The effectiveness of blocking spam and viruses using in-house IT resources is a function of staff expertise and the quality of the filtering mechanisms. Most companies implement both antivirus and antispam products in that order, and often from different vendors. Integrating the two product sets can sometimes prove challenging. The products are either subscription-based or installed locally, and IT staff is responsible for the customization needed to provide more than off-the-shelf granularity. Moreover, unless IT staff is highly trained to understand the nature of e-mail–borne attacks, monitoring the enterprise infrastructure for these threats can often be a reactive process, rather than preventative. In this case, IT managers will find themselves fighting fires rather than actually having the protection they thought they had. In addition, IT staff is responsible for ensuring that antispam filters and virus definitions are up-to-date and deployed properly on all servers, routers, and desktop devices. Since spammers are always looking at ways to get around filters, the process of staying current requires an ever-increasing percentage of IT resources to maintain. At best, a medium-size enterprise will have to have at least one IT staff member dedicated solely to this function, which significantly adds to the cost of using an appliance or in-house software-based approach. IT departments are paying not only for the systems, but also for someone to maintain them.
| Functional Requirement | Premise-Based Solution | Perimeter-Based Solution | ||||||||||||||||||||
Protection and level of security |
|
|
||||||||||||||||||||
Ease of management and implementation |
|
|
||||||||||||||||||||
Reliability of architecture |
|
|
||||||||||||||||||||
Resiliency, flexibility |
|
|
||||||||||||||||||||
Confidentiality, compliance, trust |
|
|
||||||||||||||||||||
Flexibility, administration and control of message management function |
|
|
Table 1 - Side-by-side comparison of premise-based and perimeter-based solutions
Perimeter-based hosted solutions block spam and virus threats before they enter the enterprise network. Hosted services provide filtering on multiple levels for both spam and viruses while analyzing millions of messages daily. Using the information gathered from incoming messages, HSPs can identify current and new spam characteristics, enabling the HSP to build filters that are both more comprehensive and faster than premises-based alternatives.
Finally, like in-house systems, HSPs can quarantine spam if a client requests, but with an added advantage: an HSP's spam quarantine is hosted safely beyond the corporate network. The quarantine is set up similar to a Web-based e-mail service; messages flagged as spam can be reviewed to ensure they are not legitimate messages. Unlike in-house servers or appliances, managing quarantined mailboxes at the HSP level does not require additional hardware, create additional network congestion, or require IT administration.
In addition, when spam is kept on the corporate network, it takes up valuable storage and bandwidth space, which translates into hard dollars. One small law firm using a perimeter-based solution found that it was able to reduce its annual connectivity costs from $17,000 to $1,600 simply by implementing the service. Since all spam was kept outside the network, these messages never took up that valuable bandwidth. In-house solutions provide no such savings.