Nuffnang

Monday, December 10, 2012

Outsourcing the Groupware Layer to Public Cloud



Overview
Off-site hosting of groupware systems and mail stores (Exchange, POP/IMAP, etc.)

The filtering layer is almost always outsourced before the groupware layer. This can be done with the same or different cloud provider.

Critical Things to Consider
In addition to the key considerations outlined in table 1, other important questions to consider before out- sourcing this layer to the cloud include:

Does your business have enterprise message routing requirements? Most large organizations have fairly complex routing requirements that are difficult to implement and manage if your groupware system is hosted. For example, many enterprises, especially those with multiple domains, often have complex message manipulation requirements. These include things such as address header rewriting before delivering messages. They have enterprise routing requirements that must rely on sensitive Directory attributes to enforce. This level of message header manipulation and intelligent routing is difficult to implement in the cloud. In these cases an external gateway and/or an on-premises email backbone policy layer is always required; however, even then, message traffic between your organization and the cloud provider will increase substantially.
Does your organization require sending of large messages and attachments that you know of? Even the large cloud providers such as Google have restrictions on the size of messages that it will handle. For example, pharmaceutical companies require the sending of very large messages.
Does your company have strict archiving policies? Most enterprises, especially those that are highly regulated, have strict email archiving policies that are difficult to implement in the cloud. For example, financial services firms require that all email destined outside the company must be retained and messages between certain internal departments be archived. To accomplish this, LDAP attributes must be used to determine the correct policy on any given message. Is your company willing to give sensitive LDAP information to an external public cloud provider?
Do you want potentially legal or damaging email to be archived, or even sitting in your end-users inbox, outside the control of your organization?
Does your company have strict data retention policies? In the cloud, organizations lose control of data retention. While there may be options to make the data inaccessible to the customer after the retention policy, there is no control as to when the data is actually removed from all potential locations (databases, backups, logs, etc.). This can apply to messaging data as well as metadata such as logs.
What level of trust will you have with your cloud provider? While an organization may trust their cloud provider, they may not know about other third-party partners of that provider. For example, cloud providers may use external storage or back-up providers. You should be aware of any partnerships at the time you establish a contract with the cloud provider, and you should be notified of any new partnerships during the duration of your contract.



 What about confidentiality? With the potential loss of encryption capabilities with cloud services, all data flowing through the provider can be reviewed by the provider or possibly their business partners.

Text Box: W H I T E  PA P E RConclusion and Recommendations
Enterprises have complex policy and email handling requirements that have proven to be problematic to implement and enforce in the cloud.
To effectively enforce email policies, enterprises will need to give up certain aspects of the messaging security and policy handling that they currently have with their on-premises solutions. More often than not, this is an unacceptable proposition.
In order to satisfy enterprise-level message policy and handling requirements, on-premises external 
gateway and/or an on-premises email backbone policy layer is almost always required. If this is the case for your organization, and you outsource the groupware layer, this effectively means that the cloud provider is only hosting your message store
To avoid any of these potential problems, Sendmail always recommends that you conduct a thorough Messaging Architecture Review before outsourcing your groupware layer to the cloud.