Overview
• Off-site hosting of groupware systems and mail stores (Exchange, POP/IMAP, etc.)
•
The filtering layer is almost always outsourced before the groupware layer. This can be done with the same or different cloud provider.
Critical Things
to Consider
In addition
to
the key considerations outlined in table 1, other important questions to consider before out- sourcing this layer to the cloud include:
•
Does your business
have enterprise message routing requirements? Most large organizations have fairly complex routing
requirements that are difficult to implement and manage if
your groupware system is hosted. For example, many enterprises, especially those with multiple domains, often have complex ‘message manipulation’ requirements. These include
things such as address header rewriting before delivering
messages. They have enterprise routing requirements that must rely on
sensitive Directory attributes to enforce. This level of
message header manipulation and intelligent routing is difficult to implement in the cloud. In these cases an external gateway and/or an on-premises email backbone policy layer is always required; however, even then, message traffic between your organization and the cloud provider will
increase substantially.
•
Does your organization require sending of large messages
and attachments that you know of? Even the large cloud providers such as Google have restrictions on the size of messages that it will handle. For example, pharmaceutical companies require the sending of very large messages.
•
Does your company have strict archiving
policies? Most enterprises, especially those that are highly regulated, have strict email archiving
policies that are difficult to implement in the cloud. For example, financial services firms require that all email destined “outside the company” must be retained and messages between certain internal departments be archived. To accomplish this, LDAP attributes must be used to determine the correct policy on any given message. Is your company willing to give sensitive LDAP information to an external public cloud provider?
•
Do you want potentially
legal or damaging
email to
be archived, or even sitting in your end-users inbox, outside the control of
your organization?
•
Does your company have strict data retention policies? In the cloud, organizations lose control of data retention. While there may be options to make the data inaccessible to the customer after the retention policy, there is no control as to when the data is actually removed from all potential locations (databases, backups, logs, etc.). This can apply to messaging data as well as metadata such as logs.
•
What level of trust will you have with your cloud provider? While an organization may trust their cloud
provider, they may not know about other third-party
partners of that provider. For example, cloud providers may use external storage or back-up providers. You should be aware of any partnerships at the time
you establish a contract with the cloud provider, and you should be notified of
any new partnerships during the duration of
your contract.
What about confidentiality? With the potential loss of encryption capabilities with cloud services, all data flowing through the provider can be reviewed by the provider or possibly their business partners.
Conclusion and Recommendations
•
Enterprises have complex policy and email handling requirements that have proven to
be problematic to implement and enforce in
the cloud.
•
To effectively
enforce email
policies, enterprises will need to give up certain aspects of the messaging security and policy handling that they currently have with their on-premises solutions. More often than not, this is an unacceptable
proposition.
• In order to satisfy enterprise-level message policy and handling requirements, on-premises external
gateway and/or an on-premises email backbone policy layer is almost always required. If this is the case for your organization, and you outsource the
groupware layer, this effectively
means that the cloud provider is only hosting your message store
• To avoid any of these potential problems, Sendmail always recommends that you conduct a thorough Messaging Architecture Review before outsourcing your groupware layer to the cloud.