email

Email Management Considerations

October 13, 2014

Introduction

Email has become a vital piece of corporate infrastructure although it often receives less attention than systems running other core business functions. Recent virus attacks have highlighted how reliant companies are on their email service.

Email is particularly vulnerable to any IT infrastructure failures in addition to specific challenges such as spam, virus attack and other security issues. As a key component for both external and internal communications, any service issues affecting email immediately impacts on a company’s ability to function.

Email volumes will continue to grow exponentially, spam will become an increasingly large issue and virus writers will become more cunning. This means that in order to continue to provide a high level of email service, the corporate IT department is going to have to allocate more and more specialist resources to running its email system. And this is at a time when the pressures of the economy are such that many businesses need to focus more on their core areas of expertise and competence.

This dilemma can be addressed by utilizing on an outside supplier to provide and manage email services. However, the challenge for companies will be to manage the balance between their internal resources and the services they have outsourced. This re-emphasizes the need to find reliable partners with the necessary expertise and who will deliver agreed service levels.

What is clear is that corporate email systems need specialist skills and are going to require more, not less resources as the reliance on email continues to grow.

Considerations for Email Management

In-house Managed Email Managed Email Service. Pros and cons of running an email system in-house vs. using an external managed service provider.

Pros

 Control over tools, content and updates

 Prioritize based on business drivers

 Grow internal skill and knowledge

 Easier integration with other systems

Pros

 Access to specialized skills

 More reliable and flexible service

 Predictable lower costs

 Focus on core business

Cons

 Finite resources with email skills

 No penalty based SLA

 Downtime caused through lack of focus

 Constant re-training needed to stay current

 Threat to knowledge base from staff turnover

Cons

 Negative perceptions within IT department

 Administrative overhead of communication

 Loss of in-house competence

Key Issues Relating to Email Management

Control of Viruses

Of all the issues relating to running an email system, dealing with the threat of virus attack is very high up on every organization’s priority list. We find that there is almost universal adoption of some sort of anti-virus process or product within the business community. The impact of virus attack on a company can be disastrous. Firstly there is the disruption to ongoing business while the impact of the virus attack is dealt with (user downtime, cleaning user PCs and so on), then there is the impact on business partners to whom the virus may have passed. This has in the past been measured in terms of minor embarrassment ranging to major lost contracts and long-term damage to a company brand. The commercial estimates relating to the damage done by viruses vary greatly. However all agree that virus damage and the ensuing clean up is costing British businesses billions of pounds each year.

All agree that protecting an organization against becoming the victim of a virus attack and in turn preventing the organization from propagating the virus attack is now a business critical function. Viruses are mainly distributed through email. Some are attachments to emails; others are included in the body of the email itself. Additionally viruses can be passed by accessing or downloading from websites, but this method is a relatively minor consideration compared to email transmission.

The solutions that organizations have implemented fall broadly into the following categories:

Total Outsourcing

By having an external organization take on responsibility for scanning all inbound and outbound email, a company is able to be comfortable in the knowledge that a professional is acting on their behalf. A specialist organization is working round the clock to ensure that viruses are kept at bay. Companies that have subscribed to this approach report an excellent level of service, with near 100% protection from viruses. However this does come with two downsides. Firstly, the cost of this service – typically around $1 per user per month. Secondly, the incidence of “false positives” – a false positive is where an email is wrongly diagnosed as having a virus attached or embedded. This becomes a problem if the email in question is of a critical nature and the process for dealing with the “false positive” results in a lengthy delay in delivering the message to the recipient.

A final consideration in this approach is that it does not prevent a virus from propagating around an organization should it manage to penetrate the outer defenses. It is this consideration that leads many companies to continue to run anti-virus protection on individual PCs and servers even though they are paying another organization to protect them.

In summary, this approach is well received by those using it. It is very effective at preventing viruses from penetrating into an organization but does not provide any protection should a virus be introduced by other means such as a user’s private webmail account. This therefore cannot be regarded as the complete solution for protecting a company from virus attack.

Pros:

Excellent at trapping viruses, uses multiple different engines – constantly updated against the latest viruses and provided as a managed service so no dependency on company IT staff.

Cons:

Does not protect against a virus propagating around a company once penetrated. In-house Server Based Virus Protection

This is by far the most common approach to protecting companies against virus attack. The anti-virus software is installed on all email servers and scans the emails passing through the server, quarantining any that it identifies as containing a virus.

As this approach is in-house, its success depends on the vigilance, capability and availability of the company’s IT department staff. Applying latest updates against new viruses is an hourly function and although automated, requires checking regularly. Server based virus prevention is also limited to one product (running multiple anti-virus products on the same server can make them both identify each other as a virus, due to the way they function!), which leads to a selection process where technical requirements may lose out to commercial considerations. Furthermore, different anti-virus vendors may be more successful than others in combating different viruses, so having more than one product running would provide enhanced protection.

Pros:

Prevents spread of viruses within an organization as well as providing protection from inbound and outbound viruses.

Cons: Limited to one vendor’s approach. Reliant on the IT department to monitor, manage and apply updates constantly. Adds overhead to IT staff in dealing with quarantined messages. This approach allows viruses to penetrate a company’s network before being trapped. Increasingly complex viruses may exploit this vulnerability.

Client PC Based Protection

Client based virus protection is generally regarded as an adjunct to another approach or for mobile workers.

Pros:

Protects the client PC.

Cons:

Dependant on the user to setup and manage updates.

Only protects the client PC.

Does not protect servers or other network infrastructure.

Summary

Protecting an organization from the threat of viruses is paramount. Email communication is now business critical in most companies and being without it for any length of time starts to cost the company competitiveness, money and employee productivity. The business case for providing virus protection does not need proving. However, the level of protection that a company deems cost effective needs reviewing.

Whilst the majority of organizations are using server based virus protection, their reliance on one vendor and busy internal IT staff to run the service offers opportunities for breach by new viruses and the potential that new types of virus can do damage prior to being identified by the email server.

An approach that hands primary protection to a specialist who will trap and remove viruses prior to them ever arriving at your network is definitely the way of the future. Such an organization will be acting for many companies and so will have specialist knowledge that it is impossible to justify developing within a company’s IT department. However, reliance on a third party provider has limitations around preventing the internal spread of a virus that is introduced through other means (infected CD-ROM, Internet download, etc), so retaining server and client PC based virus protection is also recommended as a backup measure.

www.bestitdocuments.com