Login  |  Register  |  Contact

Email Security

When was the last time you thought about your email security? Have you reviewed the vendors or the market lately? If not, it may be time. It is no surprise that the market is mature; read the collateral and the discussion has long since moved away from technology nuances- rather it is reputational risk reduction & business function continuity. It is no longer startups but some of the largest firms in security. And while not seeing a lot of growth in the segment, we are starting to see changes in how the services are delivered, and that is leading to some vendor swapping. What's more, these changes are so transparent that the effect on privacy and security is not always obvious.

I have been doing a surprising amount of investigation in the email security segment lately. Rich and I have a couple of projects in and around email security, I have a friend who works in this area and was asking some market related questions, I have been helping another friend analyze a prospective job with an email security company, and at Securosis we have gone through the selection process for a supplementary spam filter (Postini, if you were interested). The focus on this segment showed a subtle change in direction, and raised a couple of issues you may want to consider.

Every vendor claims 96-99% efficiency, and on any given week, delivers on that promise. Most offer inbound and outbound anti-virus, content scanning, image scanning, archiving, reporting and policy management. Want an appliance or software? No problem. Want it as a service?

It's a replacement market at this point, as every firm has some type of email security and filtering, either in-house or provided as a service. One company's new email security customer come at another vendor's expense. And there is a feeling that these offerings are a commodity. If you don't like the vendor or product you have today, the cost of a switch is far less than it used to be. The battle in email security today is between the entrenched appliances and "security in the cloud". And much like the AV market once it had reached this stage, changing providers can be a fluid event. Adding an extra layer of anti-spam at Securosis took a few minutes of work, and the cost is negligible. From a consumer standpoint, the ability to choose what I want and switch as needed shows the maturity of this space.

Appliances still rule the day, but with firms like Google (Postini) and Message Labs offering quality services, it appears to be this subsegment of the market that is making inroads. I am talking to a lot of customers who have a hybrid in place today, but many I speak with have not looked at their email security solution in years as it works, and so they just don't give it a lot of thought. Those who do find it an easy choice to adopt a hybrid model, with inbound spam and AV filtering to reduce the load on internal systems while they review their plans for the future. Once again, while there are few new customers to be won, there is quite a bit of switching between vendors going on, with services gaining share.

However the change from in-house appliance and software brings some considerations in the area of data privacy. Outsourcing your inbound spam filtering and adding an extra layer of AV seems like a good idea, and can take the strain off older infrastructure. And the switch can be so seamless and easy that often thought is not put into where the IP is actually going. As many of the email security providers offer outbound content analysis, leak prevention, and compliance assurance, you are by nature sending the data you want to protect offsite. While it is almost invisible to daily operations, there are ramifications and considerations for compliance and privacy. In my next post, I will discuss some of these considerations.

—Adrian Lane

Posted at Monday 29th September 2008 9:55 am Filed under: app securityemail securitysecurity in the cloud

Previous entry: Impact of the Economic Crisis on Security | | Next entry: Statistical Distractions

Comments:

If you like to leave comments, and aren't a spammer, register for the site and email us at info@securosis.com and we'll turn off moderation for your account.

By Allen Falcon  on  09/29  at  04:44 AM

Adrian,

This is a great analysis of the market.  We work with companies and Postini (now Google Message Security).  In our target—companies with <250 mailboxes—we still see folks moving from email add-ons to their AV solution to GMS.

One additional aspect for companies to consider is performance.  Across our customer base, 82-97% of all email is spam being sent to invalid email addresses.  While it will never show up in an inbox or quarantine, the inbound traffic consumes Internet bandwidth and places processing and storage loads on in-house servers. 

We see marked improvement in email and overall Internet performance when GMS takes spam and virus protection off the customer’s network and into the cloud.

Regards,
Allen

By Friday Summary | securosis.com  on  10/03  at  03:30 AM

[...] or practitioner- we’ll feel the effects of this crisis, but in a predictable way. * Adrian: Email Security. It’s getting cheaper, faster and easier to implement, but with some potential privacy issues [...]

Page 1 of 1 pages

Name:

Email:

Remember my personal information

Notify me of follow-up comments?

Submit the word you see below: