Can cloud email be secure enough for enterprise?


Gmail has millions of users, and most of the people I work with have a personal gmail account, with few if any of them experiencing significant security issues. One thing that we have not explored as a company is using cloud based email, mainly out of security concerns. The CIO pointed out that LA had refused to allow the LAPD to use Google's email services in Apps for Government because they found it did not meet FBI CJIS requirements. Frankly, I assume that the main attack vector for email accounts is passwords, which is a problem that doesn't change significantly whether you are using your own server or a cloud based account. I guess it could be vulnerable during data transmission from the cloud server to the user too. Is there significantly more risk to cloud based email? Would you be comfortable with it for business use?

Answer this Question


4 total
Vote Up (22)

Colorado has started using a portal that adds additional levels of encryption to cloud based email to meet both HIPAA and CJIS standards. The state partnered with a company called Zix Corp (which I had never heard of before) to set it up. The contents of messages are encrypted and never readable when stored, and can only be read in the compose/read window of the logged-in user. In addition to encryption, the portal requires multi-stage authentication. I'm not sure what kind of cost we are talking about to do this, and it may not be particularly cost effective for private businesses.  On the other hand, a data breach is not particularly cost effective either!  

Vote Up (20)

Here's an article that looks at the risks of cloud based email from the perspective of defense contractors, but I think some of this applies to businesses as well.

Dangers of Cloud Based Email

"Issues/Risks With “Cloud Email”

Email and attachments can be stored anywhere in the world
Cloud email providers typically claim a license on all content including emails
There are security reports and unclassified but restricted information that can not be sent to these email accounts
Information assurance regulations in the DoD will preclude using cloud email
FISMA applies to DoD contractors and requires protection of government information
Cloud software is acceptable if the provider provides a warranty and security controls which most cloud email providers do not"

Agili Ron
Vote Up (18)

Hello Friends,

A swath of the largest enterprises are steering clear of public cloud services because of security fears, says a survey by the Open Data Center Alliance (ODCA). The ODCA is an association of large enterprise IT executives that formed two years ago. It's chartered with formulating industry requirements for the migration to cloud computing. ODCA members shy away from the cloud due to the risk of a breach, or the risk of running into regulatory and compliance rules.
Stokes talked about an ODCA survey, where 40 percent of respondents cited security as the No. 1 inhibitor to using cloud services, followed by application migration regulatory issues and cloud on-boarding. Stokes said customers, vendors and cloud providers all must agree to deliver standardized security levels across products and providers.

Thanks and Regards,
Agili Ron

Christopher Nerney
Vote Up (16)


The risks of cloud-based email certainly seem to be a matter of some debate. But a recent survey by Osterman Research shows that 59% of enterprises with at least 5,000 employees plan to have cloud-based email within two years, while 93% of smaller enterprises plan to go to the cloud in that same time frame. So despite reservations about where their email data will be stored or who has control over it, enterprises are moving toward considering cloud-based mail an acceptable risk.


Even if you think your enterprise must go to the cloud, then there's the matter of picking a cloud vendor. This article has some advice on what to look for and what to ask. 



Ask a question

Join Now or Sign In to ask a question.
To fill out its cloud services portfolio with policy and auditing controls, Ericsson is acquiring a majority stake in San Francisco enterprise services company Apcera.
Microsoft's playing off iOS 8 upgrade woes by offering to double your free OneDrive storage space--but only if you act fast.
The release of Delve, the first application to use Microsoft's Office Graph machine learning engine, will be remembered years from now as either the genesis of a revolutionary technology or as a fireworks-style launch that dazzled everyone only for a brief moment.
There's a new top dog in terms of contributions to OpenStack.
SAP is buying business-travel and expense software vendor Concur for about US$8.3 billion, in a bid to continue growing out its portfolio of cloud-based applications.
It's the end of an era at Oracle, as CEO Larry Ellison has been appointed executive chairman and CTO of the vendor, with co-presidents Safra Catz and Mark Hurd named co-CEOs.
Dropbox makes a series of improvements to its datastore API, including shared datastores, local datastores, and better webhooks.
Partnership will load Canonical's OpenStack on AMD's SeaMicro servers.
Microsoft is poised to release a major update to its Dynamics CRM and marketing applications in a bid to gain market share against rivals such as
Journalists, nurses and plumbers are among those who drink more coffee than people in technology
Join us: