Can cloud email be secure enough for enterprise?

blackdog

Gmail has millions of users, and most of the people I work with have a personal gmail account, with few if any of them experiencing significant security issues. One thing that we have not explored as a company is using cloud based email, mainly out of security concerns. The CIO pointed out that LA had refused to allow the LAPD to use Google's email services in Apps for Government because they found it did not meet FBI CJIS requirements. Frankly, I assume that the main attack vector for email accounts is passwords, which is a problem that doesn't change significantly whether you are using your own server or a cloud based account. I guess it could be vulnerable during data transmission from the cloud server to the user too. Is there significantly more risk to cloud based email? Would you be comfortable with it for business use?

Answer this Question

Answers

4 total
StillADotcommer
Vote Up (20)

Colorado has started using a portal that adds additional levels of encryption to cloud based email to meet both HIPAA and CJIS standards. The state partnered with a company called Zix Corp (which I had never heard of before) to set it up. The contents of messages are encrypted and never readable when stored, and can only be read in the compose/read window of the logged-in user. In addition to encryption, the portal requires multi-stage authentication. I'm not sure what kind of cost we are talking about to do this, and it may not be particularly cost effective for private businesses.  On the other hand, a data breach is not particularly cost effective either!  

jimlynch
Vote Up (18)

Here's an article that looks at the risks of cloud based email from the perspective of defense contractors, but I think some of this applies to businesses as well.

Dangers of Cloud Based Email
http://defense.about.com/od/BusinessOps/a/Dangers-Of-Cloud-Based-Email.htm

"Issues/Risks With “Cloud Email”

Email and attachments can be stored anywhere in the world
Cloud email providers typically claim a license on all content including emails
There are security reports and unclassified but restricted information that can not be sent to these email accounts
Information assurance regulations in the DoD will preclude using cloud email
FISMA applies to DoD contractors and requires protection of government information
Cloud software is acceptable if the provider provides a warranty and security controls which most cloud email providers do not"

Agili Ron
Vote Up (16)

Hello Friends,

A swath of the largest enterprises are steering clear of public cloud services because of security fears, says a survey by the Open Data Center Alliance (ODCA). The ODCA is an association of large enterprise IT executives that formed two years ago. It's chartered with formulating industry requirements for the migration to cloud computing. ODCA members shy away from the cloud due to the risk of a breach, or the risk of running into regulatory and compliance rules.
Stokes talked about an ODCA survey, where 40 percent of respondents cited security as the No. 1 inhibitor to using cloud services, followed by application migration regulatory issues and cloud on-boarding. Stokes said customers, vendors and cloud providers all must agree to deliver standardized security levels across products and providers.

Thanks and Regards,
Agili Ron

agiliron.com

Christopher Nerney
Vote Up (14)

 

The risks of cloud-based email certainly seem to be a matter of some debate. But a recent survey by Osterman Research shows that 59% of enterprises with at least 5,000 employees plan to have cloud-based email within two years, while 93% of smaller enterprises plan to go to the cloud in that same time frame. So despite reservations about where their email data will be stored or who has control over it, enterprises are moving toward considering cloud-based mail an acceptable risk.

 

Even if you think your enterprise must go to the cloud, then there's the matter of picking a cloud vendor. This article has some advice on what to look for and what to ask. 

 

 

Ask a question

Join Now or Sign In to ask a question.
IT leaders need to learn how to manage the evolving legal, privacy and compliance issues of SMAC contracts.
California is moving its IT services to a cloud, on-demand, subscription-based service that state officials believe may meet as much as 80% of its computing needs.
Microsoft has begun boosting the free allowance of its OneDrive cloud-based storage service to one terabyte for subscribers to consumer and college student Office 365 plans.
IBM is offering a potentially powerful incentive in its attempts to entice organizations to move supercomputing jobs to the cloud: a high-speed network communications link called InfiniBand.
Businesses don't have to use Sprint's network or even Android devices.
Dropbox will continue beefing up the business version of its cloud storage and file sharing service, adding security features to shared links, full-text search capabilities and new tools for enterprise developers.
Big Switch Networks this week is unveiling an SDN controller designed to bring Google-like hyperscale networking to enterprises.
Strong sales of cloud products to businesses helped lift Microsoft's revenue by 18 percent last quarter, though its profits declined.
Following through on promises from new CEO Satya Nadella, Microsoft continues to add support for non-Microsoft technologies, allowing them to run well on the company's Azure cloud hosting platform.
Researchers have concluded that those billions of connected devices could help save lives in the event of disaster, even one that knocks out the Internet