Can cloud email be secure enough for enterprise?


Gmail has millions of users, and most of the people I work with have a personal gmail account, with few if any of them experiencing significant security issues. One thing that we have not explored as a company is using cloud based email, mainly out of security concerns. The CIO pointed out that LA had refused to allow the LAPD to use Google's email services in Apps for Government because they found it did not meet FBI CJIS requirements. Frankly, I assume that the main attack vector for email accounts is passwords, which is a problem that doesn't change significantly whether you are using your own server or a cloud based account. I guess it could be vulnerable during data transmission from the cloud server to the user too. Is there significantly more risk to cloud based email? Would you be comfortable with it for business use?

Answer this Question


4 total
Vote Up (16)

Here's an article that looks at the risks of cloud based email from the perspective of defense contractors, but I think some of this applies to businesses as well.

Dangers of Cloud Based Email

"Issues/Risks With “Cloud Email”

Email and attachments can be stored anywhere in the world
Cloud email providers typically claim a license on all content including emails
There are security reports and unclassified but restricted information that can not be sent to these email accounts
Information assurance regulations in the DoD will preclude using cloud email
FISMA applies to DoD contractors and requires protection of government information
Cloud software is acceptable if the provider provides a warranty and security controls which most cloud email providers do not"

Vote Up (16)

Colorado has started using a portal that adds additional levels of encryption to cloud based email to meet both HIPAA and CJIS standards. The state partnered with a company called Zix Corp (which I had never heard of before) to set it up. The contents of messages are encrypted and never readable when stored, and can only be read in the compose/read window of the logged-in user. In addition to encryption, the portal requires multi-stage authentication. I'm not sure what kind of cost we are talking about to do this, and it may not be particularly cost effective for private businesses.  On the other hand, a data breach is not particularly cost effective either!  

Agili Ron
Vote Up (13)

Hello Friends,

A swath of the largest enterprises are steering clear of public cloud services because of security fears, says a survey by the Open Data Center Alliance (ODCA). The ODCA is an association of large enterprise IT executives that formed two years ago. It's chartered with formulating industry requirements for the migration to cloud computing. ODCA members shy away from the cloud due to the risk of a breach, or the risk of running into regulatory and compliance rules.
Stokes talked about an ODCA survey, where 40 percent of respondents cited security as the No. 1 inhibitor to using cloud services, followed by application migration regulatory issues and cloud on-boarding. Stokes said customers, vendors and cloud providers all must agree to deliver standardized security levels across products and providers.

Thanks and Regards,
Agili Ron

Christopher Nerney
Vote Up (11)


The risks of cloud-based email certainly seem to be a matter of some debate. But a recent survey by Osterman Research shows that 59% of enterprises with at least 5,000 employees plan to have cloud-based email within two years, while 93% of smaller enterprises plan to go to the cloud in that same time frame. So despite reservations about where their email data will be stored or who has control over it, enterprises are moving toward considering cloud-based mail an acceptable risk.


Even if you think your enterprise must go to the cloud, then there's the matter of picking a cloud vendor. This article has some advice on what to look for and what to ask. 



Ask a question

Join Now or Sign In to ask a question.
Borrowing a page from the recently revised Microsoft playbook, development tools maker Telerik has released as open source the bulk of its Kendo software library of components for building Web and mobile applications
Although Exadata is Oracle's most popular and mature "engineered system," some customers implementing the database machine are making mistakes that prevent them from getting the most performance out of the expensive product, according to a veteran of many Exadata projects.
Sure, you’ve changed a bunch of passwords, but are you doing all you can to protect yourself?
Google did little during its first-quarter earnings report to shush critics who say its Enterprise unit is a second-class citizen in its kingdom.
Red Hat has successfully grown Linux into an enterprise platform, now it's looking to do the same with OpenStack
SAP reported a strong growth in cloud revenue and fast adoption of its HANA platform in the first quarter, while its software revenue dipped from the same quarter in the previous year.
The amount of electronic information (e.g., documents, images, emails, videos) organizations produce is staggering. Storing all your digital data in your data center can be expensive. That's why cloud storage -- which often comes at a fraction of the cost of storing the information on-premises -- has become increasingly popular.
Big data analytics are driving rapid growth for public cloud computing vendors with revenues for the top 50 public cloud providers shooting up 47% in the fourth quarter last year to $6.2 billion, according to Technology Business Research Inc.
Oracle has issued a comprehensive list of its software that may or may not be affected by the OpenSSL (secure sockets layer) vulnerability known as Heartbleed, while warning that no fixes are yet available for some likely affected products.
According to a new dataset, the big names in technology lag well behind actors, politicians and athletes in terms of global cultural significance

White Papers & Webcasts

See more White Papers | Webcasts

Join us: