Can cloud email be secure enough for enterprise?

blackdog

Gmail has millions of users, and most of the people I work with have a personal gmail account, with few if any of them experiencing significant security issues. One thing that we have not explored as a company is using cloud based email, mainly out of security concerns. The CIO pointed out that LA had refused to allow the LAPD to use Google's email services in Apps for Government because they found it did not meet FBI CJIS requirements. Frankly, I assume that the main attack vector for email accounts is passwords, which is a problem that doesn't change significantly whether you are using your own server or a cloud based account. I guess it could be vulnerable during data transmission from the cloud server to the user too. Is there significantly more risk to cloud based email? Would you be comfortable with it for business use?

Answer this Question

Answers

4 total
StillADotcommer
Vote Up (21)

Colorado has started using a portal that adds additional levels of encryption to cloud based email to meet both HIPAA and CJIS standards. The state partnered with a company called Zix Corp (which I had never heard of before) to set it up. The contents of messages are encrypted and never readable when stored, and can only be read in the compose/read window of the logged-in user. In addition to encryption, the portal requires multi-stage authentication. I'm not sure what kind of cost we are talking about to do this, and it may not be particularly cost effective for private businesses.  On the other hand, a data breach is not particularly cost effective either!  

jimlynch
Vote Up (19)

Here's an article that looks at the risks of cloud based email from the perspective of defense contractors, but I think some of this applies to businesses as well.

Dangers of Cloud Based Email
http://defense.about.com/od/BusinessOps/a/Dangers-Of-Cloud-Based-Email.htm

"Issues/Risks With “Cloud Email”

Email and attachments can be stored anywhere in the world
Cloud email providers typically claim a license on all content including emails
There are security reports and unclassified but restricted information that can not be sent to these email accounts
Information assurance regulations in the DoD will preclude using cloud email
FISMA applies to DoD contractors and requires protection of government information
Cloud software is acceptable if the provider provides a warranty and security controls which most cloud email providers do not"

Agili Ron
Vote Up (17)

Hello Friends,

A swath of the largest enterprises are steering clear of public cloud services because of security fears, says a survey by the Open Data Center Alliance (ODCA). The ODCA is an association of large enterprise IT executives that formed two years ago. It's chartered with formulating industry requirements for the migration to cloud computing. ODCA members shy away from the cloud due to the risk of a breach, or the risk of running into regulatory and compliance rules.
Stokes talked about an ODCA survey, where 40 percent of respondents cited security as the No. 1 inhibitor to using cloud services, followed by application migration regulatory issues and cloud on-boarding. Stokes said customers, vendors and cloud providers all must agree to deliver standardized security levels across products and providers.

Thanks and Regards,
Agili Ron

agiliron.com

Christopher Nerney
Vote Up (15)

 

The risks of cloud-based email certainly seem to be a matter of some debate. But a recent survey by Osterman Research shows that 59% of enterprises with at least 5,000 employees plan to have cloud-based email within two years, while 93% of smaller enterprises plan to go to the cloud in that same time frame. So despite reservations about where their email data will be stored or who has control over it, enterprises are moving toward considering cloud-based mail an acceptable risk.

 

Even if you think your enterprise must go to the cloud, then there's the matter of picking a cloud vendor. This article has some advice on what to look for and what to ask. 

 

 

Ask a question

Join Now or Sign In to ask a question.
When not busy helping to find new treatments for cancer, IBM Watson is helping to cook up a few new dishes as well.
Thanks to the cloud, the “as a service” trend is getting a little out of control
IBM continues to make the case for the nascent field of cognitive computing, showing off some Watson prototypes Thursday that could help speed scientific discovery in the medical field, by scanning large volumes of literature and data far more quickly then humans can, and suggesting possible leads.
NASA migrated 65 software applications, including its flagship NASA.gov website to the cloud in 22 weeks, and the space agency is still in the midst of a massive deployment to the cloud.
Is it crazy to pay $1300 for a Chromebook? Some reflections after a year and a half of living with Google's luxurious Pixel.
IBM announced late Wednesday that it's making its artificially intelligent computer system, Watson, available to researchers as a cloud service.
Technology companies make up almost half of the businesses ranked highest by their employees for culture and values in a new survey
Microsoft has extended the data loss prevention features in Office 365 so that they are available not only for its email tools but also for data in SharePoint Online and OneDrive for Business.
Salesforce.com's development teams are continuing their steady pace of improvements to the Salesforce1 mobile application, which first debuted at last year's Dreamforce conference.
Responding to the growth of enterprise software development teams, Microsoft will allow occasional contributors to access the Visual Studio Online project development environment at no cost.
randomness