Office 365 Vs. Google Apps: Evaluating Email Security
What have the cloud suite rivals done to address enterprise email security and related concerns such as compliance?
Office 365 Vs. Google Apps: Top 10 Enterprise Concerns
(click image for larger view and forslideshow)
Security remains a persistent question for potential cloud suite adopters, and with the debut of Microsoft Office 365 on Tuesday, one question from small and midsize businesses will no doubt be the cloud's reliability and security track record, especially for hosted email.
Interestingly, according to analysts, because many SMBs under-spend on IT--relative to larger enterprises--they may actually see significant security and uptime improvements by moving their email or documents to the cloud.
But for companies that want to look more closely at security--or for that matter, reliability--as a selection criteria, especially when evaluating GoogleApps versus Office 365, it can be tough to spot clear differences, despite recent outages of the Office 365 predecessor, Microsoft Business Productivity Online Standard Suite (BPOS).
"It's hard to tell who has the better security record and, of course, the other issue is it could change tomorrow," Guy Creese, a Gartner research vice president, said in an interview. The same goes for reliability and uptime, and not just for hosted email. "Amazon, for example, was blemish-free until just recently, and then it went down for at least a couple of days. So while track records offer some hints, I wouldn't consider them predictors of the future," he said.
Earlier this year, Google moved to distinguish itself from Microsoft by removing an exception for scheduled downtime from its 99.9% uptime guarantee. "Now, I think Google is certainly winning the PR battle, in its pitch of 'we include all downtime and we don't exclude planned downtime.' That was a relatively recent move for them, and ... they're making hay from that," said Creese.
Many businesses have concerns over the security of cloud services, but they're adopting SaaS anyway, at least for email, and Creese said he's seen a novel technique being used to add more security and reliability. "We see a lot of clients that are in the process of going to cloud email, but ... executives and executive vice presidents stay with on-premises email," he said. "The idea is that for people more inclined to work with company secrets, we'll keep those mailboxes in-house to preserve their content and avoid any huge issues if the cloud goes down.
"This very much plays to Microsoft's strengths, because they have both in-house and cloud servers, and with Exchange, they've done an excellent job of making it not obvious" about which type of server a user might be interacting with, said Creese.
Beyond security and reliability, there's the question of complying with regulations, and whether cloud-based emails can be easily retrieved for e-discovery requests or audit demands. Currently, one option is to use a hosted email archiving service, such as Sonian.com, which can help organizations respond to e-discovery or auditors' requests.
Microsoft, however, has been touting the e-discovery and compliance capabilities of Office 365. Likewise, Google has stepped up with its new Google Message Discover, which lets users retrieve relevant emails for e-discovery and compliance purposes. "Both systems for email--and email is the operative word--are relatively comparable," said Creese. "You can mark emails to be saved, execute hold orders, and both solutions are quite good there. However, that assumes you have a straightforward way to determine which emails to hold."
Businesses with more extensive e-discovery requirements, however, may need to pull cloud-based documents and emails in-house for storage and analysis, and that can be difficult, since hosted email vendors don't offer a straightforward way to download all emails stored on their servers. "If you're an enterprise, one way to get around this is to use MTA--message transfer agent--so instead of mail just going to a cloud server, you also have the mail go to an in-house server, so you always have an in-house copy," Creese said. One added benefit is that if the cloud email should go down, users could be quickly pointed to an in-house copy of all emails up to the moment of the outage. "It's a nice resiliency play, and that's why people originally figured it out," he said.
From an e-discovery perspective, however, while capturing emails from the cloud is relatively easy, "things quickly fall off after that," he said. "Because while you can do e-discovery in both systems, you can't easily do it for documents. In SharePoint, it would be a problem, with GoogleApps as well." On this front, one notable current "market hole" is the existence of some type of appliance or service that could harvest not just cloud-based emails, but also documents--across multiple versions--for compliance and e-discovery purposes, said Creese.
Security concerns--or not--aside, which businesses stand to benefit the most from moving their email, in part or in whole, to the cloud? Interestingly, potential cost savings will correlate with the current state of a business's email program. "When we talk to clients who are looking at cloud email, if they've virtualized their servers and really squeezed a lot of cost out of the system, when they look at cloud email, they may not save any money," said Creese. But for businesses that haven't yet virtualized their email, or that have email systems in relative disarray, the cloud might offer substantial savings. Not to mention, so far, an excellent security track record.
Security concerns give many companies pause as they consider migrating portions of their IT operations to cloud-based services. But you can stay safe in the cloud, as this Tech Center report explains. Download it now. (Free registration required.)
SaaS As Innovation Driver?Software as a service is the clear No. 1 way enterprises consume cloud. InformationWeek's SaaS Innovation Survey reveals three tips to get the most from SaaS: Make it a popularity contest. Have an escape plan. And remember that identity is the new perimeter.