Cloud // Software as a Service
News
6/29/2011
12:02 PM
Connect Directly
RSS
E-Mail
50%
50%

Office 365 Vs. Google Apps: Evaluating Email Security

What have the cloud suite rivals done to address enterprise email security and related concerns such as compliance?

Office 365 Vs. Google Apps: Top 10 Enterprise Concerns
Office 365 Vs. Google Apps: Top 10 Enterprise Concerns
(click image for larger view and forslideshow)
Security remains a persistent question for potential cloud suite adopters, and with the debut of Microsoft Office 365 on Tuesday, one question from small and midsize businesses will no doubt be the cloud's reliability and security track record, especially for hosted email.

Interestingly, according to analysts, because many SMBs under-spend on IT--relative to larger enterprises--they may actually see significant security and uptime improvements by moving their email or documents to the cloud.

But for companies that want to look more closely at security--or for that matter, reliability--as a selection criteria, especially when evaluating GoogleApps versus Office 365, it can be tough to spot clear differences, despite recent outages of the Office 365 predecessor, Microsoft Business Productivity Online Standard Suite (BPOS).

"It's hard to tell who has the better security record and, of course, the other issue is it could change tomorrow," Guy Creese, a Gartner research vice president, said in an interview. The same goes for reliability and uptime, and not just for hosted email. "Amazon, for example, was blemish-free until just recently, and then it went down for at least a couple of days. So while track records offer some hints, I wouldn't consider them predictors of the future," he said.

Earlier this year, Google moved to distinguish itself from Microsoft by removing an exception for scheduled downtime from its 99.9% uptime guarantee. "Now, I think Google is certainly winning the PR battle, in its pitch of 'we include all downtime and we don't exclude planned downtime.' That was a relatively recent move for them, and ... they're making hay from that," said Creese.

Many businesses have concerns over the security of cloud services, but they're adopting SaaS anyway, at least for email, and Creese said he's seen a novel technique being used to add more security and reliability. "We see a lot of clients that are in the process of going to cloud email, but ... executives and executive vice presidents stay with on-premises email," he said. "The idea is that for people more inclined to work with company secrets, we'll keep those mailboxes in-house to preserve their content and avoid any huge issues if the cloud goes down.

"This very much plays to Microsoft's strengths, because they have both in-house and cloud servers, and with Exchange, they've done an excellent job of making it not obvious" about which type of server a user might be interacting with, said Creese.

Beyond security and reliability, there's the question of complying with regulations, and whether cloud-based emails can be easily retrieved for e-discovery requests or audit demands. Currently, one option is to use a hosted email archiving service, such as Sonian.com, which can help organizations respond to e-discovery or auditors' requests.

Microsoft, however, has been touting the e-discovery and compliance capabilities of Office 365. Likewise, Google has stepped up with its new Google Message Discover, which lets users retrieve relevant emails for e-discovery and compliance purposes. "Both systems for email--and email is the operative word--are relatively comparable," said Creese. "You can mark emails to be saved, execute hold orders, and both solutions are quite good there. However, that assumes you have a straightforward way to determine which emails to hold."

Businesses with more extensive e-discovery requirements, however, may need to pull cloud-based documents and emails in-house for storage and analysis, and that can be difficult, since hosted email vendors don't offer a straightforward way to download all emails stored on their servers. "If you're an enterprise, one way to get around this is to use MTA--message transfer agent--so instead of mail just going to a cloud server, you also have the mail go to an in-house server, so you always have an in-house copy," Creese said. One added benefit is that if the cloud email should go down, users could be quickly pointed to an in-house copy of all emails up to the moment of the outage. "It's a nice resiliency play, and that's why people originally figured it out," he said.

From an e-discovery perspective, however, while capturing emails from the cloud is relatively easy, "things quickly fall off after that," he said. "Because while you can do e-discovery in both systems, you can't easily do it for documents. In SharePoint, it would be a problem, with GoogleApps as well." On this front, one notable current "market hole" is the existence of some type of appliance or service that could harvest not just cloud-based emails, but also documents--across multiple versions--for compliance and e-discovery purposes, said Creese.

Security concerns--or not--aside, which businesses stand to benefit the most from moving their email, in part or in whole, to the cloud? Interestingly, potential cost savings will correlate with the current state of a business's email program. "When we talk to clients who are looking at cloud email, if they've virtualized their servers and really squeezed a lot of cost out of the system, when they look at cloud email, they may not save any money," said Creese. But for businesses that haven't yet virtualized their email, or that have email systems in relative disarray, the cloud might offer substantial savings. Not to mention, so far, an excellent security track record.

Security concerns give many companies pause as they consider migrating portions of their IT operations to cloud-based services. But you can stay safe in the cloud, as this Tech Center report explains. Download it now. (Free registration required.)

Comment  | 
Print  | 
More Insights
8 Steps to Modern Service Management
8 Steps to Modern Service Management
ITSM as we know it is dead. SaaS helped kill it, and CIOs should be thankful. Hereís what comes next.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Must Reads Oct. 21, 2014
InformationWeek's new Must Reads is a compendium of our best recent coverage of digital strategy. Learn why you should learn to embrace DevOps, how to avoid roadblocks for digital projects, what the five steps to API management are, and more.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
A roundup of the top stories and trends on InformationWeek.com
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.