Essential email security …business requirements and competitive landscape


Published on

Email security is essential. Email communications provide for efficient and effective collaboration and are extremely important as business records, yet they have long been the target of criminals looking to spread malware and steal the information that they contain.

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Essential email security …business requirements and competitive landscape

  1. 1. InComparison Essential email security …business requirements and competitive landscape An InComparison Paper by Bloor Research Author : Fran Howarth Publish date : April 2012
  2. 2. Email security is essential.Email communications providefor efficient and effectivecollaboration and are extremelyimportant as business records,yet they have long been thetarget of criminals looking tospread malware and steal theinformation that they contain.Fran Howarth
  3. 3. Essential email security …business requirements and competitive landscapeExecutive summary Email is an essential communications and col- Fast facts laboration tool for all organisations and email messages contain a great deal of sensitive and • Email security should be part of a wider, often confidential information that is among unified email management system, en- the most important business records pro- compassing not just malware controls, but duced by an organisation. It is therefore vital mailbox management, content filtering, that high levels of security be used for email, encryption and data leakage prevention, both at rest and in transit. This is important not continuity, archiving and discovery, and com- just for protecting the organisation from the pliance reporting. harm caused by email-borne threats facing the organisation, but also to ensure that it is safe • Traditional on-premise software and appli- when stored so that the information cannot be ance delivery models are being eclipsed by accidentally leaked out of the organisation. cloud-based and hybrid delivery models that provide many advantages in terms of cost, Traditionally, email security technologies have convenience, superior service and greater focused on malware and spam controls at their flexibility, in particular enabling security core, but this part of the market has become controls to be extended to the ever-expand- somewhat commoditised over time with fea- ing number of mobile devices being used. ture parity across most vendors as innovation has plateaued. Where most development has The bottom line been seen is in the focus on more advanced threat detection techniques in the arms race Given the importance of email as a business against ever more sophisticated email threats. record, high standards of security need to be With vendors offering pretty much the same applied so that employees of an organisation assurances over malware and spam protec- can communicate and collaborate with each tion, organisations looking to make purchas- other and with customers and business part- ing decisions should look for more advanced ners effectively and efficiently without falling features that add value as part of a wider, uni- prey to the threats posed by email-borne mal- fied email management system, such as conti- ware and data leakage or exfiltration. How- nuity services and archiving. Many government ever, whilst email communications are vital regulations and industry standards mandate to all organisations, managing email systems that email records be retained in a secure, and security in-house is a complex challenge tamperproof repository, which will also help to that provides little in the way of competitive keep workers productive as they will be able advantage. Newer, cloud-based and hybrid to more easily retrieve old emails for repur- delivery models remove many of those com- posing the information that they contain or for plexities and provide a superior level of pro- evidence in litigation. The quality and configur- tection against the sophisticated exploits being ability of the management interface into which targeted at email systems today. all components are integrated are important considerations here, making it easier to prove compliance and to answer litigation that de- mands that emails can be produced quickly when required as evidence. Other important differentiators that organisations should look for include the quality of the self-service capa- bilities, such as the level of user control over quarantined email, as well as pricing and the quality of support provided. This document discusses the business case for implementing strong email security con- trols and outlines what organisations should look for when selecting a product or service. It is intended to be read by organisations of all sizes across all vertical industries and de- scribes the capabilities of some of the major vendors in the market.A Bloor InComparison Paper 1 © 2012 Bloor Research
  4. 4. Essential email security…business requirements and competitive landscapeEmail as a strategic business tool The development of email was a revolution in Yet email is more than just a communications communications. It allowed people to com- tool. It is also the most commonly used col- municate and exchange information efficiently laboration platform within organisations, used and cost effectively, without the need for both for working on documents, presentations and parties to be on the same time schedule. spreadsheets among project teams. Email is A ­ ccording to research published by Osterman also used for interaction by many enterprise Research in December 2010, email remains applications such as customer relationship the single most used application for the typical management, supply chain and transaction corporate user and is the primary method for processing applications, used to send users sending information in and out of an organi- notifications and to keep track of interactions sation1. Osterman found that, on average, the on these applications. typical user spends 134 minutes per working day on email, compared to 61 minutes on the telephone, 28 minutes using real-time com- munications tools and 11 minutes using social media sites. Not only is email the most important com- munications mechanism for organisations, but its use is increasing as users continue to embrace internet-enabled mobile devices. According to research published by digital marketing intelligence provider comScore in January 2011, the number of users access- ing email via mobile grew by 36% in 2010 and many more users are checking corporate emails from their mobile devices—even those that they own personally2. In 2011, the Radicati Group published research that indicated that 85% of business users use mobile phones to check their business emails3.© 2012 Bloor Research 2 A Bloor InComparison Paper
  5. 5. Essential email security …business requirements and competitive landscapeWhy email security is essential Because of its importance as a communi- Another major reason behind the need for cations and collaboration tool, emails are high levels of email security is the need to considered to be important business records. comply with government regulations and According to the Enterprise Strategy Group, industry mandates, many of which require up to 75% of corporate intellectual property that high standards of security be applied to is contained in emails and their attachments, sensitive data, much of which is contained as well as other sensitive information such in email correspondence. Examples include as personnel data, customer information, data protection legislation in many countries product and marketing plans, and corporate worldwide, much of which is being tightened financial data4. to expand the sanctions imposed on or- ganisations for data breaches, and industry Given the importance of such records, it is vital standards such as the Payment Card Industry that they are transmitted and stored securely. Data Security ­ tandards (PCI DSS), which S One primary concern for organisations is that demands that payment cardholder informa- of malware being introduced to the organisa- tion be adequately protected. Others demand tion via email, which can be used to exfiltrate that business records, including emails, be data out of the organisation, such as personal maintained for specified periods of time in a information contained on an endpoint device or secure, tamperproof manner, in some cases to send out spam messages. Another concern for up to ten years. Examples of these in the is that users often need to locate information US include SEC Rule 17a-4, Sarbanes-Oxley, in emails and their attachments—especially the Federal Rules of Civil Procedure, NARA those sent to them, where a certain email may Electronic Records Management regulations be the only record of a particular transaction and FINRA Rule 3110. The US also has the Pa- that is available to them. Time spent clearing triot Act, which allows for the interception and up infections and looking for email records can inspection of enterprise email. In the EU, each be a major drain on productivity. member state tends to have its own national laws governing records retention, with the majority requiring records to be maintained for an average of five years. E-discovery in Asia-Pacific is still considered to be a fairly new initiative, although Australia in particular has been reforming rules to encourage elec- tronic submissions. In Africa, various coun- tries, including South Africa, are in the process of developing laws.A Bloor InComparison Paper 3 © 2012 Bloor Research
  6. 6. Essential email security…business requirements and competitive landscapeSecurity as part of a unified email management system Because of these factors, effective email secu- the administration and management tasks rity is essential and needs to be a core compo- required, requiring agents with a much lower nent of any email management system. Whilst footprint be installed on each device to be pro- once email security was primarily associated tected so that updates can be pushed out from a with malware controls, a much more holistic central location and policies enforced centrally. approach is now required that encompasses Appliances have the advantages over software- all aspects of managing email systems. It re- only deployments of providing greater visibility quires a combination of mailbox management, into user activity and network traffic, as well as malware controls, content filtering, encryption whether or not devices conform to the security and data leak prevention, continuity, archiving standards required. However, appliances are and discovery, and compliance reporting. All not always easy to scale as new devices are organisations need to guard against threats added, often requiring more hardware to be associated with email by ensuring that pro- purchased, configurations to be actively man- tection is constant and covers all emails sent aged and needing administrators to take action or received by all users, that the service is when issues are encountered. continuously available, and that all relevant emails are securely archived. More recently, cloud-based, software as a ser- vice (SaaS) subscription-based services have DIY or leverage the cloud? come onto the market. The use of such servic- es provides advantages that include lower cost Traditionally, email security technologies have and administrative overhead since the services been deployed within the boundaries of an are based on a shared infrastructure and made organisation, with controls placed directly on available to many customers simultaneously. the devices used to send and receive emails, In terms of email security services offered in such as anti-virus and other malware controls. a cloud-based SaaS model, most providers At the network level, firewalls and intrusion focus not just on threat and malware protec- detection and prevention systems are generally tion, but also offer a range of complementary used to control what traffic can flow in and out services that are necessary for maintaining a of the organisation, often deployed inline with comprehensive email security posture. These specific devices. Implemented in-house, such include inbound and outbound security and systems take a great deal of administration privacy protection, archiving, continuity, and and management, which, especially in large regulatory compliance and litigation support. organisations, means that IT resources have to The level of protection offered through such be dedicated just to managing these systems. services is often better than can be achieved in-house—in part because many responsibili- To solve some of these issues, technology ties for security are pushed off onto the service vendors developed appliance-based systems, provider, rather than having to be provided in- deployed on-premise, that perform many of house (see Figure 1). Source: European Network and Information Security Agency (ENISA) Figure 1: Division of security responsibilities in the SaaS delivery model© 2012 Bloor Research 4 A Bloor InComparison Paper
  7. 7. Essential email security …business requirements and competitive landscapeSecurity as part of a unified email management system Among the reasons why the level of threat Further, cloud-based services are very well protection offered by such services can be suited for the needs of organisations that wish superior to those deployed in-house is that to provide their workers with the flexibility of threats can be stopped in the cloud so that the always-on access from anywhere via mobile malware exploits never even reach the organi- devices, since only a browser interface is sation’s network or email systems. Many such needed to connect to such services. Protection services also gather samples of the latest can even be easily and acceptably extended to threats as they emerge through worldwide those devices owned by employees themselves intelligence networks that gather information when connected to corporate resources—an from computer users worldwide, combined increasingly common situation encountered in with a variety of other information and threat today’s business environment—as only a small sources. Using a variety of detection tech- agent needs to be installed on each device so niques above and beyond those of signatures that the user does not suffer the frustration of that provide countermeasures for threats that degraded performance, which is unacceptable are known, including advanced heuristics, to most when using their own devices. reputation analysis and content filtering, such services even afford protection against previ- For those organisations that do not wish to ously unknown, so-called zero-day threats. cede all control over their email management Many also offer protection against outbound needs to a service provider, hybrid deployment threats and data leakage through the provision models are now more commonly being offered of data leakage prevention (DLP) capabilities that combine on-premise management of and can enforce the use of extra security con- email systems with additional email manage- trols, such as encryption for all data in transit ment services based in the cloud. For example, and at rest in the email archiving repository. organisations may wish to benefit from the use of cloud-based threat protection services for Cloud-based tools provide many other ad- inbound email and perhaps for email storage vantages for organisations in terms of man- and archiving, whilst using in-house physical agement of, and visibility over, the service or virtual appliances for mailbox management as all tasks, such as policy development and and DLP capabilities. For some organisations, enforcement, are accomplished through one this provides a way of testing whether or not web-based management console that provides the use of SaaS is suitable for them and, should a unified view of all services offered, as well as they find its use beneficial, can then migrate comprehensive management reports of their further services to the cloud over time. effectiveness. Guarantees over the effective- ness of those services are provided by service level agreements (SLAs). These supply assur- ances over the amount of uptime guaranteed, the level of protection against both known and zero-day threats, and levels of spam protec- tion—with financial penalties imposed on the provider for any failure to meet the guaranteed levels of service.A Bloor InComparison Paper 5 © 2012 Bloor Research
  8. 8. Essential email security…business requirements and competitive landscapeThe components of a unified email management system As stated above, email security needs to be many service providers offer is help with those part of a wider email management posture. migrations to ensure security levels are main- Security is essential for providing protection tained and policies continue to be enforced against malicious threats and data loss but, during the migration process. given the importance of email as a com- munications and collaboration tool, email Malware controls correspondence also needs to be securely stored, managed and archived. This is vital for Protection against malicious threats that in- reducing business risks, and especially those clude malware and spam is a core capability associated with regulatory non-compliance or of any email security system. However, with litigation requests that demand that business threats multiplying and growing in sophistica- records be produced, including all relevant tion, any technology chosen should feature emails. By looking at email management in a advanced detection and threat mitigation ca- wider context, organisations will be in a better pabilities that provide protection against new, position to enforce corporate policy, prevent zero day threats. It is no longer sufficient to data loss, eliminate downtime, achieve com- rely on reactive signature-based mechanisms pliance, eliminate risks associated with spam since such countermeasures take time to and malware, and facilitate rapid search and develop and deploy to all devices via updates e-discovery for improved productivity and liti- and patches to software installed on them. Not gation response. This will help organisations only is this time-consuming and frustrating for in achieving the three key security objectives of users, but it also leaves the organisation ex- organisations with regard to the business in- posed to gaps in protection before all devices formation transmitted by and stored in email— can be patched. integrity, confidentiality and availability. A more effective strategy is to subscribe to The components of a unified email security cloud-based email security services, where system should include the functionality listed protection is applied remotely in the cloud in the following sections. before malicious traffic can reach the organi- sation’s network. Providers of such services Mailbox management generally deploy anti-malware controls from major vendors, often in combination, but sup- Efficient mailbox management is vital for main- plement these with multiple other detection taining user productivity. The email manage- techniques that include reputation services, ment system should ensure that all messages advanced heuristics, URL and content filter- and their attachments are captured, even those ing, black and white listing, and traffic moni- deleted by users, and sent to the archive ac- toring for protection against such exploits as cording to set rules and policies. This will get denial of service attacks. The use of multiple, around problems caused by users storing proactive detection techniques provide protec- emails in their own personal email folders, tion against even zero day attacks. Further, which are not accessible to others in the organi- many email security service providers main- sation. The user should then be able to search tain global threat intelligence networks that for and retrieve items from the archive directly gather information pertaining to the latest from the familiar email client interface, as well threats from multiple sources worldwide, in- as deal with suspicious items that have been cluding threats seen by customers, honeypots quarantined, rather than requiring a separate and other threat information services such as pop-up interface for doing so. This will help to those provided by CERTs, ISPs and govern- keep users productive, reduce training needs ment agencies. and lower the burden on the help desk of re- trieving deleted or hard to find items. The superior protection available through the use of cloud-based email security services The system should support all the major email is spurring the take-up of hybrid services, clients in use and versions thereof, so that no whereby organisations maintain and manage emails are missed. With many organisations email clients in-house, but supplement them looking to migrate to the latest 2010 version with the use of cloud-based services for cer- of Microsoft Exchange, a useful service that tain capabilities, such as malware protection.© 2012 Bloor Research 6 A Bloor InComparison Paper
  9. 9. Essential email security …business requirements and competitive landscapeThe components of a unified email management system Encryption and data leak prevention Data centre coverage Security breaches are everyday news and can In order for a service provider to offer such hurt organisations that suffer them, ranging capabilities, it must maintain a network of data from damaged reputations and lost business centres for failover in the case of a disaster. to the possibility of fines or other sanctions for Organisations should ask their service provid- failing to adequately secure sensitive informa- er for details of their data centre coverage and tion. An effective email security system should security measures. In today’s highly regulated therefore provide protection against unwanted environment, the location of data centres is of data leaks, whether accidental or done ma- importance as some laws, such as data protec- liciously, and should enforce compliance tion in European countries, demand that data with the organisation’s security policies and is not transferred to locations such as the US, regulatory compliance requirements. Not only where controls are less strict. Another consid- should the system store all email messages eration with regard to data centre location is to and their attachments in encrypted form, but guard the organisation against demands from encryption should be enforced for protecting law enforcement agencies and governments all sensitive information in transit according to for access to business records, including policies set by the organisation. emails, such as those of the Patriot Act of the US. As well as this, international litigation is More advanced capabilities include the use of on the increase. According to the 8th annual image analysis to prevent the transmission of litigation trends report published by Fulbright images deemed to be inappropriate or to pre- & Jaworski LLP, 30% of 405 respondents from vent the leak of information such as product the US and the UK were party to at least one designs. Some will also enforce the conversion international arbitration dispute in 2011, rising of documents to more secure formats, such as to 50% of organisations with revenues of­ read-only PDF documents, to prevent the in- US$1 billion or more5. Among UK respondents, formation that they contain from being altered 42% stated that they had encountered issues by the recipient. They can also enforce the use concerning the jurisdiction in which document of email signatures and legal notices regard- processing takes place. Organisations should ing the obligations of the message recipient therefore seek assurances over the jurisdic- in terms of how the information can be used. tion in which their emails will be processed A further capability to consider is the use of and stored. closed-circuit messaging, whereby an email is sent containing just a link to a document Archiving and ediscovery that is held securely on the service provider’s network, allowing highly sensitive information Email archiving is one of the cornerstones to be shared without the original being actually of any email management programme as it distributed outside of the organisation. provides a secure manner to store emails for future use. This is a huge aid in productivity Continuity as users can easily search such archives to find information, such as details of a contract Given the importance of email, any disruption negotiation, which may be held in many email to email services that makes the system una- threads. There are also numerous govern- vailable is a frustrating productivity drain on ment regulations and standards that demand users and can impact the business, perhaps that business records be retained securely for through lost revenue-generating opportuni- set periods, which can be as long as ten years. ties. Most cloud-based email security services offer continuity capabilities that ensure that In particular, cloud-based email archiving emails can be sent and received, even during is considered by many organisations to be a planned or unplanned outage, and that among the most suitable applications for using provide access to recently archived emails to cloud-based services as archiving needs are keep users productive. However, capabilities relatively uncomplicated and uniform. In De- vary and some vendors provide only limited cember 2010, the US government unveiled its coverage in this area. The system should also Cloud First policy, under which federal agen- ensure that all emails are archived, even cies must consider the option of using cloud- during an outage. based services when planning new IT projects.A Bloor InComparison Paper 7 © 2012 Bloor Research
  10. 10. Essential email security…business requirements and competitive landscapeThe components of a unified email management system In April 2011, the White House CIO stated that When considering alternatives, organisations 15 agencies had announced that they intended should look for a service that is tightly inte- to move their email management and archiv- grated with the email client that they use, with ing applications into the cloud. Two agen- the archive directly searchable from the inbox cies—the General Services ­ dministration A for greater usability, and should ensure that and the ­ epartment of Agriculture—claim to D all emails sent and received are captured by have saved some US$40 million by abandon- the system so that there are no gaps in the re- ing in-house email. Building on this, the US cords. The service should provide support for government announced in November 2011 regulatory compliance needs, such as allow- that all federal agencies have until May 2012 ing retention periods to be set and enforced to report on how they intend to improve the according to the requirements of regulations way that they store and manage electronic that the organisation faces. It should also records, including emails, blog posts and ensure that archived records are securely social media activity, and the White House, in deleted once they are no longer needed so that conjunction with the National Archives and the organisation is not exposed to the litigation Records Administration, is currently drafting risk and expense of searching through years of a new records management directive. Using unnecessary data. cloud-based services is considered by many to be the best option.  Given the growth in litigation requiring elec- tronic business records, including emails, to Other governments are following this lead. be produced as evidence, any service chosen The UK government has stated that cloud should provide ediscovery support, such as the computing should account for half of its IT ability to enforce legal holds. It is also abso- spend by 2015 and it is hoped that this will lutely essential that the archived records be reduce its annual IT expenditure of £16 billion held in a secure, tamperproof repository, with by £3.2 billion. all emails held in encrypted form and access to the data by the vendor’s staff strictly con- Another reason why email archiving should go trolled. Further, the archiving service should hand in hand with email security is to support extend support to emails sent and received the growing number of ediscovery requests. by mobile phones used in the organisation. According to Osterman Research, 57% of IT or- According to Fulbright and Jaworski’s 2011 ganisations that it surveyed referred to email survey, 32% of respondents had to preserve or archives or backup tapes to support their or- collect data from an employee’s mobile device ganisation’s innocence in a legal case in 2010 for litigation or investigation purposes in the and 66% were ordered by a court or regula- previous year. tory body to produce employee email records6. Also, according to Fulbright and Jaworski’s 2011 litigation trends survey, organisations are concerned about stricter legislation being introduced that will lead to more litigation and 28% expect disputes to increase in 20125. Source: Computing7 Figure 2: Reasons for archiving emails© 2012 Bloor Research 8 A Bloor InComparison Paper
  11. 11. Essential email security …business requirements and competitive landscapeThe components of a unified email management system Centralised management To be effective, all of the components required Centralised management capabilities will also of an effective email security management ensure that all actions taken across all compo- deployment should be tightly integrated, built nents of the email security service are logged on a common architecture and managed in a consistent manner so that reports can be through a central interface. It is via this inter- generated for management purposes and an face that policies such as encrypting outbound audit trail is available to help the organisation emails containing sensitive data and applying prove that it is complying with the demands of retention periods to inbound emails can be ef- government regulations and industry stand- fectively enforced. It should also be tightly in- ards with which it must conform. tegrated with the email client in use to ensure that all emails are captured, even those sent and received by mobile devices.A Bloor InComparison Paper 9 © 2012 Bloor Research
  12. 12. Essential email security…business requirements and competitive landscapeOverview of the major players Cisco Google Cisco’s email security products and services Google’s email security capabilities come from stem from its acquisition of IronPort in January its acquisition of Postini in 2007, a vendor of 2007. It offers appliances for in-house deploy- web and email security, and archiving ser- ment, cloud-based email security services, a vices, in order to boost the business appeal of hybrid mix of the two and managed services its Google Apps products. Rebranded Google for remote monitoring and management. It Postini Services, Google has been merging its is best known for its on-premise appliances, email security features into its Google Apps deployed primarily by mid-sized and large products, although it states that it will con- organisations, whilst its cloud services have tinue to sell them as standalone services for been developed more recently. Its products those that wish that. However, in September and services benefit from integration with 2011, Google announced that it was discon- other Cisco security products, such as its web tinuing new sales of web security products as security offerings, and it operates a global the functionality has been merged into Google threat intelligence network that it claims Apps and it remains unclear whether or not monitors 30% of global internet traffic. the same fate will befall email security. Google has also announced in February 2012 that it Whilst Cisco has many of the basics, it lacks is discontinuing email continuity services for a full vertical stack—for example, it does not customers using Microsoft Exchange. These offer archiving—and some of its capabilities factors raise concern over the long-term vi- are available as add-on options. It has been ability of its standalone products, as well as in the email security space for some time, but support for products other than Google Apps these products and services account for just a and its own email client. small proportion of its overall portfolio. Its email security capabilities are basic com- pared to its competitors and little has been seen in terms of product development since Google acquired Postini. Some components are provided by partners and some are also offered as add-on products, of which there are minimum purchase requirements for some, such as encryption. Google is also widely slated for the lack of support offered. Customers are directed to online support information, which provides a limited amount of rather general information, and direct support is available only for larger accounts via an online portal. No support phone number is published.© 2012 Bloor Research 10 A Bloor InComparison Paper
  13. 13. Essential email security …business requirements and competitive landscapeOverview of the major players McAfee Microsoft McAfee was acquired by technology pow- Microsoft’s email security capabilities came erhouse Intel Corporation in 2011 and is through the acquisition of FrontBridge Inc in maintained as a separate brand. Its email 2005. Now rebranded Microsoft Forefront, it security capabilities are part of its content se- offers on-premise products for its Exchange curity capabilities, also including web security 2010 server and a SaaS offering for Exchange, and DLP. It offers its products as appliances, which is the default choice for Exchange SaaS or a hybrid combination of the two. Many Online and Office 365, its suite of business pro- of its capabilities are offered as bundled suites ductivity offerings. Its email security products offering varying levels of capabilities and are are included in many product bundles that it tightly integrated with its ePolicy Orchestrator offers. However, its email security capabilities management platform. Its appliance products are considered to be fairly basic in their native came through McAfee’s acquisition of Secure features and many customers of Office 365 and Computing in 2007 and its SaaS capabilities Exchange 2010 are choosing to supplement through the acquisition of MX Logic in 2009. It the services with those of specialised vendors, recently integrated two in-house offerings into especially in the cloud-based email archiving one email security gateway appliance. and continuity space. McAfee’s products and services are fairly One particular caveat for its SaaS offering is comprehensive and it has options for organi- that it only maintains data centres in the US sations from small firms right up to large en- and Europe and only guarantees in-geography terprises and ISPs, although it is considered to processing in the US, specifically stating that be fairly highly priced, especially when add-on data for customers in EMEA will be hosted in services are purchased. It has a global threat both Europe and North America. It does not intelligence network, which is considered to offer continuity services. be strong.A Bloor InComparison Paper 11 © 2012 Bloor Research
  14. 14. Essential email security…business requirements and competitive landscapeOverview of the major players Mimecast Proofpoint Mimecast is a specialised vendor of unified Proofpoint is a specialised provider of email email management services based on a SaaS security offerings, including on-premise and model. Its services encompass email security, SaaS solutions for email security, data leak- archiving, continuity, policy management and age prevention, privacy protection, email en- data leakage prevention and were all built as cryption, archiving and ediscovery. Many of its SaaS services from the ground up by Mimecast products have been acquired or are provided as one unified, tightly integrated service. The via partnerships, which can be risky if those capabilities offered by Mimecast’s email man- partners are acquired. For example, its part- agement service are considered to be strong ner Clearwell Systems, providing ediscovery and it has a good track record of constant in- capabilities, was acquired by Symantec in novation. Its widespread data centre coverage 2011. The functionality of many of its products is another key differentiator and in-geography and services is considered to be good, although processing and storage is guaranteed for all its archiving solution is not as highly regarded customers. Its SLA is strong compared to as its other capabilities. competitors and guarantees 100% uptime, even for access to the email archive, and un- Proofpoint primarily targets mid-sized and interrupted email during an outage. Mimecast large organisations and its SaaS services are is also widely recognised for the quality and used by even very large organisations. It also timeliness of its customer support, offered has a primary focus on North America and is across multiple channels. not especially well known in EMEA, where it is only now setting up its data centre infrastruc- Although coverage is provided for multiple ture in association with a partner. Its products email clients, the primary focus is on ­ icrosoft M and services are considered to be fairly high Exchange and it offers a service for those or- priced, especially as many capabilities are ganisations looking to migrate to Exchange provided as add-ons, which can jack up the 2010 or Office 365. It has recently expanded price considerably. its mobile coverage and continues to add new, innovative features to its service in areas that differentiate it from its competitors, including advanced encryption options, enhanced self- service, secure attachment management, and stationery and email marketing tools.© 2012 Bloor Research 12 A Bloor InComparison Paper
  15. 15. Essential email security …business requirements and competitive landscapeOverview of the major players Symantec Websense Symantec is one of the largest security vendors Websense is considered to be a leader in and has a broad range of offerings for email web security, which remains its core focus, security—so broad that navigating through the although it has a fairly broad portfolio of email maze can be a daunting challenge. It offers security capabilities. It is considered to be par- hardware and virtual appliances, software and ticularly strong in terms of its DLP capabilities, SaaS options, some designed for specific email which are integrated across all delivery chan- clients that include Exchange and Domino. It is nels, as well as its Threatseeker global intelli- considered to have some strong capabilities gence network. It offers SaaS and on-premise and maintains a well regarded global threat options, as well as a hybrid combination of the intelligence network. However, all products two. The majority of its products and services were acquired and integration challenges were acquired and have been integrated with remain. Its latest acquisition was of ­ iveOffice, L its TRITON management interface and report- a vendor of SaaS email archiving, in 2012, ing engine since 2010, providing a common which it had previously been offering under an management console for email, web and data OEM arrangement. security. For some capabilities, it has relied on partnerships, which can be a risky strategy Symantec’s products and services are fairly as was seen with the acquisition of its partner high priced, especially as some of the capabili- LiveOffice by Symantec, leaving it with no ar- ties offered are optional extras. It has world- chiving or continuity capabilities. wide coverage and good support capabilities, as well as particularly strong SLAs. Websense is a public company, but only achieved profitability from 2010 onwards. It is considered to be mid- to high priced and some of its capabilities, such as advanced encryption and image analysis, are provided as optional add-ons.A Bloor InComparison Paper 13 © 2012 Bloor Research
  16. 16. Essential email security…business requirements and competitive landscapeData reference section Champion McAfee Symantec Mimecast Cisco Websense Google Cha Microsoft Proofpoint r ato llen ov ge Inn r Figure 3: The vendor landscape The information used in making these evaluations has been drawn from a variety of sources, including published and unpublished sources. Technology and services providers have been evaluated for their capa- bilities in offering email security in the wider context of a unified email management system. The evaluations take into account their financial stability, brand and market share, their current offerings in this market sector and future direction, market presence, and perceived strengths and weaknesses. The information provided does not constitute a direct endorsement of any of the organisations. Where the diagram is con- cerned, the closer to the centre the vendor is positioned, the more fit for purpose their offerings are considered to be.© 2012 Bloor Research 14 A Bloor InComparison Paper
  17. 17. Essential email security …business requirements and competitive landscapeSummary Email security is essential. Email communications provide for efficient and effective collaboration and are extremely important as business re- cords, yet they have long been the target of criminals looking to spread malware and steal the information that they contain. There are many things to consider when selecting an email security system as security should be seen in the wider context of email management as a whole as well as the differing options in terms of how the controls are imple- mented that are available. The vendors profiled in this paper represent some of the most viable options on the market, yet each have their own strengths in terms of features and coverage. References 1. 2. Web-based_Email_Shows_Signs_of_Decline_in_the_U.S._While_ Mobile_Email_Usage_on_the_Rise 3. Corporate-Email-2011-2012-Executive-Summary.pdf 4. looks-to-shake-up-a-crowded-enterprise-message-archiving-ema- market/ 5. 6. 7. benefits-moving-email-archiving-cloud-7439 Further Information Further information about this subject is available from Bloor InComparison Paper 15 © 2012 Bloor Research
  18. 18. Bloor Research overview About the authorBloor Research is one of Europe’s leading IT Fran Howarthresearch, analysis and consultancy organisa- Senior Analyst - Securitytions. We explain how to bring greater Agilityto corporate IT systems through the effective Fran Howarth specialises in the field of security, pri-governance, management and leverage of marily information security, but with a keen interestInformation. We have built a reputation for in physical security and how the two are converging.‘telling the right story’ with independent, intel- Fran’s other main areas of interest are new deliv-ligent, well-articulated communications con- ery models, such as cloud computing, informationtent and publications on all aspects of the ICT governance, web, network and application security,industry. We believe the objective of telling the identity and access management, and encryption.right story is to: Fran focuses on the business needs for security technologies, looking at• Describe the technology in context to its the benefits they gain from their use and how organisations can defend business value and the other systems and themselves against the threats that they face in an ever-changing land- processes it interacts with. scape.• Understand how new and innovative tech- For more than 20 years, Fran has worked in an advisory capacity as an nologies fit in with existing ICT invest- analyst, consultant and writer. She writes regularly for a number of pub- ments. lications, including Silicon, Computer Weekly, Computer Reseller News, IT-Analysis and Computing Magazine. Fran is also a regular contributor to• Look at the whole market and explain all Security Management Practices of the Faulkner Information Services divi- the solutions available and how they can be sion of InfoToday. more effectively evaluated.• Filter “noise” and make it easier to find the additional information or news that sup- ports both investment and implementation.• Ensure all our content is available through the most appropriate channel.Founded in 1989, we have spent over two dec-ades distributing research and analysis to ITuser and vendor organisations throughout theworld via online subscriptions, tailored re-search services, events and consultancy pro-jects. We are committed to turning our knowl-edge into business value for you.
  19. 19. Copyright & disclaimer This document is copyright © 2012 Bloor Research. No part of this pub- lication may be reproduced by any method whatsoever without the prior consent of Bloor Research. Due to the nature of this material, numerous hardware and software products have been mentioned by name. In the majority, if not all, of the cases, these product names are claimed as trademarks by the compa- nies that manufacture the products. It is not Bloor Research’s intent to claim these names or trademarks as our own. Likewise, company logos, graphics or screen shots have been reproduced with the consent of the owner and are subject to that owner’s copyright. Whilst every care has been taken in the preparation of this document to ensure that the information is correct, the publishers cannot accept responsibility for any errors or omissions.
  20. 20. 2nd Floor, 145–157 St John Street LONDON, EC1V 4PY, United Kingdom Tel: +44 (0)207 043 9750 Fax: +44 (0)207 043 9748 Web: www.BloorResearch.comemail: