Email has been around for over 40 years and in that time, it has gone from being a “useful tool” to being a critically important business application. Although the underlying technology has remained stable and proven during this time, the ecosystem around email has changed significantly and dramatically. New and unavoidable vulnerabilities have come to the forefront, making it crucial to take a fresh approach at managing email.
What’s Wrong With The “Old” Way?
When the first email protocol was developed back in the 1970s, no one anticipated how important the technology would become to the world – particularly businesses. As a result, email wasn’t inherently designed to address three major vulnerabilities seen today.
The vulnerability of downtime.
It used to be that the occasional email outage was forgivable because mobile access was relatively rare and the business world hadn’t yet developed the expectations of 24/7 access and immediate response time. [Write-Effective-Email-Subject-Lines]
Today, businesses need and expect their email to be always running—24/7 and 365 days per year. However, few businesses managing their own email servers can achieve that result. There are a number of reasons for this, including the inability:
- To protect against local outages and disasters (cross-datacenter replication and redundancy are extremely complicated for on-premises servers)
- To keep up with patches and updates that fix bugs and eliminate security holes
- For individual administrators to offer 24/7 on-call service, which allows bugs to compound and increase in scale when nobody is on-call to fix them
The bottom line: today’s employees, customers, partners and suppliers have high expectations for the reliability of email. Anything less than 99.999% uptime – equal to less than a 30 seconds per month of downtime – puts everything at risk, including employee productivity, customer satisfaction, your business’s reputation, and more.
The vulnerability of email security.
Cybercriminals love the inherent vulnerability of email and they use a tactic called “spear phishing” to attack users. To perpetrate a spear phishing attack, a cybercriminal will send a user an email that appears to be legitimate, but is actually designed to steal passwords, install malicious software, or worse. It has become so popular that nearly 95% of all attacks on the enterprise network are the result of successful spear phishing.
The protections provided by an Exchange server alone aren’t strong enough to protect users against today’s cyber-threats. As criminals get more and more sophisticated, email administrators must find new ways to combat these cyber-threats. Are the people managing your on-premises servers able to keep up with millions of cyber threats per quarter?
In addition to cyber security, physical security also needs to be considered because the facilities where servers are located may also be vulnerable. This is something many businesses don’t think about until their offices are burglarized and their email servers are stolen. This happens more often than you think. And it’s especially risky for regulated businesses, because this constitutes a data breach that may result in public disclosure and even fines.
The vulnerability of data preservation.
Gartner estimates that about 45% of an organization’s email provides some business value because the messages and attachments are related to a project, an initiative or are considered an official record. What happens if an employee deletes an important message either accidentally or intentionally? How will you get it back?
Email was not designed to be “permanent.” It is not inherently tamper-proof. You can’t submit email as part of an “official record” in court unless it has been stored in a tamper-proof archive. How much do you stand to lose financially if you can’t produce an archived message in court, or if the court is convinced that the message isn’t admissible as evidence because it might have been altered? The risk is real: 82% of US businesses will be involved in some type of litigation and you want all of your email to be available to bolster your case.