Next to the Web browser, there are few applications that we use more in our day-to-day business lives than email. Choosing a new or replacement email system is one of the more important technology decisions your organization will make. Here are three basic questions to consider:
- Should the email system be implemented in the organization's data center or purchased as a service
- How important is email security and privacy to the organization?
- Should IT consider an open or proprietary email system?
With the rise in popularity of cloud-based email providers, first consider whether to implement the email system in your data center or purchase it as a service from an email provider. Security and privacy are two key considerations for selecting a cloud-based email provider.
When outsourcing email to the cloud, you trust your provider to keep your organization's email safe and secure. Therefore, consider a provider that specializes in providing secure and private email. Encryption of email, both in transit and at rest, is another factor in choosing a new or replacement email system.
While the major email providers support encryption, the key to making the best choice is to understand who manages the encryption keys. If the service provider manages the encryption keys, it can ultimately decrypt your organization's email and use the information for marketing purposes or in response to a government subpoena. While many organizations consider this an acceptable risk, consider providers that allow for your organization to manage its own encryption keys.
The most important factor pertaining to privacy is whether the email provider is operating in the same country as your organization. If your provider is operating offshore, the laws and regulations of the country in which the provider is headquartered will determine the privacy of your email. Some of the major email providers have local data centers in an attempt to address this issue.
However, recent court rulings suggest that this is not enough. For example, the U.S. government recently ordered Microsoft to disclose Microsoft Exchange emails even though the data was stored in its regional data center located in Ireland. This set a precedent that no US-based company can refuse to share foreign clients' emails or private data. A best practice is to choose email providers that are headquartered in the country in which you do business.
Organizations that choose to implement an email system in their own data centers should consider systems that easily integrate with recognizable third-party antivirus, anti-spam, anti-phishing and encryption products. Implementing your own private email system means that you are responsible for keeping your email secure, private and in compliance with relevant industry regulations.
Regardless of whether you choose an on-premise or cloud-based service, another consideration is whether to use an open or proprietary email system. Proprietary systems are closed and do not provide visibility into how the email vendor addresses security and privacy issues. By providing access to source code, open source email systems provide this visibility.
Open source systems also tend to be more affordable, providing a number of free utilities such as desktop clients and integration with third-party products (these free utilities are provided by both vendors and third-party members of the open source community).
While there are several issues to consider before implementing an email system, security and privacy, on-premises versus cloud-based email, and open versus proprietary are three key factors that you should carefully consider before making your selection. However, these issues are not static; they evolve over time. So, regardless of which path you choose, select a vendor and service provider that puts your needs first, and considers your business as a long-term partnership.
- Brent Rhymes is president of worldwide field operations at Zimbra