Securing Your Business Email System

Email is the most frequently used service for business communications. With confidential and sensitive information exchanges taking place between customers, partners and internal employees several times a day, privacy and security should be your organisation's first priorities when selecting a new platform.

There are many email options available in today's market, but to ensure that you are evaluating the right platforms that will meet your organisation's privacy and security standards, you need to ask the following questions to quickly narrow down your search.

On-premises or in the cloud?

The first decision businesses must make is whether to run email operations out of an internal data centre or use a cloud-based provider. There are advantages to both. While using an on-premises system gives your organisation total control over security and privacy, it also requires additional resources and costs. Plus, someone from the organisation must then take on the administrative tasks associated with running the system.

Cloud solutions, whether local or public, are efficient and cost-effective, but it's vital to make sure the provider is trustworthy. If you use an overseas cloud provider, the fate of your email rests with that country's laws, not those of the country where your business is headquartered. That discrepancy opens your company up to a set of privacy laws it may not be on board, or even familiar, with. The safest option is to ensure that your data is stored in the same regional location as your business.

Does it support your third-party security solutions?

While on-premises solutions are in some ways more secure than cloud-based ones – since fewer outside sources have access to your data – it also means that your company is responsible for ensuring that all necessary safety protocols are met. Make sure the solution your business chooses can integrate with third-party anti-spam, antivirus and email encryption services. Of course, any program should have these capabilities, but it's also important that it can easily integrate with recognisable security partners to ensure quality service.

Preventing spam and viruses is obvious, but there is another key consideration. Encryption, the process by which readable text is converted to scrambled ciphertext to keep outsiders from reading it, is now supported by most major email providers, but it has to be handled correctly to maintain your privacy. If an outside provider that holds the encryption key for your messages handles your email, it then has access to the original information and could decrypt it and release it for marketing purposes or in response to government requests. Some companies are willing to take that chance, but if you're not one of them, it may be wise to circumvent those risks entirely by maintaining internal control of the encryption keys.

Is it a proprietary or open source solution?

Whether your company goes down the internal or cloud route, you'll still need to decide whether to use a proprietary or open source system. The essential difference between these options is transparency. Proprietary programs do not release information about the email vendor's security and privacy processes, while open source systems do. To put it simply, proprietary solutions demand total trust, whereas open source programs allow you to verify that trust with data. Depending on how much you know about the solution, having that visibility might be the deciding factor in your choice.

Aside from how much information they release to clients, open source programs are also usually less expensive in the long-term because they allow users free access to things like desktop clients and third-party services. That's certainly something to consider if your company is operating on a tight budget.

The reasons to value email security are countless. In addition to simply not wanting your company's private information released to the world, breaches can lead to decreased consumer trust, lawsuits and loss of trade secrets. Plus, the data doesn't lie. According to a study from Dell, breaches cost US companies a combined total of $25.8 billion (£15 billion) each year, and roughly 75 per cent of organisations say they have experienced some kind of security failure within the last year. Make sure your company is in the 25 per cent that doesn't experience a hack, by keeping your email processes safe and secure.

Brent Rhymes is the president of worldwide field operations at Zimbra