By Stefan Schachinger, Consulting System Engineer in Data Protection, Barracuda Networks
It is an everyday occurrence, that emails are migrated to a cloud solution such as Office 365 to Google Apps for Work. Cloud deployments are now getting faster than ever and even the most time consuming projects will rarely overrun by three months. With businesses now having to work faster to keep up the pace of innovation and to remain competitive, it is more important than ever before to ensure even the few risks are exhausted from the start to cushion your critical and protect your critical data.
Free email services, like social networks, are usually among the first places where users encounter cloud services. They are quick to set up, easy to use and reliable. These attributes become positive prejudices that users unconsciously transfer to corporate solutions when the question of whether a company’s internal email should be migrated into the cloud comes up. But this question is a little more complicated than it first appears. Legal requirements, cost considerations and internal guidelines mean cloud-based email services have to meet completely different requirements in business scenarios. True, it’s easy to get to the cloud, but if businesses neglect to take these additional requirements into consideration, they face getting trapped there.
“A” is for Archiving
Let’s first take a look at one of the major differences between cloud-based email services in a business versus consumer scenario. As convenient as email is, as a form of corporate communication it is often essential that business emails are kept for a number of years. If this correspondence includes content that is relevant for tax purposes, such as invoices, account items, budgets, and organisational documents, then emails must be retained for up to six years. In some industries, certain emails must be kept indefinitely, so that cases can be reviewed at any point in the future.
On top of this, the line between work and personal emails is often quite blurred. The latter may only be stored with the explicit consent of the employee concerned. But companies that expect their employees to keep their brands and products a talking point on social media don’t get very far with blanket bans on personal correspondence and often permit personal or semi-personal emails.
For archiving, this means that there are emails that must be stored, others that can be stored, and others that definitely cannot be stored under any circumstances. This scenario simply expects too much from the in-built regulatory mechanisms of the majority of cloud services on the market today.
The legal requirements around archiving are at the core of the most important questions surrounding what happens if a company wanted or needed to switch to another cloud service provider at a later date and can be one of the biggest causes of vendor lock-in.
Cloud comfort with costs controlled
Another aspect to be considered upfront is whether costs scale with the actual usage of services. One of the great advantages of the cloud is the ability to adapt resources according to needs. This can work wonderfully when managing seasonal peaks, but can backfire where email accounts and the corresponding archives are concerned.
For example, most cloud services have a per-user pricing structure. When it comes to archiving, this per-user fee is charged for as long as each user appears in the Active Directory. That includes former employees or accounts that can no longer be used, for example due to a change in the employee’s surname.
According to the international consulting firm the Hay Group employee turnover in Germany was 14 per cent in 2013, while the European average was 18.3 per cent. Thus, it would not even take eight years to create an email archive that contains twice as many accounts as active employees, with the company paying its fee on a per-account basis.
These costs could easily be saved if businesses implement a separate archiving system from third party provider at the time of their migration to the cloud.
Savvy with standards
Companies are now making conscious efforts to avoid a vendor lock-in when designing their IT infrastructure, and this is leading to the realisation that cloud lock-in should also be avoided. To achieve this, organisations cannot blindly rely on the fact that their new cloud provider will support the same standards and protocols as their existing provider.
These so-called industry standards are often a result of distribution and market share, as opposed to open protocols or formats that have been defined by standards development organisations. Competitors therefore only support them if it can no longer be avoided. For example, Microsoft Azure now supports AMQP and Azure Active Directory now supports the majority of identity protocols and token formats.
Organisations should be wary of open industry standards, because more and more providers are pursuing an “embrace and extend” strategy, where standards are supplemented with proprietary extensions to enable enhanced functionality. The browser wars of the early 2000’s are now being re-enacted in the cloud.
The Hybrid Horizon…
Moving an entire email archive between cloud-based solutions such as Google Apps for Work and Office 365 can quickly become a mammoth task when the migration must be done in accordance with legal and compliance regulations. And there are a number of reasons why a migration from one cloud to the other may be required. For example, it might be down to internal or external factors, perhaps as a result of an M&A deal or takeover. A professional archiving solution, which can work regardless of the mail client in use, can make it possible to comply with various requirements around the storage of data, even if the system it’s attached to were to change.
The ability to cope with such a migration is a key consideration when defining the requirement of such a third-party archiving solution. In many respects, public clouds are the lowest common denominator for most users. The need for bespoke additions applies to archiving just as it does to encryption, security and integration with other applications.
Ultimately, every customer has different requirements and this is where a mix of public and private clouds and on premises systems come into play. And it’s essential that any chosen archiving solution operates smoothly with and on these clouds and systems. Such a solution is the only way to protect data regardless of any technology changes, future developments, or any necessary migrations, while also keeping costs under control and providing companies maximum flexibility with their IT infrastructure.