Email security: Pedigree versus hybrid

How much of the cloud computing benefit is lost when you must also maintain an on-premise piece to deliver comprehensive email security?

Ten years ago, preceding the dot com bomb, only a handful of organisations had bought email security software. The overwhelming business driver was the growing number of incidents of workers being sacked for using company email to send pornographic material on the corporate email system and highly embarrassing public email gaffes like the infamous Claire Swire case.

The problem was significant enough to spawn a small industry of software providers bent on solving the world’s corporate porn problems. Content control was the key to commercial success; in fact, the embedded technologies for recognising skin colour and form were so advanced they were licensed from ex-military applications designed to detect tank tracks from satellites. Integrated artificial intelligence systems designed to automatically learn an organisation’s confidential information to avoid data loss formed the earliest data leakage prevention systems.

These feature-rich, deep content inspection features were only available due to the underlying Windows operating system’s ability to present the content to the inspection engine. In 2002, however, the technology took an abrupt turn with the arrival of spam.

By 2003 more than 30 per cent of email volume was estimated to be made up of spam and Windows based anti-spam systems ran into trouble. In order to determine whether content is spam, porn or confidential information, you need to write a file to disk or memory. But anti-spam systems based on Windows couldn’t keep up.

Another industry was launched; a much, much larger one — anti-spam appliances. They were pedigree solutions that were very good at performing a specific stated task. Based mainly on Linux and without the file system limitations of Windows, they could write thousands of files for inspection to memory rather than disk, vastly improving throughput.

Spam control became very specialised but was at the cost of broader content control capabilities such as porn and data loss prevention. Since the introduction of appliances, however, one thing hasn’t changed — the relentless growth in spam.

Spam now accounts for more than 90 per cent of overall email volumes but the capabilities of anti-spam appliances have reached their limitations and organizations are increasingly relying on a handful of cloud computing services to solve the problem.

And solve it they have — at least to the extent that spam can credibly be solved. Most anti-spam products and services publish spam capture and false positive rates that are within a percentage or fractions of a per cent of one another. This leveling of the playing field has shined new light on the other thing that hasn’t changed: Companies continue to have problems with Internet porn in the workplace and the accidental leakage of corporate confidential information via email.

Content Control is still an issue and both anti-spam appliances and cloud based security services have failed to solve it. Many organisations have retained their legacy on-premise email security infrastructure specifically to mitigate the risk of content control. The phenomenon is so entrenched that several security vendors have offered an email security cloud computing strategy spruiking a hybrid approach of ‘Cloud for spam’ and ‘on premise’ to solve data leakage and porn problems.

The question begging to be asked here is how much of the cloud computing benefit is lost by the fact that an on-premise piece needs to be maintained to deliver comprehensive email security? I would argue all of it. Cloud computing provides unlimited scalability, 5 x 9 service availability and performance guarantees which are all but made redundant if they are dependent on a component single point of failure on the network. It is the greatest flaw in the email security ‘hybrid’ strategy.

You are always going to be better served with a pedigree solution that allows you to benefit from all of its features caveat-free with service guarantees intact. You need to be able to decommission legacy on-premise email security infrastructure and move all the content control functionally into the cloud alongside your anti-spam and anti virus defense strategy. Your organisation gets to enjoy all the benefits that cloud computing has to offer as well as solving the original problem. Hybrid applications for any technology do little more than expose a glaring deficit in their technology strategy: The benefit gained via the problem they are trying to solve is ultimately defeated by the increased management overhead.

Charles Heunemann is managing director, Asia Pacific operations, at Webroot Software.

Join the CSO newsletter!

Error: Please check your email address.

Tags anti-spamWebrootspamhybridsecuritycloud security

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Charles Heunemann

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts