Email services have long been one of the first places companies have looked for outsourcing to the cloud. It makes a lot of sense: Few companies are in the business of providing email (with the exception of service providers), although email is essential to almost every business. Therefore, why not let someone else manage this function and free up your IT resources to focus on projects more central to your company's mission?
However, with as easy a decision as moving email to a hosted service might seem, you could run into significant problems if you don't plan carefully before any migration. If you're using Microsoft Exchange Server, or another groupware provider, do you know all the third-party products or add-ins that tie in with that system? For instance, you might have a group in the company that uses a program to email automated reports weekly or monthly to key members of staff; if email domains change, someone's important information might not appear in their Inbox as expected. And what about machines such as printers that can email scanned documents to your users -- how will they work after you transition?
I spoke with Gregory Shapiro, vice president of cloud enablement and CTO of Sendmail, about the various problems companies encounter when moving their messaging infrastructure to the cloud. Sendmail helps companies modernize their email systems and provides an "email backbone" with its Sentrion appliance, which provides policy-based routing and security, whether your email is on premises or in the cloud. Shapiro talked about dependent applications as a frequently overlooked problem in email migrations, but he also mentioned security concerns around forensics, message tracking, and data loss protection (DLP).
Of course, the longer you've been running your messaging system on premises, and the larger your organization, the more dependent applications you're likely to find. "We find that our customers have had a mishmash of point products and homegrown things added to the mail infrastructure over time," Shapiro said. "When they start to look at migrating to the cloud, they have to really clean that up, modernize their mail infrastructure, and then determine which things they want to migrate to the cloud and which things to keep on premises." In some cases, it might not be possible to use all your existing applications with a hosted provider, particularly any custom-built applications -- it depends on what type of access to the server the application requires to function.
If you use Microsoft Office 365, with its Exchange Online for mail services, you'll have access to Exchange Server 2013's new DLP features in the cloud -- when Microsoft finalizes the product and makes them available to subscribers. For some organizations, the built-in DLP capabilities might be sufficient; however, larger organization or those with significant compliance needs will probably still want to investigate third-party products to provide advanced DLP features.
Sendmail's Sentrion can be configured to keep your most sensitive data on premises rather than in the cloud. Or you might consider Mimecast, which is itself a cloud service, for a variety of security, archiving, and DLP services that wrap around an Office 365 deployment. In addition, Mimecasts's Unified Email Management provides email continuity -- if Office 365 suffers an outage (and that will never happen, right? except it has), email is routed through Mimecast so your users continue to receive important communications. In talking with Julian Martin, vice president for strategic alliances at Mimecast, at the Microsoft Exchange Conference (MEC), he emphasized that recent updates to Mimecast have been "very much about the user experience."
Email systems remain a good choice for cloud deployment in many organizations. As in every technology project, careful planning will be crucial to getting the best results and having a painless transition for your users. Make sure you know what critical applications are connected to the messaging infrastructure, and make sure you're able to account for any security or DLP requirements in the cloud system. In short, know what you're getting into!