02 Aug Cloud-Based or Company-Based Anti-Spam?Tempo de leitura: 6 minutos
In spite of the competition offered by instant messaging, voice and video applications, e-mail continues to be one of the most widely used media in the corporate world. Formalization of contacts, sending of commercial proposals, contracts and negotiation documents are examples of activities carried out daily through corporate email.
The popularization of e-mail contributed to the emergence of Spam, which is characterized by the act of sending unwanted messages, randomly. Most often, the mark of these messages is commercial, trying to induce the customer to buy products. In addition, spam can be a source of virus spreading and phishingattempts, bringing damage, often irreparable, to users.
Because of this, using an anti-spamin a corporate environment has become a great productivity and security alternative, ensuring that email boxes do not receive subjects out of their interest, as well as avoiding phishing and other attacks that use the e-mail platform.
Many efforts are made daily to ensure minimal incoming spam; however, this is an activity that requires specialized spam control solutions. Techniques to circumvent antispam systems are constantly changing, so it is very important to keep the solution up to date.
In this blog post, we will bring some reflections to help readers to answer a common question, related to the format of antispam acquisition, confronting services offered in the cloud with option of installation in hosted structure. In the comparison process, we will evaluate items such as bandwidth savings, security, scalability, investment, among others. Continue reading and check out our guidelines.
According to Statista (2016), in March this year, 56.52% of the world’s email traffic was spam. This is a large volume, and depending on how the anti-spam architecture is, this may represent unnecessary bandwidth consumption for organizations.
Because of this, one of the great strengths of using cloud based anti-spamsolutions is the bandwidth savings, given that the service is not physically allocated to the enterprise, and only legitimate messages or those allowed by anti-spam, in fact, will use the organization’s internet bandwidth. The rest will be retained in the cloud.
Depending on the amount and quality of bandwidth of enterprises, as well as the size and importance of the email service, and bandwidth savings generated by a cloud based anti-spamservice, rather than hosted in the company structure, can generate interesting financial savings over time.
On the other hand, there are many organizations that do not use anti-spam in the cloud format for security reasons, preventing their email data from passing or being retained on third-party servers that may or may not have the security criteria required by the customer.
An example that well illustrates the particularities associated with this theme is the case of financial institutions. It is unusual for this companies to use this type of outsourced service, on the contrary, for this segment the importance of keeping data in its structure is far superior to any fixed cost that this may bring.
The value of information is totally variable for each type of business, thus, regardless of the sector or size of the company, it is common to have many divergent opinions in this regard.
So really once the antispam service is in the cloud, eventually retained and legitimate emails remain stored. Even so, as all traffic passes through the cloud-based antispam before being delivered to the destination within the enterprise, nothing would technically prevent unauthorized copying. Due to this, it is indicated a careful evaluation of suppliers and creation of contractual ties associated with security and confidentiality.
The sense of archiving can appear as an important resource and can be used as a strategy to quickly retrieve emails accidentally or intentionally removed by a user.
What archiving does is nothing more than retaining all legitimate emails that traverse the antispam solution for a certain period, set by the administrator.
The default operation of the antispam is to receive the email, enforce the security rules, and if it is legitimate to deliver to the mail service at the destination, no copy is kept in the antispam. With archiving, or filing, a copy is maintained.
This resource can be considered positive or negative, depending on the interpretation of the company, and in some cases, regulation of the market itself. The important point is that when dealing with cloud-based antispam, these copies are outside the company, which in the face of a disaster can be a great facilitator of recovery.
In other words, when used in the cloud, this feature can act as a sort of backup of the last emails, depending on the configuration and possibilities offered by the solution.
For organizations in which email is not viewed as an essential communication platform, maintaining a cloud service (not just for antispam, but also for email as a whole) can be an interesting economics alternative. This is because it reduces machine resources such as memory, processing and especially storage.
Cloud antispamservices generally work as a rent, with the possibility of rapid upgrades or downgrades of plan, and in some cases, being paid by use, unlike a static hardware mobilization normally used when applied within the organization.
Because services typically run on larger datacenter structures with greater access to storage acquisition and other hardware resources, it is common for the cost of processing, memory, and storage to be incredibly cheaper compared to an internal structure.
However, it is important to be careful, since many cloud antispamservices operate in a fully shared format, with the same service instance serving a set of companies, which may not be an interesting format.
Cloud antispamsolutions are expected to be in a robust environment in terms of equipment redundancy, power supply, internet access, and more.
This means that such an environment is much more scalable and probably cheaper than maintaining a structure within a company whose business is not technology or information security.
Scalability can still be very resilient in cases of peak or before the need for growth of the structure, whether in number of users, traffic or number of emails.
Complementing the scalability case, it is natural that these environments are better equipped to react against counterattacks, especially those involving denial of service. With a cloud service, the company is not exposed, but rather the service that hired.
This layer of security can be important for many businesses, especially those with a poor internal structure, that can be easily compromised, or even made unavailable by unsophisticated attacks.
It is expected, although this cannot be assumed as a rule, that companies that offer this type of service have environments prepared to isolate or minimize the effects of the most varied types of attack, continuing the operation of its services.
There are several other points that can be taken into account when making a decision between using an antispam in the cloud or inside the company, the most important point to consider is what this platform represents for your business, and if that justifies the investments both to maintain an external structure (cloud) or in hosted format.