Email is one of the pillars of modern business, rivalling – if not surpassing – telephony in many organisations as the primary means of communication.
But the management of email – keeping email information secure; ensuring it is available at all times; backing up and archiving email so it can be retrieved when required by the business or regulators – remains a headache for IT managers everywhere. More so than almost any other aspect of IT, it is taken for granted.
“The personal risk to the IT manager running email in-house is enormous,” says Tim Pickard, chief marketing officer at Mimecast, which unifies the core technologies for email management and provides them as a hosted service to businesses. “There are no points gained when it’s functioning and no upside to running it in-house.”
Hosted email services are nothing new, and are especially popular among smaller businesses. But for the same reasons that make email management a headache, the technology has been seen by many enterprises as too dangerous to outsource. Indeed, the market for hosted inboxes has always been small.
But growing acceptance of software-as-a-service (SaaS) providers, coupled with the spiralling need to store and archive email securely for compliance reasons, is driving the growth of corporate SaaS email providers.
The current market is catered for by large specialists including MessageLabs, as well as incumbents like Microsoft (capitalising on the dominance of Exchange with a hosted version), Dell (following its acquisition of MessageOne in February this year) and Google, which came up with a commercial incarnation of Gmail after buying Postini in 2007 and merging spam and virus filtering with encryption and archiving technology.
It’s a highly competitive marketplace but six-year-old Mimecast appears to have created an architecture that addresses many of the big concerns of email management as a service. The company’s forecasted revenue growth of 300% for this year is being driven by take-up by mostly mid-market customers, with demand particularly strong among major legal firms.
While it uses an innovative, distributed filing system in its data centres to ensure continuity (similar to that used by Google), the key to Mimecast’s strategy has been the concept of ‘unified email management’: combining email hygiene (virus and spam filtering), continuity, compliance archiving and, most recently, data loss prevention (DLP) into a single highly scalable offering.
DLP, in particular, is an emerging market of its own in the IT security industry, aiming to prevent leaks whether the material is confidential or sensitive. “Email is the largest exit point of information from an organisation, used by a large percentage of knowledge workers, and is still largely unregulated,” explains Pickard.
Mimecast recently surveyed 125 IT managers and found that 94% were not confident that anyone attempting to send confidential company information by email out of the organisation would be prevented from doing so.
This statistic is surprising considering that email, possibly more so than viruses, has a long and sordid history of bringing companies and individuals grief. A landmark case in 2001 involved two lawyers at London legal firm Charles Russell – fittingly now one of Mimecast’s customers – who were dragged before an industrial tribunal over an email requesting that ‘a busty blonde’ replace their black secretary who was resigning. “She can’t be any more trouble and at least it would provide some entertainment!” the email said, earning its subject £10,000 in settlements.
DLP policies can be set to react to offensive language, protecting a company’s professionalism as well its data – a function forged through an amusing development process that involved Mimecast canvassing its staff “trying to find the most obscene words. One girl knew some that would have made a sailor blush,” says Dr James Blake, Mimecast’s security expert.
Beyond language and file controls, DLP extends to customer data and Mimecast is encountering increasing interest from the government sector. “With the blurring of boundaries between company employees and external consultants, contractors, outsourcers and other third parties, it is now much more difficult to ensure the appropriate flow of information outside the organisation,” Blake says. “The picture revealed by our survey points to fundamental security issues with protecting not only a company’s own data but also customer data like patient records or credit card numbers.”
Most sensitive data leaves the company accidentally, Blake says, putting the figure at around 95%, but in the case of the other 5%, he notes “even administrators can’t delete the audit logs.”
Mimecast is among a few hosted email providers who have bolted DLP onto their offerings as a market differentiator. Given its range of capabilities, popularity and the interest in commercial SaaS email from companies like Cisco and Symantec, it seems likely that Mimecast’s time as a small independent player will be short lived.
Further reading
The dire need for email archiving
Email continues to be one of the greatest headaches for IT managers, but some causes of frustration are self-inflicted
Find more stories in the Collaboration & Messaging Briefing Room
