A plethora of e-mail content security technologies have emerged in recent years to address such vulnerabilities. Companies currently have the choice of two major types of email content security solution: software or appliances. Software solutions have been available for about ten years, while appliances appeared on the market around five years ago. Appliances are purpose-specific e-mail content security servers, typically based on industry-standard server hardware and running a security-hardened Unix/Linux OS to provide the platform for the mail-screening software.
Since their inception, appliances have been touted by some as the holy grail of e-mail content security, winning over many customers in the process. Today, however, the tide is turning.
Plug and play?
The major selling point for appliances has always been based on the perception that they provided a ‘plug and play’, purpose built, e-mail security hardware solution. The idea was that a company could order a pre-configured email scanning system that would simply plug into its email environment and instantly start cleaning spam and viruses from e-mail. In practice, appliances can be difficult and time-consuming to install. The biggest selling appliance product on the market can take up to six hours to install, compared to between 1-2 hours for an equivalent software-only installation. In some cases, an appliance vendor-approved technician must perform the installation because it is so complex, with customers having to pay extra for this service. By contrast, most software solutions can be easily installed by any in-house IT person with a reasonable understanding of email configuration, MS Exchange and firewall administration.
Performance, scalability and high availability
Performance, scalability and high availability are clearly important factors to consider when choosing how to secure a business-critical tool such as email. E-mail scanning should be a transparent process, with no perceivable delay in email performance and should also be scalable - able to manage 10,000 users as easily as it can manage 100. Ideally, it should also be capable of clustering and load-balancing in an array environment, to ensure high performance throughput scanning, and also redundancy for high availability.
Performance is often claimed as a strength by many appliance vendors on the basis that the hardware is dedicated to a specific task. However, performance is really dependent on a range of factors such as processor speed, available memory, disc I/O, volumes of email and the type of email your business sends. Appliances are commonly marketed as suitable for “up to 1000 users,” based on a simple calculation of how much email the average person sends per hour and how much e-mail the server can process. Often this calculation assumes that the average email size is less than 10Kb. In our experience most typical businesses average around 40Kb per e-mail. As a result, a single appliance purchase really only supports 25% of that claim.
In order to actually process the true volume of e-mail the business requires, companies often need to upgrade to a higher specification appliance, or purchase a second appliance. Usually, customers have already made a significant investment in the appliance hardware and are compelled to upgrade, again at significant additional cost and installation disruption.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.