I sat down recently with Dave Champine, Proofpoint's product manager for our SaaS email security solutions for an extensive interview about the security of cloud computing-based solutions and the issues enterprises should consider when moving security functions "to the cloud." I'll be posting excerpts from that discussion over the next few days.

First up, Dave had some really interesting things to say about specific features that enterprises need to look for when buying "in the cloud" security solutions (or any other type of SaaS solution, for that matter). As Dave notes in this video, large enterprises have different concerns that, say, small businesses or consumers when they are looking at deploying a cloud computing-based (or SaaS) solution.

To summarize the main points that Dave discusses in the video, there are four interrelated characteristics of an enterprise-quality cloud. He describes them as:

Isolation: Look for solutions that offer both physical and logical separation of your data and the application itself from other customers. This helps to ensure that your enterprise's capacity and performance needs being met, regardless of what's going on with other customers of the same solution.

Flexibility: Look for solutions that can support the high level of complexity found in the large enterprise. For example, in the email world, large enterprises can have very complex policy environments due to regulatory requirements, best practices for data protection and corporate governance concerns. So that means being able to do things like set and enforce different email disposition policies for different business units, support secure transmission to business partners, support policy-based encryption, etc. Flexibility also means having flexibility in terms of how things are deployed (e.g., could I deploy some things "in the cloud" but leave other features on-premises).

Control:Large enterprises need SaaS solutions that let them maintain the same level of control as they would get with an on-premises solution. That includes having what Dave calls "transparency of operations," including visibility into logging, auditing and alerts so administrators can ensure that systems are operating as expected.

Distribution:Enterprises should look for cloud-based solutions that use distributed components. For example, make sure that the architecture includes geographically distributed datacenters, redundant components, etc. The goal is to go beyond the usual "five nines" availability goal and ensure 100% availability if possible. Dave suggests that enterprises should think not just about disaster recovery, but about disaster avoidance as well.

If you're interested in this topic, you'll also be interested in the next Proofpoint live web seminar, happening on Wednesday, November 18th. We'll be discussing the pros and cons of Security-as-a-Service and how next-generation SaaS solutions can actually deliver superior security, better performance and lower costs compared to on-premises approaches. To register, please visit the link below: