Just a reminder that our live web seminar series continues tomorrow with, "SaaS and the Global 2000: Best Practices for Buying Security-as-a-Service." Proofpoint SaaS expert Dave Champine will discuss why large enterprises are increasingly turning to the cloud to maximize ROI and meet today’s email security and archiving challenges, and share the best practices that large enterprises should follow when buying SaaS security solutions.
Check out the video in this post for a preview.
Join us on Wednesday, February 10 at 2:00 p.m. ET / 11:00 a.m. PT. As always, if you can't make it to the live event, we always share a replay with registered attendees. To register, please visit:
I sat down recently with Dave Champine, Proofpoint's product manager for our SaaS email security solutions for an extensive interview about the security of cloud computing-based solutions and the issues enterprises should consider when moving security functions "to the cloud." I'll be posting excerpts from that discussion over the next few days.
First up, Dave had some really interesting things to say about specific features that enterprises need to look for when buying "in the cloud" security solutions (or any other type of SaaS solution, for that matter). As Dave notes in this video, large enterprises have different concerns that, say, small businesses or consumers when they are looking at deploying a cloud computing-based (or SaaS) solution.
To summarize the main points that Dave discusses in the video, there are four interrelated characteristics of an enterprise-quality cloud. He describes them as:
Isolation: Look for solutions that offer both physical and logical separation of your data and the application itself from other customers. This helps to ensure that your enterprise's capacity and performance needs being met, regardless of what's going on with other customers of the same solution.
Flexibility: Look for solutions that can support the high level of complexity found in the large enterprise. For example, in the email world, large enterprises can have very complex policy environments due to regulatory requirements, best practices for data protection and corporate governance concerns. So that means being able to do things like set and enforce different email disposition policies for different business units, support secure transmission to business partners, support policy-based encryption, etc. Flexibility also means having flexibility in terms of how things are deployed (e.g., could I deploy some things "in the cloud" but leave other features on-premises).
Control:Large enterprises need SaaS solutions that let them maintain the same level of control as they would get with an on-premises solution. That includes having what Dave calls "transparency of operations," including visibility into logging, auditing and alerts so administrators can ensure that systems are operating as expected.
Distribution:Enterprises should look for cloud-based solutions that use distributed components. For example, make sure that the architecture includes geographically distributed datacenters, redundant components, etc. The goal is to go beyond the usual "five nines" availability goal and ensure 100% availability if possible. Dave suggests that enterprises should think not just about disaster recovery, but about disaster avoidance as well.
If you're interested in this topic, you'll also be interested in the next Proofpoint live web seminar, happening on Wednesday, November 18th. We'll be discussing the pros and cons of Security-as-a-Service and how next-generation SaaS solutions can actually deliver superior security, better performance and lower costs compared to on-premises approaches. To register, please visit the link below:
We're excited to announce our next-generation email security and data loss prevention platform, Proofpoint 6, today. The underlying engine behind Proofpoint's SaaS, appliance, virtual appliance and software email security solutions, new features in Proofpoint 6 are aimed at providing "defense in depth" data loss prevention features.
To that end, the new platform includes a new email encryption component, Proofpoint Encryption, that combines symmetric key encryption with a cloud-based key management service to create an extremely easy-to-deploy and easy-to-use policy-based email encryption solution.
In the video embedded in this post, product marketing manager Ken Liao gives a quick "chalk talk" overview of the new Proofpoint Encryption solution. If you'd like more details on Proofpoint Encryption, check out our new whitepaper, "Protecting Enterprise Data with Proofpoint Encryption", which you can download by visiting:
Earlier this week, we announced a new joint customer with SaaS Web security vendor Purewire, a new Proofpoint go-to-market partner (you can read that press release here). The customer in question, Technical College System of Georgia (TCSG), has deployed the Proofpoint ENTERPRISE SaaS email security solution to protect more than 10,000 end-user inboxes, along with Purewire Mobile for Blackberry and the Purewire Web Security Service to protect users when browsing the Web on campus, or on laptops and mobile devices.
Blended threats are becoming a more acute problem for enterprises in all industries, and TCSG went with the full SaaS approach that the combination of Proofpoint and Purewire offers. Steven Fergusen, security engineer for TCSG told us:
“Security threats are no longer confined to an email inbox or Web site, but take advantage of both attack vectors. By working with Proofpoint and Purewire, we’ve been able to easily secure the online activity at each campus across the state and keep our users safe from increasingly sophisticated blended threats.”
In addition to the partnership with Purewire, Proofpoint also has a strategic partnership with Blue Coat Systems, who offer appliance-based Web security solutions that are well-integrated with Proofpoint's email security service and appliances.
If you'd like to learn more about how to protect your organization from blended threats, register for our upcoming CIO Magazine web seminar where Proofpoint's Rami Habal and Blue Coat's Ben Rice will explain how the combination of next-generation email and Web security solutions improves security while lowering costs. To register, click the link below:
Salesforce has often been cited as the pioneer for the Software-as-a-Service (SaaS) industry. We use Salesforce ourselves, and have been quite happy with this decision. However, I recently requested a copy of their Service Level Agreement (SLA) for service availability and was taken aback with the reaction I got from their customer support department. The responses I got ranged from “What’s an SLA?” to “Do you mean you want to know our support ticket resolution time?” to “In the 5 years I have been working here, I’ve never had anyone ask that question.”
It doesn’t seem like Salesforce has any SLAs, which I find very odd. This prompted me to run some online searches, and the results surprised me a bit – I didn’t realize that SLAs are far from prevalent among SaaS providers. I think this could be one reason why some IT departments are still quite skeptical about using SaaS applications.
As Craig had pointed out in a previous post, we constantly hear from customers that one of the things they love about outsourcing is that they no longer have to stress about uptime and performance. At Fortiva/Proofpoint, we not only take over the stress of managing all infrastructure and archiving application issues that may arise, we also strive for unsurpassed customer service and industry leading SLAs that few providers (both outsourced or on-premise) can match.
It seems that every month we hear from more and more potential customers that are looking for an alternative to their in-house email archive. Generally, these companies complain about how much time it takes to manage their archive, and the headaches it involves. From constantly-growing hardware requirements to long search times and even re-indexing of data in some cases, there's no shortage of reasons why we're getting calls from unhappy IT people.
Making it worse, the headaches keep increasing as the size of the archive inevitably grows over time. So it's not surprising that for many companies that implemented an archive 2,3, or 4 years ago, things are just now hitting a "breaking point" - and that's when they approach us. Consistently, those organizations that conduct a full cost comparison of their in-house archive vs. Fortiva come to the same conclusion: someone else can look after their archiving better than they can, at a cheaper price, and without the headaches.
This week, we announced a customer who came to this conclusion after spending months trying to fix the issues with their in-house solution. National Financial Partners (NFP), a national network of independent financial advisors consisting of over 180 owned firms, did a detailed cost analysis and found it was going be 18-20 percent cheaper on an annual basis for them to implement Fortiva rather than continue maintaining their original archive. On top of that, they could offload the many archiving issues they had to Fortiva, leaving their IT team free to focus on other initiatives.
It's an interesting story, and one that is worth reading if you're struggling with the decision of whether to choose an in-house archive or a SaaS solution. The full case study can be found here.
An exciting announcement
came out of Redmond today saying that Microsoft Online
Services will be extended to enterprises with fewer than 5,000 employees. Last
September, Microsoft announced
the worldwide availability of Microsoft Online Services for businesses with more
than 5,000 users (known as “dedicated offerings”). According to the release,
today’s announcement extends the same performance, scalability, security and
service level capabilities to all businesses.
As the email archiving provider for
Microsoft Online Services dedicated offerings, we are obviously happy to see
Microsoft bringing their “software plus services” to a wider audience.
Regardless of that, this announcement is a good thing for businesses that want
the benefits that Microsoft’s Exchange, Sharepoint, and Office Communications
products offer, but don’t want to dedicate significant internal IT resources to
make that possible. At Fortiva, we’ve spoken numerous times about the difference between “core and
context” applications, and how context applications are ideally suited for
SaaS delivery, allowing businesses to focus on their core applications. Since
all of these applications fall squarely in the “context” category, Microsoft’s
Online Services can open the door for businesses to focus their resources on
core areas that can make them more competitive – and that can only be a good
thing for business.
Delivering software as an appliance brings many of the same benefits as
delivering software as a service. In fact, in recent weeks and
months I’ve spoken to some people who’ve talked as if the two models were
interchangeable. I wouldn’t go that far, but I would say that they’re different
facets of the same trend towards making software easier to install and use, and
I would also add, perhaps controversially, that if you believe in using the Web
to deliver software functionality, then like it or not you’re probably going to
end up delivering software appliances within your range of offerings.
Wainewright comes to the conclusion
that both software as an
appliance and software as a
service have their place, and they shouldn’t be seen as competing
with one another. While I agree with Wainewright on the points he makes in both
that and a follow-up posting, I think it’s important to consider the possibilities offered by a third option,
one that combinessoftware as an
appliance with software as a
service. This is the model we use at Fortiva, and it’s one that I
believe will continue to gain traction with vendors that want to provide the
convenience of SaaS with a level of integration and data security that can only
be achieved with an on-premise component.
In his posting, Wainewright makes the point that,
“The appliance model provides many of the
benefits of SaaS without forcing customers to store and access their data
outside of the firewall.”
This is true – and very useful for applications that involve small amounts of data. However, many SaaS solutions tackle challenges that involve large amounts
of data by offering a large, centralized infrastructure. Since IT departments can face considerable challenges managing and maintaining a large data set, these customers get
significant benefits from SaaS solutions that address the management of both the
software and the data. In fact, a key value
proposition for SaaS often involves not having to worry about procuring and
managing large amounts of storage,
which in turns allows the customer to avoid having to address the full suite of
data management tools. So in these cases, the appliance model alone is not an option.
While SaaS allows you to benefit from
“worry-free,” fully scalable storage on demand, it also has its issues. The SaaS model can lead to
isolated solutions that suffer from administrative challenges and a logical
disconnect from the way other corporate information is managed and used. It also presents obvious security challenges. Overcoming these limitations requires an
integration point within the corporation. To do this, without losing ease of
setup and maintenance benefits of a SaaS solution, some vendors (Fortiva included) have started to
introduce in-house appliances (software as an appliance) that act as a gateway
to their centralized services (software as a service).
In Fortiva’s case (a SaaS email
archiving solution), we ship a “plug-and-play” style appliance that integrates
directly with the customer’s Microsoft Exchange and Active Directory. The
appliance also encrypts all the data before sending it over a secure
transmission to Fortiva’s data centers. I’ve explained in my last two posts how
this works, and how the combined SaaS/appliance approach allows us to provide
rich functionality (including advanced search) to data that remains encrypted at
all times outside the firewall.
So maybe it’s not SaaS OR software as an appliance (SaaA?) that companies
should be considering…maybe it’s the two together.
I’ve been away for the last couple of weeks on my honeymoon,
so I haven’t had a chance to post recently. Actually, while I was away, I was intentionally
making an effort not to think about software, services or anything else
work-related. Having said that, at my core, I’m still a tech geek, so while I
was away, my wife and I sent daily online updates to family and friends about our
travels.
As part of that process, I was remotely uploading photos
each day to a couple of servers at my house that I set up to share photos.
About 4 days into the trip, I found myself in a hotel where I simply could not –
despite valiant efforts – connect to my home servers. After fighting for about
two hours with the tech Gods (and watching my new wife become increasingly
frustrated), I gave up and decided path of least resistance was to use flickr. In
a matter of minutes, I uploaded the photos, called it a day and got back to
enjoying my honeymoon.
The next day brought a new hotel in a new city, but the same problem with
connecting to my home servers. This time, I immediately turned to flickr, only
to be told that I have exceeded my monthly threshold for a free account.
However, for just $24.95, I could have unlimited photo sharing for a full year.
I think it took about 2 nanoseconds for me to click OK. Not only was flickr
faster than uploading to home, it also allowed my family to comment on the
photos we posted (which they were already taking advantage of), something they
couldn’t do with my home set up.
At the end of the day, using flickr was simply a better experience
for me and at a cost of $2 month it seemed silly for me to keep fighting with
my home machines. Within about five minutes, I gave up on my home network for
photo sharing all together, and I’m convinced that I will continue to use
flickr (or some other similar service) moving forward.
Looking back, my bias to begin with was that I wasn’t
willing to spend money with an online service to host my photos when I’m
perfectly capable of doing it my own. I know
how to set it up – there’s no magic there and it’s really not that difficult.
But when I stop and think about how much time I’ve spent just managing the
servers and loading the photos, and dealing with the complexities of
referencing files in messages…well, I don’t know exactly what my time is worth,
but I can tell you that I’ve spent way more than $24.95 of my time and energy to
do this myself over the course of a year.
So, after all that, the point I wanted to get to is that I
think there is often a similar bias in IT departments. As IT professionals, we
tend to think, “we have the expertise to that in-house, so why would we
outsource it?” But just like me and my flickr account…if you stop and take an
objective look at what you’re doing, and how long it’s taking, and then take
the time to consider the real options that are out there, without letting those
biases prevent you from doing a valid assessment, there can be some real wins
for IT.
After writing my last post, I came across an old, but still relevant article by Ephraim Schwartz at InfoWorld that reinforces the point I was trying to make. According to Schwartz, "It’s the 80-20 rule. Eighty percent of a
company’s operations are standardized, and for those it can apply SaaS,
but the other 20 percent requires a company to differentiate itself.
SaaS, by its very model, doesn’t really supply the solutions here."
Another interesting point Schwartz makes in his article is the distinction between On Demand software and Software-as-a-Service. This is something I've been struggling to articulate, so I'm going to borrow from his article.
According to Schwartz, "SaaS and on-demand are not interchangeable.
On-demand is really about how you supply technology to a user. It is a
technology solution. SaaS, on the other hand, is a task-oriented
business solution delivered in a timely manner."
So takes me back to the point that SaaS is really all about giving IT the opportunity to focus on finding ways to use technology solutions to differentiate their business from the competition, while at the same time offloading the task-oriented (and quite frankly more boring) requirements to specialized vendors.
So for example, the company I work for, Fortiva, offers a SaaS-based email archiving solution. So no one is ever going to tell you that email archiving is going to be the make-or-break solution that "gets you the deal". But if you don't have an effective solution in place, you could have a major problem on your hands if you face a lawsuit, or if you're questioned about meeting regulatory compliance rules like Sarbanes-Oxley.
