Responsibility and Trust
2. Responsibility and trust
While outsourcing the responsibility for one or more e-mail infrastructure layers can be appealing, the risks associated with the trust you put into that provider (and beyond) needs to be closely examined. Each layer exposes more sensitive data and needs to be reexamined before moving that layer to the cloud.
In the External Protection Layer, this may only be a list of valid e-mail addresses for recipient validation. However, in the Backbone Layer, this may be a substantial amount of directory data in order to implement policy and routing based on directory information (department, manager, location, etc). Your use of cloud services means you not only need to trust your providers but also need to trust your provider's partners.
Unfortunately, when it comes to control, there isn't much to offer in terms of benefits. Instead, I include it as food for thought when deciding which portions of the e-mail infrastructure to send to the cloud. Using another provider can take away your control of services in data in various ways. Examples include:
-Lack of control over data retention policy for backups, storage, logs, etc.
-Providers may be subpoenaed and required to turn over your data without notification due to gag orders (for example, National Security Letters).
-Little to no control over provider's maintenance cycles or downtime.
-Providers or their partners may be acquired by organizations that may have different privacy policies, partners, terms of service, etc. They may also go out of business.
The importance each of these depends on the corporate culture and the portions of the infrastructure being considered.