Cloud providers have a high level of expertise in handling infrastructure needs and serving applications. Their solutions will offer all of the common functionality needed. They are also able to handle operational issues such as backups, log management, etc. Pay close attention to the following items:
-Make sure there is a straightforward migration methodology and appropriate tools to complete a smooth transition.
-Internal, mail-generating applications need to be modified to use external cloud services.
-Complex routing or policy, especially regulatory, may not be achievable in the cloud.
-Archiving and control of what is put in the archive may not be available and also presents regulatory, control and confidentiality issues.
-May have limited access to auditing information for compliance and mail logs to track problems.
I've saved the most important for last because security considerations must include the previous three topics: trust, control and functionality. Each infrastructure layer has different levels of security exposure. Transferring the burden of securing the External Protection Layer (normally found in the DMZ) to the cloud gives enterprises the opportunity to eliminate most of the inbound threats e-mail services carry.
However, when considering moving the Backbone or Groupware Layers to the cloud, security presents the biggest and most important risk. Doing so exposes all of the data at rest necessary to implement enterprise policy and deep content inspection, including enterprise directory data, sensitive documents to be fingerprinted, and archived and quarantined data, to name a few. The Groupware Layer adds all of the employee mail to the data at rest and the data in motion, including internal mail among employees that was never meant to leave the enterprise network.