Opinion: The company has a lot to prove after the recent adware controversy, but Microsoft is assembling a quality set of tools for security needs.
It doesnt seem right to say that the entry of Microsoft should bring respectability to an eminently respectable market like managed secure e-mail hosting, but a lot of people are arguing that Microsofts planned acquisition of FrontBridge
will do just that.
Ive always been a fan of the hosted mail-security model, and plenty of respectable companies use it already. Ziff-Davis, the publisher of this column, is a FrontBridge customer, and Ive been happy with the service, as I was when Ive tested it in the past.
Even more than large companies, this model benefits medium-sized businesses. The e-mail needs of these business are likely to be complex, but administering the security of a complicated e-mail infrastructure is not an easy task and requires constant vigilance, making it an obvious candidate for outsourcing.
Outsourcing allows customers not only to delegate many administrative functions, but to take advantage of what is undoubtedly a more redundant and robust infrastructure than their own. Postini,
the big-deal provider in this space, says it handles 3 billion messages a week for more than 30,000 businesses.
These services have distributed infrastructures that can handle, for example, a sustained power outage at one location, and if your own mail servers go down they can queue up the incoming mail until youre ready to take it.
They have staff and software looking at the e-mail 24 hours a day, every day, no matter what holiday it is, anywhere in the world. They have a much larger sample of mail coming in, making it more likely that they will see and recognize new attacks as they come along. They can afford to have multiple anti-virus scanners look at the mail. They can afford to harden against directory harvest attacks.
Read details here about Microsofts controversial downgrading of Claria adware.
So FrontBridge and its competitors, as a class, were a good choice for business already. What does Microsoft bring to the table?
Painful as it is to admit, Im sure many executives may be comfortable buying from Microsoft, since they do so much business with the company already, whereas they may never have heard of MessageLabs
or Postini or FrontBridge.
A related point is that the marketing power of Microsoft could make the whole notion of e-mail hosting more acceptable to business. Intuitively, it may seem that issues of legal compliance and privacy would argue against routing your mail through an outside service, but in fact it can better meet those goals.
FrontBridge, for example, supports policy enforcement features
that can limit unauthorized dissemination of confidential information.
Services like FrontBridge force a company to take control over its e-mail infrastructure. A proper implementation will also handle all outbound mail, and this forces you to keep track of all sending points in your network.
Click here to read about a new e-mail authentication specification submitted to the IETF.
Therefore, a hosted service can make it easier to implement authentication standards. I dont know the attitude of all these companies towards Sender ID and Domain Keys. Postini has been lukewarm at best, and usually hostile towards them in the past. You can bet that FrontBridge will soon be waving the pom-poms for Sender ID.
So it is possible that the name "Microsoft" will expand the market for secure hosted e-mail systems, and this would be good both for the market and the e-mail community at large (or the "ecosystem" as Bill Gates would put it.)
I dont think the same opportunities for bad decision-making exist as in the companys anti-spyware products, although Microsoft has surprised me in the past. But the move into e-mail security looks like good news for everyone to me.
Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. He can be reached at firstname.lastname@example.org.
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.