How to Assess Cloud-Based E-Mail Security Vendors

Cloud-based e-mail security vendors need to know how to meet specific enterprise requirements such as privacy, resiliency, customization, control and customer support. To choose the right cloud-based e-mail security vendor, enterprise IT buyers need to ask the right questions. Here, Knowledge Center contributor Rami Habal covers the critical questions enterprise IT buyers should ask in order to properly assess a cloud-based e-mail security vendor's offerings.


The economic returns of deploying IT security to a cloud platform are clear, including elimination of up-front capital expense, minimization of operational costs and fewer technical resources required. We have heard the benefit statements time and time again from both the vendor and analyst communities.

For example, in a recent survey, it was found that large companies can easily save 50 to 80 percent by moving e-mail security to the cloud and more than 40 percent by moving e-mail archiving to the cloud (versus on-premises approaches).

Despite the benefits, the adoption of cloud-based e-mail security solutions is still a very gradual process for most companies. It can be hard to cut through the marketing hype when nearly every vendor seems to be making a cloud claim. The following are some key questions enterprise IT buyers should ask when evaluating cloud-based e-mail security services. These will help IT buyers to find a service that's trustworthy, reliable and, most importantly, effective.

1. Privacy

There is a major misconception in organizations across industries that data stored in the cloud is inherently risky. However, the truth of the matter is that it depends on the type of cloud and the quality of the encryption services that protect the data. In most cases, data in the cloud may be safer than storing it on-premises since there are additional security measures such as double-blind encryption to ensure that customer data is properly protected. On-premises breaches can cause even worse nightmares if appropriate disaster recovery or backup measures are not taken.

The key security questions to ask cloud vendors are 1) how they are protecting your data and 2) what tools they use to protect it from third-party access.