Email security is one of the key concerns for chief information security officers, as most critical communications happen through email, and the scene is no different for ACPL Systems Pvt Ltd, a Delhi-based IT service provider. However, the unique angle in ACPL's adoption story is that the company specialises in information security, but the company has still gone in for a hosted email security solution.
Ironic? Not really, as ACPL sees it.
So why did ACPL choose another provider? "We do have expertise in the information security space, but it does not always monitor our inhouse system," says Sukhpal Singh Sandhu, the head of information assurance for ACPL Systems Pvt Ltd. "It is supposed to be out in the market and help customers with different solutions. That is why we thought of outsourcing email security to experts so that we can focus on our business."
ACPL used an on-premise email gateway security solution to filter all incoming mails for viruses, spam and other threats. The on-premise solution however required lot of self maintenance, upgrades, hardware and patches updates. "Thousands of spam mails used to land on the company's email gateway, which choked the corporate bandwidth," recalls Sandhu. Since the company was looking at reduced complexity, maintenance and costs, the hosted email security solution had all three on offer.
ACPL did a detailed analysis of leading vendors which provide hosted email security solutions and decided to go ahead with Websense. The company already had a long-term relationship with Websense.
Hosted email security in black and white
At first, ACPL had its doubts about delays in the email receiving process while outsourcing. "Websense offered us 99.99% availability, a 100% service level agreements (SLAs) on viruses and 99% assurance on spam protection," says Sandhu. "Other providers too promised such SLAs, but they were not ready to give it in writing. Websense agreed to sign an agreement with us."
Availability was one of the most important criteria of the SLAs, as the mails were to be routed through the Websense data center. The vendor has multiple data centers, so even if one of them goes down, ACPL's mails will not be affected. "They also gave us an assurance that if our mail servers went down, they would save our e-mails for 30 days," says Sandhu. "The package was good."
The security of a hosted service model itself is still debatable. Wasn't this a major concern for ACPL?
"Security preparedness was one of the main criteria for solution evaluation," says Sandhu. "Websense data centers are ISO 27001 certified. They are a professional security company, and hence have all the standards and policies in place. This boosted our confidence."
Antivirus, spam protection and content security are some of the main components of the solution. The content security also has some pre-defined options like PCI-DSS compliance, which if activated can restrict any credit card information from being sent by mail.
ACPL has been given a web console to manage the solution by which it can log in, define policy, check logs and have reports. There are clear policies defined for data protection which sits on Websense server. Every inbound and outbound mail is checked according to these policies, and is blocked automatically if any violation is found.
Confidential emails with a hosted email security solution
Email encryption is another significant feature which the company has but plans to use it in the future. "The inbuilt encryption will allow us to encrypt confidential emails end to end till it reaches the receiver," says Sandhu. "It provides protection for both incoming and outgoing mails."
The company didn't really face big challenges. It had to just change the MX record in the domain name server. MX record points to the mail server where mails are going to land. "Earlier, it was pointing to our on-premise solution, now we have changed the MX Record to point to the Websense data center," says Sandhu.
The company is saving as much as 60% of its costs after moving to the hosted email security solution. ACPL has received complete protection from spam and virus. The content security feature also allows the company to protect the confidential data from going out. Corporate bandwidth is now free from unnecessary spam, which has significantly improved mail server performance and browsing experience for users.
ACPL has plans for the email encryption feature, and is also looking to deploy digital right management solutions which can help them to control access rights for documents.