If you’ve followed technology industry trends for the past several years, you know that all manner of business and consumer technologies have been moving from stand-alone, on-premises systems into the cloud. In fact, we’ve reached the point where we no longer speak of the cloud as the future of software—it’s the present.
For most of us considering developing a new system, there’s really very little debate about whether or not it should be built in the cloud. The answer is a clear yes. But not all of us have the luxury of a greenfield implementation—and as with past shifts in system architecture, how best to deal with legacy systems is a question that requires careful thought.
Shifting marketing and transactional email from on-premises systems to a cloud-based email delivery service is one example of this challenge. Let me try to debunk some of the myths surrounding email security when moving your email from on-premises to the cloud.
Myth: Cloud email services are less secure than using on-premises software.
Email services are neither inherently more or less secure in the cloud. The truth is, email security has much more to do with configuration and practice than with system architecture. And on those fronts, the cloud actually offers some security benefits.
First, the security perimeter is smaller and more defined than in a corporate setting. Second, the user base is easier to move and administrate in a cloud setting, and access is more robust and easy to maintain for users and administrators. Finally, the cloud affords security administrators benefits like:
- Centralized attachment scanning and blocking
- Unified storage and lower cost administration and access controls
- Ease of auditing and monitoring
To my mind, helping security administrators do their job more easily and effectively is the surest route to an overall improved security stance.
Myth: I will lose control over my data by moving my email service to the cloud.
This is an easy myth to debunk. In SparkPost’s cloud infrastructure, email and associated data are still controlled by the customer. Data management remains with the customer regardless of the hosting environment.
Myth: Anyone can access my data in the cloud. Plus, if it happened to Yahoo, couldn’t it happen to me?
A good cloud infrastructure (including Amazon Web Services, the cloud infrastructure used by SparkPost) has a lot of security baked-in and tested in ways few vendors can match. However, there’s no magic bullet here. Odds are that breaches can and will happen to everyone at some point, whether on-premises or in the cloud. Defense is expensive and hard. Even with the best defense, there is always an opportunity to be compromised. The key to success is to practice good data management, backup, and security. So encrypt your volumes, use multi-factor authentication—and most of all, enforce strong standards and procedures. Educate your user base to look for anything unusual and stay alert to the current attack trends. As with so many routines, complacency kills. Stay alert!
Myth: There are no steps I can take to make my cloud infrastructure secure.
Technology is good, however, it’s only as good the processes and controls that enforce it. By that, I mean putting policies and standards in place to enforce strong authentication and data security protocols. Use Multi-Factor Authentication (MFA), VPN, and other protections to control access to the production instances and email services. Drive your user base to use multi-factor authentication and connection protocols requiring multiple steps to access data. Encrypt your data at rest and in motion. (If you look at data breaches historically, the most destructive have been those that gained access to data that wasn’t encrypted. Never assume your fortified perimeters will save you.) Audit your user base and ensure only the right population has access and appropriate user rights. Enforce attachment scanning. Enforce perfect forward secrecy protocols. Are you seeing the pattern here?
Don’t take shortcuts, even though every developer and every user wishes you would for their convenience. Those extra steps, as tedious as they sometime seem, are the keys to keeping your instance secure.
Myth: I’m not sure I’m ready to move all of my data at once and it seems that it’s all cloud-or-nothing.
No, there’s nothing that says cloud use cases have to be all-or-nothing. It’s really a question that depends upon the needs of your particular business and velocity. You will have to determine the best course of action for your business case. For highly sensitive data, an incremental migration or hybrid cloud setup may be the way to go until there is enough trust in the new solution to fully commit. In other instances, you may want to rip the band-aid off and move it all at once, because the benefits of the cloud outweigh the risks. Regardless, ensure you have a good working backup solution during the migration and a solid continuity plan before you move any data.
Myth: It will take a long time to realize the benefits of moving to the cloud.
This is something I could talk about for hours. There’s so much good for both the business and for the technology team. But really it comes down to this: the cost/benefit of email in the cloud seems simple, but the truth is it’s even better than you think. The cloud really has upended the economics of software development and enabled genuine business innovation. Flexibility, scalability, shifting costs from capital to operational expenditures—these are all benefits that business execs love. Technology teams get to offload the operation of infrastructure to service providers who can do it more reliably, with better deliverability, and operate it at lower cost. It frees internal development teams to focus on unique functionality and business differentiators. It’s one of the clearest examples of win-win I’ve seen in my career in tech.
Myth: I won’t save much money by moving to the cloud
Between the costs of hardware, physical plant, and operational staff, operating your own on-premises infrastructure is a significant drag on business flexibility and budgets. SparkPost surveyed several real-world businesses and crunched the numbers. Afterward, we found that moving email delivery infrastructure to the cloud is a strategic win for companies that send high volumes of commercial and transactional email. In fact, a business that sends 750 million emails a year can save up to 40% by migrating email infrastructure to the cloud.
What is the onboarding process like if I choose to move my email service to SparkPost?
At SparkPost, onboarding involves several interactive tools and resources to ensure a successful start for all of our users. For our enterprise customers, the experience also includes the expert support of our Technical Account Managers (TAMs). In fact, the “white glove service” our TAMs deliver is one of the things I’ve consistently heard from our larger customers has helped them to succeed. They help senders lay the groundwork for the highest performance, make sure implementation is successful, help with the go-live transition, and then provide proactive ongoing support. It’s a real differentiator from other email delivery services.