Are You Overlooking Email Business Continuity in Your Cloud Migration?
It’s easy to take email continuity for granted, especially when using a cloud-based service. But an outage can undermine productivity and security. Here are some tips for maintaining email business continuity.
- When an email system goes offline, the resulting chaos can impact the business and create cybersecurity problems as employees turn to unauthorized services.
- Companies often overlook email business continuity when they migrate to cloud-based email systems—but outages still occur periodically.
- Create a plan to keep messages flowing seamlessly during an outage—and test it to be sure it will work.
For most organizations, email is a mission-critical function. So what happens when the enterprise email system goes down, due to an IT failure, natural disaster or malicious attack?
Even a brief email outage can bring an enterprise to its knees. It can also ding the company’s brand and result in lost productivity and revenue. “Email business continuity is often overlooked—particularly as companies migrate from on-premises to cloud-based email systems, says Graham Rudolph, Technical Sales Engineer at Mimecast.
The problem? “When using on-premises email systems, a lot of companies operate with high availability,” including replication at different sites, Rudolph explains. “But when moving to the cloud, they think someone else is taking care of it—so they don't have to worry about it.”
Unfortunately, when cloud-based email systems fail—and it’s not uncommon—employees often find less-desirable ways to complete their work. They may use personal accounts that are less secure, for example. Operating outside corporate controls, they may send sensitive information—intentionally or inadvertently—to the wrong person. “Users are like water,” Rudolph says. “They will inevitably look for the path of least resistance.”
You can learn more about email business continuity, and get tips for how to survive your email provider’s outages, by watching Rudolph’s presentation “Be prepared: Do you have a plan for when email goes down?” at Mimecast’s Cyber Resilience Summit, which takes place online June 23-24 2020.
Cloud Email Continuity is Easily Overlooked
Cloud-based email platforms, such as Microsoft 365 and Gmail, generally offer good uptime, but outages do occur. Several Microsoft 365 outages were reported in 2019, for example.[i] Sporadic Gmail outages are enough of a problem that websites track them in real time.[ii]
Not only can a system crash or failure undermine business operations and pose a serious security threat, it can lead to other problems, including an inability to abide by regulatory requirements such as HIPAA or GDPR. Furthermore, email bounce-backs and lost messages can result in communication breakdowns and lost sales. According to a Rand Group survey, 60 minutes of downtime typically costs business over US $300,000.[iii]
Recognize the Risks of Ignoring Business Continuity
There are three essential things to recognize about email continuity:
- Migrating to the cloud doesn’t eliminate the need for business continuity services. Cloud providers offer varying levels of protection, but they generally do not provide robust continuity. “Too often, there’s a belief that the email service provider’s security and continuity framework is ‘good enough,” Rudolph says. Because the email system may depend on many other components within the provider’s cloud, a failure in any one of those components can lead to email downtime.
- IT may overlook cloud email business continuity. When migrating to the cloud, IT groups may focus their business continuity strategy on other enterprise applications and fail to consider the need for email continuity.
- Users will turn to insecure email solutions when they have to. When email goes down, users will resort to personal Gmail, Hotmail or Dropbox accounts to get information to customers or handle transactions—unless they’re specifically instructed not to do so and a viable alternative exists. Unfortunately, this means their communications aren’t scanned by enterprise security controls such as data loss prevention (DLP) services. Many data leaks occur because someone sends content to the wrong email address. “They may click a link from the wrong tab in a browser or use the autofill function on an email address line but select the wrong person,” Rudolph explains.
Steps You Can Take to Boost Your Protection
One effective way to approach cloud email continuity is to have an instant failover capability in place. Under this model, when a system such as Office 365 or Gmail goes offline, the service provider instantly takes over to keep messages flowing. With some systems, employees can continue to keep using their familiar corporate email client, such as Outlook. Some email business continuity providers also provide email security scanning such as spam and virus protection. Syncing and recovery functions ensure that the email platform is completely up to date once the outage is resolved. No critical data is lost in the transition.
Tips for Ensuring Email Business Continuity
Regardless of the specific approach your organization adopts, you can take steps to inoculate your organization against a serious breakdown:
- Plan ahead. “Establish an email business continuity plan with clear direction about what to do during an outage,” Rudolph suggests. This typically includes who to contact, how to communicate with others, and how to proceed with business-critical tasks. It covers how to handle email and who to turn to for technical support. Consider creating a quick at-a-glance guide, perhaps a laminated single page sheet, so that employees can read it even if all systems are down.
- Know Your Vendor. If you turn to an outside business continuity provider, conduct a thorough evaluation to determine whether they’ll really provide what you need in the event of an outage. Spend time getting to know the supplier, to develop trust that they can support your organization’s unique needs. Understand their support model, hours and specific services, including for your geographic region.
- Test procedures thoroughly. Run through a continuity plan during business hours within a limited user group to ensure that it works. The process should test different messaging alternatives, including text messaging. Once it’s clear what works best for a group, adopt an approach that works. Some services enable you to perform business continuity tests by disconnecting a group of users from the enterprise email system and running their email through the continuity platform.
The Bottom Line
Email is a mission-critical application for most organizations. But IT and business leaders may not prioritize email business continuity, especially as organizations move to the cloud. With a sound plan and the right technology in place, it’s possible to minimize the risk of downtime—and the potential expense and security threats it introduces.
[iii] “How Much Does 1 Hour of Downtime Cost the Average Business?,” Rand Group.
Subscribe to Cyber Resilience Insights for more articles like these
Get all the latest news and cybersecurity industry analysis delivered right to your inbox
Sign up successful
Thank you for signing up to receive updates from our blog
We will be in touch!