Neil Murray

The future of archiving is in the cloud and I believe on-premises storage is in rapid decline. And innovation here goes way beyond just providing safe, affordable storage.

“Archiving as a service (aka cloud archiving) has rapidly surpassed on-premises archiving as the preferred deployment model for most organizations”, stated the analyst firm, who also positioned Mimecast in the ‘Leaders’ section of the report.

 As a cloud-only company we are at the forefront of this move and innovation. Our data centers around the world together store over 100 billion emails and more than 13 petabytes of customer data – and this is growing rapidly every month.

We have invested considerable time and effort into leading the industry in email and data archiving technology, and doing this completely in the cloud. Unlike many of our on-premises or hosted archiving competitors, we designed and built a cloud service able to scale to meet the storage, protection and data sovereignty requirements of customers of all sizes, not just those bigger enterprises with deep pockets.

Being a leader here means going beyond just storing customer data safely. We believe providing access to this critical data is equally as important. This helps employees at our customers to access their archive, resurface emails and information to help make them more productive.

Our cloud infrastructure and search technologies mean we can store huge volumes of live and legacy archive data, which grows with the customer every day, and make it available for e-discovery. This is also why we’re confident to offer an end-user search SLA of seven seconds. In fact, our current average search time is much lower. And our mobile and desktop apps mean that employees can access their whole ‘active’ archive from their device of choice – even on the move – smartphone, tablet or desktop. And no need to go to the IT team to do it either.

If you’d like to hear more about our approach to archiving in the cloud or grab a copy of Gartner’s report on us – just click on the image in this post.


As many began to return home from its Worldwide Partner Conference this week, Microsoft confirmed an outage of Office 365 email.

According to Microsoft Support, it appears that affected users were unable to connect to the Exchange Online service, including Outlook, Outlook Web App (OWA), Exchange ActiveSync (EAS), and Exchange Web Services (EWS). Many users also experienced delays when sending and receiving messages.

Certainly Office 365 is not the only service to suffer like this – outages happen, but the reason why Office 365 outages grab widespread attention is because of its increasing popularity and the business critical nature of services it provides. Suffering from an Office 365 Outage? We'll Keep Your Business Running. Suffering from an Office 365 Outage? We'll Keep Your Business Running.

For many businesses, email is their most critical IT workload. Email is also highly valued by employees. Tolerance for email downtime is almost zero as it costs money, damages reputations and cripples business operations. In short, we all need it to work and to work all the time.

For years IT teams have built disaster recovery plans and systems predicated on the belief that IT fails and you always need a plan B. Nothing changes in a cloud first world. Cloud services clearly fail and if you don’t have an independent continuity service, your email will be down until Office 365 gets it back up again. And you can’t control when that will happen. One hour. Five hours. Days.

So take a leaf out of the on-premises risk management handbook. Make Office 365 safer with the addition of an independent third-party continuity service.

Office 365 will continue to have service outages. Sometimes these will be very disruptive because they affect an entire region. Other occasions may only see some customers or group of employees affected. But outages do and will happen. It’s irrational to expect them not to happen.

Many of us now live in a cloud-first world. So the question to ask ourselves is – what will happen to me when Office 365 goes offline? Do I have a plan B?

For all its strengths, if you rely 100% on Office 365 for your email you are asking for trouble. It’s just a matter of time.

Find out more about how we can help keep your business running during an Office 365 outage here.


Yesterday, we announced two new measures designed to protect against spear-phishing. Attachment Protect and User Awareness reduce the threat from malware-laden attachments, and help IT teams raise employee security awareness.

Both services are available as part of Mimecast Targeted Threat Protection, which now gives customers a comprehensive defense against the key technical and human risks from spear-phishing.

Spear-phishing attacks are a rapidly growing and evolving threat that needs a new generation of services to protect organizations.

Initially, it was about stopping URL links to malicious websites. But now the threat has moved on to weaponized attachments. So sandboxing has become a critical technical defense. Here attachments are tested in a safe environment before they can be delivered to the recipient. But sandboxing does have its limitations. It delays emails, which is frustrating and impacts employee productivity. It’s typically expensive to provide pre-emptive sandboxing, meaning organizations often limit who they protect to keep costs under control. That’s not good enough. As attacks using weaponized attachments become more commonplace and can be targeted at any employee, this puts organizations at risk if they are limiting this critical protection.

Our approach is different. We make it cost effective and easier to protect the whole organization.

Mimecast Targeted Threat Protection – Attachment Protect combines traditional pre-emptive sandboxing for those who want it with a transcription service that automatically gives all employees a safe and threat-less email attachment instantly. It does this by replacing inbound email attachments that could contain malicious code (e.g. PDF or Microsoft Office files) with safe transcribed versions – neutralizing any malicious code. Most employees only need to view attachments, so no further action is needed. If employees need to edit a file, a link in the email can be used to request the original file on-demand via our cloud-based sandboxing service.

However, technology is only part of the defense against spear-phishing and other security threats for that matter. A comprehensive strategy requires employee education. We need to improve employee skills and vigilance, and turn them into a human firewall that can thwart the scammers and hackers.

The problem is traditional IT training is ineffective, time-consuming and ultimately unable to keep up with advanced security threats that change all the time.

Now, in addition to link rewriting, URL Protect includes innovative dynamic user awareness capabilities so IT teams can raise the security awareness of employees. Once enabled, a percentage of links in emails clicked by an employee will open a warning screen. This provides them more information on the email and destination, prompting them to consider if the page is safe. If they choose to continue, their opinion is logged, URL Protect scans the link and blocks access if the destination is unsafe. IT administrators can set how frequently these awareness prompts are shown to ensure employee caution is maintained. Repeat offenders that click bad links will get more frequent prompts automatically until their behavior changes.

A comprehensive security strategy requires not just technology defenses but also employee education. You need to improve employee skills and vigilance, and turn them into a human firewall that can thwart the scammers and hackers.

If you’d like more information about these new services, please register for the Targeted Threat Protection Webinar or let us show you a demo. Also, please leave a comment on this post if you have any questions – thanks!


Amazon's WorkMail Is Late to the Party

by Neil Murray - CTO and Co-Founder

It’s not David and Goliath. It’s David, without a slingshot, battling a Goliath who has recently beaten David’s more popular brother Google Apps.

The launch of Amazon’s WorkMail makes perfect sense on paper. It should have an offering in the enterprise email server market – its rivals have been in it for years. The trouble for Amazon is that it’s incredibly late and it looks like it has no stand out features. To make matters worse for Amazon, Microsoft unquestionably leads the world in the provision of enterprise email inboxes – both in on-premises Exchange and now in the cloud with Office 365.

Of course, high-profile security breaches such as Sony and Target have heightened the interest of enterprises in the security of their email services. Encryption for email in transit is growing in importance and reflects the critical importance email plays in business, but this is not the be-all and end-all of securing email from snooping eyes, legitimate or otherwise.

Businesses need to be thinking about making their email safe beyond the actual inbox and transit encryption. This is where third-party cloud service providers for email security, archiving and continuity, like Mimecast, come in.

Businesses also have to consider carefully how best to deploy their business critical services in the cloud era – the answer certainly isn’t relying on one vendor for everything. Amazon, Google or Microsoft for that matter. On the other hand, you don’t want a myriad of vendors or you’ll be left paying for, and managing, all this additional technology in the cloud, very much like you are doing on-premise now.

The news about WorkMail doesn’t change this fundamental challenge.

Unseating Microsoft from its position as enterprise email server of choice, with more than 300 million Exchange inboxes out there, will take some revolutionary ideas. Competition is a good thing, of course. Even though we’ve been supporting email services from Google and Microsoft for years, we will look closely at how WorkMail does in the market.

That said, my first assessment of WorkMail from news reports suggests that its basic offering of encryption and calendars, however priced or packaged, won’t be the revolutionary spark Amazon needs to unseat the entrenched competition potentially even within AWS’ own customer base.

But didn’t they say that about David’s chances against Goliath? No, scratch that. This time the big dog does win.