The State of Email Security 2018 Report
The latest threats, confidence killers and bad behaviors—and a cyber resilience strategy to fix them
The Boston Celtics are more than a basketball team – they are an institution. The team flies more title banners from its rafters than any other NBA franchise, and boasts 17 NBA championships. 31 Hall-of- Famers including legends Larry Bird, JoJo White, Robert Parish and Kevin McHale played for the Celtics.
The Celtics franchise operates as a large enterprise with large company visibility, revenues, and IT expectations, but with a relatively small front-office staff. Technology plays a key role in keeping operations running smoothly – and according to Jay Wessel, Vice President of Technology, email is without a doubt the most visible and critical technology used by the front-office staff.
“Most communication takes place via email,” says Wessel. “It’s even central to our ticketing system: the vast majority of our ticket sales are online, and confirmations take place via email. So if email goes down, it’s more than an inconvenience – it can seriously impact our revenue.”
Originally, Wessel and his IT team assembled a complex set of on-premise email management tools. Since 2003 the IT team had deployed a classic set of point solutions designed to solve individual problems that arose within the email infrastructure. This approach of rolling out point management solutions quickly became more complex and intense than the initial problems the solutions were designed to resolve.
In order to deliver high-quality email service and effective spam and virus protection, Wessel and his team had installed several different layers of protection and enhancement, starting at the firewall by placing initial spam and virus checks in the DMZ.
Mail was then routed onto a LAN-based spam and virus appliance before being delivered to an internal filtering server which ran further email content, spam and virus checks. Finally, after some dozen engines, checks and processes, email was delivered into the Microsoft Exchange server.
Although Wessel’s infrastructure worked well, the complexity of several quarantines and engines provided a veritable treasure hunt when he was trying to track and trace messages. To compound the issues, the infrastructure was old and beginning to suffer under the volume of email being processed; reliability issues began to increase as a number of outages took vital pieces of the SMTP chain offline.
“As our overall traffic increased and our infrastructure got more complex, we began to experience problems,” recalls Wessel. “Sometimes our main mail filter and quarantine server would hang, and we’d need to re-start the service.” In the meantime, email for the Celtics’ front office would be down, sometimes for up to two hours.
Adding new servers to the mix didn’t help. It got to the point where he had to re-start the service as a preventive measure about once a week. According to Wessel, “IT administrators really shouldn’t have to touch that stuff these days.”
Further, Wessel found that when something went wrong, it was increasingly difficult to troubleshoot and figure out the root cause of the problem. He also faced challenges with archiving, email discovery and disaster recovery – aspects that the Celtics’ insurance partner had prodded him to improve. Though Wessel knew that they were right, it seemed that there was no way he could bolt any more complexity to their homegrown system.
So, somewhat reluctantly, he began to explore alternatives. “I’d built this system from scratch, and the majority of the time it had worked flawlessly,” he says. “It was my baby. But over time, it just became too hard to manage. Mail flow has really become an art best left to experts.”
Mimecast provides the only end-to-end solution for unified email management in the cloud – a fully SaaS based solution that covers archiving, discovery, business continuity, security and policy management. More than 2,000 companies around the world have replaced multiple, on-premise point solutions with Mimecast subscriptions in order to significantly reduce the risk, complexity and overall cost of email management.
After upgrading its email server from Exchange 2003 to 2007, Wessel’s team performed the cutover to Mimecast for its entire front-office staff in early January. “Mimecast provides a very simple process – steps like getting DNS issues settled. They walk you through it, and it’s really easy to follow,” Wessel recalls.
“These guys have it down to a science. We prepared for about two days, just a couple of hours each day, and did some testing. Then on cutover day – it was a Friday – with the flick of a switch, we turned our entire mail-flow over to Mimecast and placed our email management in the cloud. It all went without a hitch and has been running flawlessly ever since.”
Visibility on mail flow – both in and out – is really streamlined, Wessel reports. And, because Mimecast is Web-based, he can manage email settings from anywhere.
Since the deployment of Mimecast, Wessel’s infrastructure has become streamlined and much more like the corporate email system it was designed to be. The only tools remaining in his network as far as email processing is concerned are the firewall and the Microsoft Exchange server; all of the peripheral services have been removed as Mimecast is able to deliver the same, if not greater, levels of functionality from the cloud.
The Celtics are also happy with the financial savings. In addition to the 5x reduction in administrative time, Wessel also estimates that the cost of Mimecast is 25 percent less just based on the annual maintenance he was paying on his old system – and there was no hardware cost.
In addition to the cost savings, Mimecast provides capabilities that the Celtics did not have before, such as archiving, discovery and disaster recovery. “We backed up to tape before,” recalls Wessel. “It was not an ideal solution – it was very difficult to retrieve data. With Mimecast, I can do it in a matter of minutes.
Additionally, Mimecast enabled the Celtics to retire multiple physical servers. This supported the Celtics’ Green IT initiative, which includes physical reductions of hardware as well as reductions in power and cooling requirements.
Similarly, prior to Mimecast, the Celtics’ disaster recovery plan involved replicating Exchange databases at offsite locations. In an emergency, the plan involved invoking one of the replicates. “Four years ago that was a reasonable plan, but we’d really outgrown it,” says Wessel.
“In today’s world, it’s really not acceptable for an IT pro to say, ‘Email is down’ or ‘The server is down.’” Wessel concludes. “With Mimecast, I never have to worry about being in that position.”
Many organizations think their current email security systems are up to the task of protecting them. In …
Not all email security systems perform the same. Lots of false negatives get through. That’s what Mimecast …
Using Microsoft Office 365™ or snapshots from backup or storage solutions for protection and recovery? You …