The State of Email Security 2018 Report
The latest threats, confidence killers and bad behaviors—and a cyber resilience strategy to fix them
Environmental Defense Fund (EDF), a leading national nonprofit organization, creates transformational solutions to the most serious environmental problems, linking science, economics, law and innovative private-sector partnerships. Brian Attas, CIO for EDF, heads up IT strategy and services for the organization’s 10 offices and 400 full-time employees.
Many of EDF’s employees, says Attas, are scientists and attorneys who need to keep meticulous records. When EDF used Lotus Notes, employees retained all their email within Notes. When the non-profit transitioned to Exchange in 2004, they continued that practice. The result was that by 2008, according to Attas, many users had email boxes that approached 5GB.
“You can imagine how that affected our overall email services,” says Attas. “On some days, things slowed to a crawl and users frequently had trouble getting their Outlook clients to boot.”
EDF’s first attempt at solving the problem was to limit inbox sizes and instruct users on how to create PST files for archiving. That helped speed the mechanics of launching Outlook and sending/receiving email – but created other issues, such as the time required to backup all those large PST files, and the difficulty of retrieving older emails from PST files or from the Exchange environment.
“Backups started to consume a large part of IT’s time and resources,” recalls Attas. “It really was not a sustainable model. After a few years of that, we decided it was time to implement a real archiving system.” Initially, EDF explored in-house solutions, believing that it would cost less than outsourcing and enable the IT team to retain control over the process.
“We went in thinking this was basically about storage, and storage is cheap. But soon we learned that this approach would definitely not be cheap,” says Attas. The tools EDF considered came with high five-figure price tags, required additional investments in hardware, and did nothing to relieve the time burden on its IT staff.
In light of that, Attas decided to evaluate cloud-based approaches to email archiving.
His top two candidates were Google and Mimecast. “Both offered a solid approach,” says Attas, “but we liked that Mimecast was completely dedicated to email management – it’s their entire business. Plus, Mimecast offered a much better administrative interface and additional features such as business continuity and policy enforcement at no extra cost.
When we looked at the functionality of Google and Mimecast side by side, there was just no comparison – Mimecast hit it out of the park.”
To ensure they were making a sound business decision, Attas and his team performed 3- and 5- year Total Cost of Ownership analyses comparing an in-house archiving system to Mimecast. “Our evaluation showed that the TCO for Mimecast would be less than half that of an in-house system – primarily because Mimecast enabled us to eliminate six boxes and associated software licenses, including two Exchange servers. That sealed the deal for us,” says Attas.
EDF implemented Mimecast in July 2008. According to Attas, the process was painless. “Mimecast has a very organized process for rollouts,” he explains. “There are multiple checklists and checkpoints that ensure everything goes smoothly. Everything went off without a hitch, with no email interruptions for our users.”
EDF saw an instant improvement in overall email performance and also in anti-virus coverage. “There was a short time during the rollout when we had both Mimecast and our legacy SMTP appliance running simultaneously, and during that time we detected and blocked several email viruses from entering our system,” Attas recalls. “Because Mimecast was new to our system, everyone assumed it was the culprit. But when we went back and looked at the traffic, we discovered that the infected emails actually got in via our old SMTP appliance.”
In fact, Attas reports, since EDF completed its Mimecast implementation, it has not been infected by a single virus via email.
Mimecast also helps EDF with policy enforcement and compliance. If at some point EDF becomes subject to government regulation regarding email retention and archiving – something Attas believes is a distinct possibility in the coming years – with Mimecast, it’s prepared. “Mimecast is a tremendous help for record keeping and eDiscovery,” he says. “If we have to find archived messages, it literally takes less than a minute to set up and execute a search.”
EDF users have also come to appreciate the business continuity aspects of Mimecast. “In the past, if we’d had a power or server outage at both of our main hub locations, there would not have been access to email, even from home,” explains Attas. “Now, in that event email fails over to Mimecast, which provides a webbased interface that looks just like the user’s Outlook inbox, and our users can continue working. It helps ensure that email outages are invisible to the outside world and don’t interrupt our operations.”
“Mimecast greatly simplified our overall email environment and gives me peace of mind,” says Attas. “In addition, getting rid of all those boxes reduced our carbon footprint, which philosophically aligns well with EDF’s overall mission.”
“Any organization that wants to get out the business of archiving and managing email security should look at Mimecast,” he concludes. “Email management IS their business. And that really comes through in the product and in their support.”
Many organizations think their current email security systems are up to the task of protecting them. In …
Using Microsoft Office 365™ or snapshots from backup or storage solutions for protection and recovery? You …
Email is the number-one application that organizations depend on for communications. Unfortunately, it is also …