The State of Email Security 2018 Report
The latest threats, confidence killers and bad behaviors—and a cyber resilience strategy to fix them
Synonymous with the ultimate in luxury, style and glamour, The Ritz London has remained the benchmark by which other hotels are measured for over a century. Opened by renowned hotelier, Cesar Ritz, in 1906, this legendary hotel continues to retain its leading edge, offering 134 guestrooms combining Louis XVI style interiors with modern day technology as well as a variety of magnificent fine dining facilities.
The Ritz is the only hotel to have been awarded a Royal Warrant by HRH The Prince of Wales for Banquet and Catering services.
Due to its global fame, demand to eat or stay at The Ritz is high, so a swift, efficient and compliant email system is of paramount importance to The Ritz in maintaining its legendary reputation for service excellence.
“The Ritz experience begins with the very first ‘touch’ at the point of booking,” explained Glenn Isted, IT Assistant Manager for The Ritz. “Given such a large volume of electronic bookings are made, email really is a critical business application for us. It’s how we communicate with both guests and travel agents worldwide, so if our email service was lost for even an hour, the ramifications for us in terms of lost bookings, revenue and reputation would be huge. We simply cannot afford for it to go wrong.”
The Ritz had, in the past, used different cloud-based email security services, but they did not prove satisfactory. When it came to selecting a new email provider, Isted had a strong awareness of the strengths and weaknesses of different offerings. “Historically we have used several different email security/relay services providers. We’ve experienced issues with delays in sent and received emails and the support did not meet our expectations. In the end, it doesn’t matter how good the product might be, without the right support, it’s totally unsatisfactory,” he continued.
In addition, with the incumbent solution - Isted was faced with the bigger challenge of inefficient spam filtering: “We couldn’t rely on spam filters to sift out unwanted email in case a valuable booking email was accidentally filtered out at the same time,” he explained. “So we spent many hours sifting through our email system manually to separate the ‘wheat from the chaff.’ We viewed this as a necessary evil at the time but, looking back, it was hours of lost time and productivity.”
Despite looking at a number of on-premises solutions, Isted believed that a cloud-based product for email relay/processing would be better suited to delivering the level of service The Ritz required. Despite using very few cloud solutions in order to maintain control of its data and system uptime, Mimecast was an exception for The Ritz. Isted was immediately impressed by the benefits that Mimecast’s cloud-based offering would bring to The Ritz’ email management. For example, with spam emails being held by Mimecast in the cloud, the amount of data on The Ritz’ server was reduced, and its performance was enhanced. Furthermore, before moving to Mimecast, The Ritz was running a Novell GroupWise server, and with a move to Microsoft Exchange 2010 planned, Isted was confident that Mimecast would be the perfect partner. “Migrating to a new email system involved hours of downtime and for an operation that runs 24x7 that is a problem. To ensure email operations were not interrupted we used the Mimecast Disaster Recovery email boxes that allowed the front service teams to continue to respond to customer emails. When the new system was ready, email flow was restored”.
The Mimecast team also suggested a suite of additional features that would add value to the solution including daily email digests to help identify and manage potential spam mail. Isted was particularly impressed by the offer of granular policy setting with AD synchronisation, which would provide even more control over the hotel’s IT security in respect to PCI compliance, “This is totally unique to Mimecast,” explained Isted. “The fact that I can link directly to Active Directory through Outlook makes it so easy for me. I can now control which agent has access to which security group, so that the Events team are not processing email requests sent to the Banqueting team, for example. Mimecast is really ahead of its time here.”
Isted and his team were also able to meet one of the stringent Payment Card Industry (PCI) compliance objectives, of preventing transmitting/receiving of sensitive credit card data via email thanks to Mimecast. With intelligent identifiers for the recognition of structured data (like credit card numbers), Mimecast’s Data Leak Prevention tool prevents credit card information entering The Ritz’ email system by quarantining it in an “on hold” queue.
This solution added enormous value to the Mimecast service for Isted, as he explained; “Without such a system, the rules surrounding the handling of credit card data would involve 2-3 hours of extra work per day, not to mention enlisting the services of a third-party encryption product. This quarantining capability has potentially saved us thousands of pounds in third-party products alone by simply preventing credit card numbers from entering our email system.”
Mimecast delivered on its promise of comprehensive support and efficient service from the very outset. The Ritz’ hassle-free migration process to Mimecast lasted no more than a couple of hours. “It was really straightforward,” recalls Isted. “The Mimecast Knowledge Base contained some helpful articles and I got great, proactive support from the Service Implementation team.”
When it comes to keeping The Ritz’ email booking system running smoothly, with over a hundred thousand emails coming into The Ritz each month, Mimecast’s granular level of control gives the IT team the ability to track each of the emails. Now the team is able to search individual emails to ensure no bookings are dropped. In the event of any booking discrepancies, Isted can easily log onto the portal to find out which agent processed that particular booking, retrieve the relevant emails and resolve the problem quickly.
Significantly, this tracking ability now means Isted has the ability to prove receipt or delivery of any emails should any customer issue arise. “Prior to Mimecast, I had to go to the GroupWise server and look onsite to retrieve that ‘smoking gun’ email,” he explained. “Now, I can just log on to Mimecast’s web-based portal and find it instantly, so that gives us huge time savings.” These changes have been very welcome, reducing the time The Ritz’ IT department spend on admin tasks, and giving them valuable peace of mind.
The always-on, accurate and compliant email service that Mimecast provides enables Isted and his team to deliver a service to internal email users and customers that upholds The Ritz’ reputation for excellence. As Isted elaborates; “Crucially, I now have more time in my day to focus on ensuring The Ritz continues to provide an excellent service, right from the point of booking, to its discerning customers worldwide.”
“I have been pleased with the Mimecast service,” Isted concluded. “I have saved time and money, it is easy to administer and I genuinely believe that Mimecast is ahead of the competition with many features of the service it offers. The support I have received has been excellent, too.”
Many organizations think their current email security systems are up to the task of protecting them. In …
Not all email security systems perform the same. Lots of false negatives get through. That’s what Mimecast …
Using Microsoft Office 365™ or snapshots from backup or storage solutions for protection and recovery? You …