Software as a Service (SaaS) security and privacy concerns has received a lot of attention lately. At dcig.com email archiving SaaS offerings from Autonomy, Microsoft and Google have been in focus. SaaS solutions can create a false sense of security by removing much of the management associated with on-premise data storage. SaaS vendors may have you believing their IT systems are more secure, since they stock their facilities with elite teams of management professionals. It is true that elite teams are managing the data, but there are critical elements of security that must be managed by companies subscribing to SaaS services.
For example, Microsoft’s Business Productivity Online services require your company to obtain public and private keys from a PKI vendor to encrypt all the data stored at the SaaS facility. Copies of those keys must be maintained by the PKI vendor as well as your company to ensure data retrieval is possible. Moreover, the keys that protect the archive data at the facility do not limit enterprise users’ access to archive data.
Limiting access to archive data is handled by discretionary access controls and user accounts stored in Active Directory™. The success of security in these SaaS systems is largely based on systemic security controls and processes within your company. When you decide to use a SaaS product you must institute new security processes and controls. Those process changes and related costs may go unaccounted for during your assessment of SaaS vs. on-premise email archiving solutions.
On-premise email archiving systems are designed to plug into your existing messaging and security systems. For example, Estorian LookingGlass requires a single Active Directory user account. Then the system is configured using existing security processes and any available storage within your network. LookingGlass requires only one or two hours for installation. Using Estorian enables you to leverage existing security, while adding low-cost high-value storage from StoreVault, a division of Network Appliance, or NEC.
Since SaaS archiving solutions require installing software locally and changes to security, you are primarily paying for storage services support. Estorian LookingGlass goes beyond first generation email archiving and SaaS archiving by delivering high-performance integration with Microsoft Exchange MAPI and a variable preDiscovery search option:
Figure 1: Estorian LookingGlass intuitive search
Of the three big vendors offering hosted archiving, only Microsoft/Fortiva offers an option to encrypt the stored data using public key infrastructure (PKI) at the SaaS facility on a company’s behalf. If you don’t want to upend your security process, consider using Estorian LookingGlass with on-premise storage, until encrypted Storage as a Service becomes widely available.