by Matthew Ravden
From the moment BPOS was first released about five years ago, we’ve consistently said on this blog that we welcome Microsoft’s move to the cloud, that it’ll be a great solution for some businesses, but that mature cloud services like Mimecast’s will play a major role as adoption begins to gain momentum. Well, if BPOS was Microsoft’s trial run, Office 365 is the real deal and it does now seem to be gaining serious traction in the market. But our position remains the same, and in fact the business case for Mimecast’s solutions to enhance Office 365 looks stronger than ever.
Office 365 is positioned by Microsoft as a one-stop-shop, and on the surface looks like something of a panacea for a business looking to outsource email and stop managing an on-premises Exchange server. For many businesses, particularly in the SMB space, it is.
But for larger companies, or those for whom email is a mission critical application, Office 365 may not be quite so alluring. In general, Mimecast customers fall into that category – they want to use best practice cloud services to protect email from threats, and store the data in a secure, highly available archive. And amongst our customer base we’ve seen a preference for keeping Exchange on-site – there’s strong interest in Exchange 13 – or moving to a hybrid model with some mailboxes on-site and others in the cloud.
The blockers to Office 365 adoption seem to fall into three categories.
- Archiving doesn’t offer sufficient levels of compliance and eDiscovery capabilities
- Uptime is a concern
- Exchange Online Protection may not represent best practice email security
We also think a further need will emerge, for a single archive of multiple types of unstructured data, fully searchable both for eDiscovery purposes and for day to day use by end users from their laptops, smart-phones and tablets. An Enterprise Information Archive for Office 365, to use Gartner terminology.
For Mimecast, then, nothing much changes from how we position around on-premise Exchange, where we offer enterprise grade cloud services that remove complexity and cost. With Office 365, it’s less about cost and complexity, and more about the ‘enterprise grade’ piece. As Office 365 adoption gains traction, the ‘pain points’ will also crystallize, and the ecosystem of ‘supporting’ or ‘enhancing’ services will emerge. It already is emerging.
Is this a bad thing for Microsoft or Office 365? On the contrary. Businesses who want to go down this path will be reassured that there’s a third party ecosystem of mature cloud services that can enhance the ‘off-the-shelf’ capabilities of the various SKUs of Microsoft’s new cloud solution. We expect to find businesses buying Office 365 plus Mimecast for any one of the three issues above, or potentially buying our entire UEM suite if that’s what best meets their needs. And we also expect companies who’ve already moved to Office 365 to subsequently purchase add-on services to shore up functionality in those key areas, be they compliance or security related, or based on concerns about downtime.
So, to conclude, Office 365 comes in a variety of different shapes and sizes at different price points, ostensibly for businesses with different messaging requirements. It covers a lot of ground, and for many businesses the barrier to purchase is that one or other area of critical functionality doesn’t quite meet requirements. With Mimecast, which works seamlessly within an Office 365 / Exchange context, these perceived short-falls can be fixed, and the barriers to purchase removed. With Mimecast, Office 365 goes from good to great.
by Matthew Ravden
The research we just published from Freeform Dynamics did a great job of framing the Information Fragmentation ‘pain’ that businesses are feeling. For me, the main thing the research does is make it crystal clear that the vast majority of IT CIOs recognize the problem, but very few have really worked out what to do about it. Law firms, as you’d expect, are quicker than most to start figuring out how to regain control of corporate information, since they live in a world of compliance and regulatory requirements.
Whilst the Freeform Dynamic research identified a group of ‘Elites’ who appear to be making all the right moves, after talking to customers and prospects from the legal community at this week’s Strategic Technology Forum 2013, there are still huge differences of opinion on what constitutes best practice. Nathan Hayes, IT Director at Osborne Clarke, and I, hosted a round table discussion around the data fragmentation issue earlier today, and it became clear that views are polarized.
Dropbox, and the other popular ‘consumer cloud’ services, are not the only source of information fragmentation, but they frame a nice emotive subject with which to start a good conversation. Everyone agrees that the use of these tools in the enterprise is a threat to IT’s ability to manage sensitive information. But opinions are split on the solution to the problem. On the one hand, there’s a view that we can’t outlaw the likes of Dropbox, and instead we need to accommodate it – and similar tools like Evernote or Box.net – via a variety of different strategies. On the other, there’re those who feel that consumer clouds should simply not be allowed in the enterprise.
Mimecast will provide a folder where users can drop important work documents from Box/Dropbox, etc. Those documents are in the archive, subject to DLP policies, fully compliant and discoverable
Both Gartner and Forrester have started to define a nascent market for what they call ‘File Sync and Share’ services, but from what I’ve read, both are advocating very different solutions. Interestingly, Gartner calls this category Enterprise File Sync & Share (EFSS), by definition ruling out anything that’s not ‘enterprise-grade’. And in line with that piece of context setting, Gartner (1) states in a recent report, “implementing an EFSS service can be a significant challenge, as IT organizations race to shepherd their rogue employees away from consumer-oriented services into a controlled environment suitable for enterprise data sharing. Although creating an easy-to-use EFSS solution can be an urgent and a high priority, enterprise IT should be keen to embrace solutions that also provide robust features, such as enhanced security, identity management, unified dashboards and content management.” Users of consumer cloud services are considered ‘rogue’. Forrester Research, Inc. (2), in complete contrast, says that any attempt to block personal cloud services and implement enterprise-grade alternatives will fail. To quote from the report, “we predict that IT will create application programming interface (API)-style connections with employees’ personal cloud services in a fashion similar to business-to-business (B2B) integration.”
As the co-host of today’s discussion, I naturally had to stay on the fence and keep my own bias to myself. But now that’s done and dusted, what would I – or Mimecast as an Enterprise software vendor – propose?
I think the remedy comes in two distinct stages, and we’re providing technology for both. First of all, we need some damage limitation. It may not be feasible to outlaw the use of Dropbox. It’s a popular tool and corporate IT doesn’t necessarily have off the peg alternatives with ‘Enterprise-Grade’ stamped on them. Just a simple use case – needing to send a large file – is often enough to send a user to the dark side. So let’s deliver IT a tool that provides a compliant framework for use of consumer clouds. We’ll give you a Mimecast folder, into which your users can drop important work documents from Box/Dropbox, etc. And once there, those documents are in the archive, subject to DLP policies, fully compliant and discoverable, and we can all sleep a little better at night.
If that’s phase one, then phase two is what we at Mimecast call ‘encroachment’. It’s a polite way of saying we can obviate the need for something altogether. I doubt Dropbox execs will be quaking in their shoes at this news, and we doubt very much we’ll put them out of business. But if we can provide EFSS solutions for our customers and their end users that do the job for both sides, then slowly but surely, we can bring users back into the fold.
Even then, it probably wouldn’t be smart to ‘outlaw’ these popular services. Rather, by providing strong, usable, viable alternatives, the compelling use cases for them will fade away.
The Enterprise Fights Back? Perhaps, but it won’t be shock and awe. More subtle persuasion.
(1) Use These Best Practices to Deploy a Private Enterprise-Class File Sync and Share Service. Published 26 March 2013. Gene Ruth, Arun Chandrasekaran, Gartner Inc.
(2) The Coming Integration of Personal Cloud Services And Enterprise Apps. Published 21 March 2013. Frank E. Gillett, with Christopher Mines and Michael Yamnitsky, Forrester Inc.
by Matthew Ravden
This week we joined forces with independent analysts Freeform Dynamics and commissioned research into the impact that growing data fragmentation is having on IT professionals in the UK and U.S. You can get a summary of the report, a 1 page infographic best practice guide and the full report here.
As we expected data fragmentation is a very pressing issue for customers – and not just from a technology or IT infrastructure perspective. 82% of respondents see their business decision making being hampered or hurt as a result of data fragmentation.
82% see business decision making hurt by data fragmentation. 93% struggling to control corporate data. 83% see security risks as data is spread across corporate or ‘Shadow IT’ networks.
Fragmentation of corporate data across their IT infrastructure and the emergence of a ‘Shadow IT’ network of user devices or consumer cloud services outside their control, is also putting their organizations at risk. 83% are concerned about the security of their corporate data as it’s increasingly dispersed across their network and outside.
That’s not all. Getting the situation under control is also proving difficult with 93% saying that tracking and managing critical corporate data is now a big challenge. And of course it’s also driving up management and infrastructure costs – 84% highlighted that costs were a concern and many feel they’ve lost control of this.
Today’s CIOs are much less managers of IT real estate than custodians of corporate data. Their focus is on securing the all-important data, storing and managing its cost effectively, and then making it work harder for both end users and the business as a whole. This task is tough enough with information being siloed around the enterprise but when you add in consumer devices and ‘personal cloud services’, it becomes almost impossible for a CIO to really know where valuable corporate information is being stored. On the one hand, it’s hard to stop the use of these services, but on the other there’s no question that they represent a genuine security and compliance risk for IT.
The small number of expert or elite respondents in this survey show that there’re ways to tackle data fragmentation, and if policies and technologies are adopted before the problem becomes too widespread, it’s still quite possible to harness the data for the benefit of the business. It’s also clear that archiving solutions like Mimecast’s own can play a major role here, enforcing DLP and retention policies, fulfilling compliance requirements and giving the CIO a single view of all the critical corporate data.
Here are some of the key findings but find out more here:
by Matthew Ravden
- 82% of IT managers see decision making hampered by data availability issues and 77% by data inconsistency.
- 93% are struggling to control critical corporate data. 84% believe storage costs are running out of control.
- 83% see security risks as their corporate data fragments across the private and public network, with 38% already experiencing the issues acutely.
- 92% see email as a common means of storing and sharing critical data within corporations. 62% say that local offline email stores – for example, PSTs on desktops, are frequently used for storing business information – compounding the risk.
Last week, around 450 people at various Mimecast locations around the world celebrated Mimecast’s 10th birthday. In truth, only a handful could really relate to the journey from humble start-up to major industry player, so for the majority, last week’s festivities were more about taking stock as one financial year was closed and another began.
There’s no question that ten years is a major milestone, and just cause for celebration, but it’s also true that Mimecast’s future is now a more compelling story than our past. For much of that decade, we’ve consistently revisited the genesis of the business, and told the story of how our founders met and conceived of a SaaS-based solution to the increasingly painful task of managing corporate email. It’s been important to show that Mimecast’s platform was built for SaaS from day one, not retrofitted from some legacy model.
Increasingly, though, it’s the future that matters. For our staff – we’ll be doubling the size of the workforce over the next 12 months – we’re a company that’s growing, providing fantastic career opportunities and investing in training to ensure Mimecast continues to put the needs of our customers front and centre. For channel partners, we’re a strategic partner around which they can build a strong, profitable, sustainable business for the next decade. And for customers, while we continue to solve those painful email problems, we’re increasingly talking about the value of unstructured data and the potential of our platform – and the API’s we’re making available - to liberate the value of corporate information.
It’s important to stress that this isn’t just Mimecast and our increasing sense of self-worth; it is a growing expectation of our customers, partners, investors and employees. What does the future look like – what is the journey?
As I said, our 10th birthday, for most Mimecast staff, was a celebration of the momentum that the business is generating right now. In the last five years, we’ve grown our customer base from 915 to 7,000 and our users have rocketed from 160,000 to almost 2 million. In March alone, we took on 350 new customers and more than 200,000 new users, that’s 25% more users than the total for the first five years in a single month!
The realisation for most in the Mimecast ecosystem is that this is becoming something of an irresistible force. The last ten years have been about laying a foundation. It’s the next ten that will shape our destiny.
by Matthew Ravden
Arguably the single biggest challenge for Cloud vendors is helping customers understand and justify the implications of handing over not only data but business processes to a Cloud Vendor, especially when the Cloud space has lacked maturity and standards.
And it’s becoming an increasingly important decision as Cloud becomes the “default” choice for many businesses, they need to understand where their data is and how safe it is.
Yes, Cloud Computing is still in its relative infancy, but it’s growing up fast. To hear a highly respected and influential Gartner analyst saying that he rarely recommends anything but SaaS solutions to companies looking to change their email security service shows that the die is well and truly cast. It’s a similar picture in the archiving space. SaaS vendors are growing far faster than their on-premise counterparts, although SaaS still accounts for a small share of the overall market. And of course, with Microsoft’s strategic priority to transfer the on premise dominance of Exchange into the cloud (with Office 365), it’s fairly clear that at some point in the future, all these technologies will be delivered to customers from the cloud.
It’s a matter of when, not if.
What’s surprising however, there seems to be a two stream approach to Cloud adoption, the haves and the have not’s- those who have Cloud and those who don’t. Yet.
On the one hand, especially in the SMB and midmarket, cloud vendors are now dealing with a far more enlightened customer base. Many CIOs are now on their second or third cycle of purchasing cloud services. They have wised up to vendors who over-promise, or hide behind bogus SLAs, and they will have rejected out of hand any service that doesn’t do what it says on the tin. Their next decision could potentially be based on a specific business or technical need, but more likely, it will be based not simply on the service but on the vendor’s approach to delivering that service. In other words, it will be based largely on the vendor itself.
The second stream is convincing the have not’s to adopt, often larger enterprises that their data is safe in the cloud. This is a slower burning challenge, because these businesses often have massive legacy investments in on premise IT resources, both in terms of tin and human capital. That makes a move to cloud technology not only a technological change in mindset but a cultural shift as well. But it doesn’t matter how big the organization is, the pressure on IT departments to reduce costs while delivering more value is the same. And most if not all roads lead to the cloud.
But IT departments needn’t fear- Jevons Paradox predicts that more IT will be required for the future, not less- it’s just going to be different to what they’re doing today. But that’s technology for you. When was the last time IT staff used their Windows 3.1 skills?
The danger here is that CIOs of large enterprises tend to ‘trust’ the biggest, most established technology brands with the deepest marketing pockets, best placed to “Cloudwash” their dated technologies. I use the term ‘danger’ because, when it comes to cloud, money can’t buy you trust. The big brands have whole shoals of fish to fry and are usually more interested in wooing consumers than they are safeguarding the interests of customers and their data. For smaller, pure play cloud vendors like Mimecast, this is ALL we do. And that means we can’t slip up. So we have to earn trust the hard way, and the only way. And that’s by building a history of excellence in delivering Cloud Services.
For those CIOs who’ve already made the leap of faith and are committed to a cloud strategy, we’re now hearing – anecdotally at least – that customer service and support has jumped up the purchasing priority list alongside cost. That is largely because customer support has been the single biggest pain point for consumers of cloud service over the last two years. Why? Because it is, arguably, the most underinvested business function in the cloud industry.
But of course, the economics of SaaS and cloud only work if you retain those customers for long periods. At Mimecast we retain over 98% of our customers. It goes without saying that the product has to work. But perhaps the key variable is our ability to look after our customers. To put it politely, the cloud industry has a patchy record in providing customer service.
To some extent, then, in the SMB and mid-market space, there will be a period of ‘natural selection’, where the new breed of cloud savvy IT purchasers weed out the suppliers whose service doesn’t match the promise, for whatever reason — unreliable product, unrealistic SLA, non-existent support, dodgy security protocols, or fudged solutions built on OEM arrangements or poorly integrated acquisitions. The cloud vendors who are playing the long game and investing properly where it matters will rise to the top through this process, and others will fall by the wayside. (In fact we’re already seeing this happening in the early part of 2012.)
For first time purchasers and larger enterprises, though, we still have to help them with their trust issues, and we won’t achieve that by focusing on customer service excellence. Instead, we have to put our weight behind meaningful industry initiatives that can turn ‘trust’ from an intangible to a tangible purchasing criterion. One example of this is Cloud Security Alliance’s Security Trust and Assurance Registry, or STAR, which is addressing the need for Enterprises moving applications and data to the cloud, or consuming a provider’s services, to understand cloud provider security. Another is an organisations willingness to adhere to security standards such as ISO 27001. But providers remain hesitant to give up proprietary information, or expose themselves to exploitation. In fact, to date, only Mimecast, Microsoft and Solutionary have agreed to publish their STAR controls.
Transparency is clearly going to be a major factor in the success of cloud technology, particularly as a means of building confidence amongst enterprise CIOs that their data is safe and secure in the cloud. But while we will continue to embrace standards initiatives such as STAR and ISO27001 that make trust a tangible factor, our growth in the mid-market will most likely come from good old fashioned values, such as delivering strong after-sales support, and from sharing stellar recommendations from existing customers.
STAR launched in the fourth quarter of last year and its aim is to be a public repository of providers’ security controls. Providers who are STAR members can fill out either the CSA’s Consensus Assessments Initiative Questionnaire or the Cloud Controls Matrix framework questionnaire, both built according to the ISO 27001 standard, and ultimately agree to have that data published online and publicly accessible.
Image CC Flickr- Lyncis