All posts in Strategy

By on May 9, 2013

Have Cloud Data, will (can) Travel

passport stampLast month Israeli security forces imposed their right to examine your email at their border crossings; the initial panic was calmed by a clarification from the Israeli Attorney-General stating the specific circumstances for the search. Previously, in 2009, the United States imposed a right to search your electronic devices, and keep them for further examination, at border crossings too—without any suspicions of wrongdoing. Are these signs that our local data is no longer private when we travel?

State sponsored search of your devices, and data, now becomes the latest privacy worry for any international travellers; we’ve always been worried about malicious attempts to gain access to our data, or having our laptops stolen from airport security screening points, but now the case for travelling completely clean is made.

Many technology travellers I talk to have always maintained a set of clean equipment, which is only used on trips outside their native country. Before and after every trip their laptop, smartphone, and tablet get factory wiped and restored from a known good image. This is especially important when returning from a trip to ensure the platforms remain clean – those devices are also replaced more frequently than home devices, and are occasionally stripped to check for “extra hardware”.

Paranoid?

Maybe; but more sensible than paranoid, as we’re in the days of state sponsored hacking such as Flame, Stuxnet and Duqu.

If you’re wondering how you manage to work in such a sterile environment – have a think about how the cloud supports your remote working now. Keeping your data on your local hard drive isn’t the necessity it once was; it seems quite antiquated to me.

Cloud services that allow you to store your data online mean you’re only ever a click away from that data, and given the ubiquity of Internet access these days, that’s never a problem. Of course data stored in the Cloud isn’t beyond the reach of search warrant of subpoena, but at least it’s not local on your device being carried through a border crossing.

Email inboxes should remain empty until you’re safely through a border crossing, and on a known and trusted network. Once you’ve downloaded your recent email remember to remove the account and wipe the device before you leave the country too; there’s no sense taking the precaution for inbound border crossing and forgetting about the outbound.

The same applies to file data, leave your files in the cloud and only access them when it’s safe. Don’t store anything locally unless you can securely wipe the hard drive after use.

From an enterprise IT perspective; CISOs and CIOs should educate their users on how to handle such incidents, and of course draw up a policy for international travellers. It does occur to me that your IT department can help, by disabling your access to ‘their’ services on your devices until you give them the go ahead once safely at your destination. Deleting your stored passwords on devices would also prevent the access of data not stored locally.

For travellers the Cloud should now be as essential as your flight socks and money belt. As someone before me once said – “Don’t leave home without it”.

Add your comment (0)

CISSP, CCSK
Mimecast

Article Tags

,

By on April 30, 2013

InfoSec 2013 = Cloud Is Growing Up

London was again the venue for the 18th Infosecurity Europe conference last week. Along with over 100 other exhibitors, it was a busy three days for Mimecast – security workshops (summarized in our blog post last week), talking to crowds attracted to our eye-catching stand and some great conversations with media, customers and prospects.

As expected at the premier security event, security was hotly discussed with topics such as mobile security, cyber warfare, threat detection and prevention reoccurring themes.

Given security is a vital part of our offering, we’re most interested in the evolution of the security landscape and how it impacts communication technology in business. From this viewpoint, we noticed a clear point emerging from the conversations this year – we’re entering a new chapter in the maturation of how businesses consider cloud services.

Gone are the days of businesses questioning whether its data is safer in the cloud, now the focus is on issues such as whether a vendor truly believes in industry standards – for instance, there is an increasing expectation of vendors to be accredited against third party standards e.g. ISO 27001 and participate in transparency initiatives such as the CSA STAR registry.

In addition, IT teams are becoming increasingly sophisticated in testing whether vendors can stand by their SLAs. On this subject, one of our customers Paul Dryden invoked a vivid example in one of our workshops about how he evaluates cloud vendors – during a tour of the data centre he spontaneously asks the vendor to cut the power to see how the system reacts. Apparently, only one vendor has managed to perform the immediate simulated power cut for Paul and while this is one of the most extreme examples, we’ve encountered other customers and prospects that have indicated that they’re testing the SLAs of cloud vendors more rigorously.

With increasing pressure to comply with industry standards and more demanding tests around the strength and depth of their service, cloud vendors seem to be at a cross-road. Those services which have the scale and rigour to meet these growing expectations can look forward to growing recurring revenue, while the others will find themselves outside of the commercial conversation.

It’s possible that we’ll look back at 2013 as the year that there was a shake-out of the cloud service vendors, with security one of the key drivers for this change.

Add your comment (0)

Social Media Director
Mimecast

Article Tags

,

By on April 23, 2013

10 Years of Mimecast – The Start of Something Big…

Mimecast 10 Year Anniversary

Last week, around 450 people at various Mimecast locations around the world celebrated Mimecast’s 10th birthday.  In truth, only a handful could really relate to the journey from humble start-up to major industry player, so for the majority, last week’s festivities were more about taking stock as one financial year was closed and another began.

There’s no question that ten years is a major milestone, and just cause for celebration, but it’s also true that Mimecast’s future is now a more compelling story than our past.  For much of that decade, we’ve consistently revisited the genesis of the business, and told the story of how our founders met and conceived of a SaaS-based solution to the increasingly painful task of managing corporate email.  It’s been important to show that Mimecast’s platform was built for SaaS from day one, not retrofitted from some legacy model.

Increasingly, though, it’s the future that matters.  For our staff – we’ll be doubling the size of the workforce over the next 12 months – we’re a company that’s growing, providing fantastic career opportunities and investing in training to ensure Mimecast continues to put the needs of our customers front and centre.  For channel partners, we’re a strategic partner around which they can build a strong, profitable, sustainable business for the next decade.  And for customers, while we continue to solve those painful email problems, we’re increasingly talking about the value of unstructured data and the potential of our platform – and the API’s we’re making available - to liberate the value of corporate information.

It’s important to stress that this isn’t just Mimecast and our increasing sense of self-worth; it is a growing expectation of our customers, partners, investors and employees.  What does the future look like – what is the journey?

As I said, our 10th birthday, for most Mimecast staff, was a celebration of the momentum that the business is generating right now.  In the last five years, we’ve grown our customer base from 915 to 7,000 and our users have rocketed from 160,000 to almost 2 million.  In March alone, we took on 350 new customers and more than 200,000 new users, that’s 25% more users than the total for the first five years in a single month!

The realisation for most in the Mimecast ecosystem is that this is becoming something of an irresistible force.  The last ten years have been about laying a foundation.  It’s the next ten that will shape our destiny.

Add your comment (0)

Chief Strategy Officer
Mimecast

Article Tags

, ,

By on April 4, 2013

Rogue Access Points Make Prime-time with The Doctor

Clara Oswald

Doctor Who: Series 7 Part 2, The Bells of Saint John.

There’s something in the WiFi. You know you’ve made it as an actor and as a security issue when you appear on Doctor Who. If, like me, you tuned-in to (showing my age there, who “tunes-in” anymore?) the new series of Doctor Who last weekend, you may have chuckled at the use of WiFi networks as a medium for evil. Rogue Access Points that upload the soul of their users, leaving them trapped inside a Spoonhead, sorry server, somewhere in London’s Shard building. Kudos to the script writers for the plot, and for renaming servers, spoonheads – I’ll be in the spoonhead room.

“I don’t know where I am… I don’t know where I am…” is a cry most IT managers, administrators and help desk staff have heard in their time; usually from hapless users trying to find their way onto the network or perhaps around their desktop, rather than being trapped inside an evil WiFi network. That wasn’t lost on me, nor was the uploading of souls; something we might think Facebook has in their roadmap–or at least the curating of your own soul. The evil walking WiFi base stations, hoovering up data and people, did remind me of Google Street View cars that were caught hoovering up WiFi networks, but I’m sure that’s coincidental.

Now, while not all WiFi networks are this evil there are certainly many we should avoid. I’m still amazed to see the SSID “Free Public WiFi” whenever I’m on a train or at an airport; while not necessarily unsafe, it does indicate an old an unpatched version of Windows XP is running somewhere – which in itself is terrifying. Others are certainly more dangerous; there’s often a looky-likey network at conferences or near popular coffee shops, designed to trick you into joining and routing your traffic through them. This is just plain unsafe and even on open public networks you should always use a VPN or at least HTTPS connections. Firesheep was an excellent demonstration as to how vulnerable unencrypted web traffic is on open wireless networks.

As IT professionals we’re constantly reminding our users of the security risks associated with the unknown; like free or open WiFi networks as well as clicking links in email. Hopefully now Rogue Access Points have made it to prime-time this job will be a little easier.

I’m waiting to see if there is another episode of Doctor Who dedicated to Phishing emails, or perhaps password sniffing, but in the mean time I’m trying to work out how to change my SSID to that funky font used in Doctor Who.

Remember, if you’re looking for WiFi and sometimes you see something a bit like this, don’t click it.

Stay safe!

Add your comment (0)

CISSP, CCSK
Mimecast

Article Tags

, ,

By on March 4, 2013

The Evernote Hack – After the Panic

Evernote emailThis weekend Evernote became the latest cloud vendor to have its systems breached; user data including passwords has been compromised. In case this is news to you, a quick recap – Evernote assured us that passwords were correctly hashed and salted unlike LinkedIn, who neglected to salt their passwords. Evernote didn’t tell us whether or not the salts were compromised too. The attack “follows a similar pattern” to others so we can assume some sort of long term APT style compromise.

There are a couple of interesting observations one can make as a result of this last hack.

The usual amount of your-data-in-the-cloud-is-not-secure media hysteria has been dished out; no doubt some Evernote users will be busy deleting their notes as a result, even though their contents are probably as interesting as the ingredients list on a bottle of water. Being an Evernote user (yes, I have reset my password) I can’t help but think this isn’t about data in the cloud, or about the cloud at all; this is more about a target. Evernote was the target in this instance, before them it has been LinkedIn, Facebook, Yahoo, RSA Security, New York Times, Iranian nuclear centrifuges, the list goes on. Once the target has been identified this sort of “coordinated attempt to access secure areas” is likely to succeed regardless of the data’s location. The data could be anywhere; in the cloud, a server on your LAN, one of your users’ laptops (Facebook), a mobile device, a filling cabinet (remember those) or even data left on someone’s desk – the attackers will use whatever means they need to compromise that data.

Secondly, if there is weak security protecting that data, again the location is unimportant. Putting the data in the cloud on a dedicated platform means, as in Evernote’s case, the breach can be monitored and contained by people who’s job it is to do that. There is very little one can do to contain the old school espionage attack that reads secure material from your desk or even from your rubbish bin.

Evernote did the right thing and alerted its users to the hack, emailing them to advise password resets. They did slip up slightly though, by providing a link in the same email that also suggests users should “Never click on ‘reset password’ requests in emails — instead go directly to the service”. But to be fair, this is the first time Evernote has had to deal with this threat.

What this sequence of events really means is that 2013 could be the year that cloud service providers will rebalance their priorities, so that preparedness for attacks will be as important as getting the latest app version out the door, and also that we as consumers realise the importance of our data regardless of where we leave it.

Add your comment (0)

CISSP, CCSK
Mimecast

Article Tags

, ,

By on February 11, 2013

Enterprise SaaS: Service and Support is Vital for Growth

Too many Enterprise SaaS and Cloud vendors focus their efforts on marketing and spinning a good story to attract new customers, rather than spending time or money looking after those customers once they have signed on. Once the ink is dry on the contract ongoing service and support seems to be an afterthought.

According to newly released global research from The Enterprise Strategy Group (ESG), Enterprises value SaaS applications, particularly for email-management, but customers are facing significant service and support challenges plus a lack of ongoing aftercare from their SaaS vendors.

The “SaaS with a Face” report, which asked 248 global companies currently using SaaS-based e-mail management about their usage and service satisfaction, indicates the problem is so bad that of non-Mimecast SaaS customers 22% are looking for a new SaaS email management vendor.

Given some of the largest and most aggressively marketed vendors in the Cloud email management space are publically listed companies, it’s quite clear their drive to attract new customers is part of a shareholder-pleasing business plan. Ongoing aftercare and customer satisfaction seem not to be a concern to them.

If these vendors want to grow, they need to wise up about their customers’ expectations. Service and support is a vital addition to an Enterprise SaaS product offering; simply delivering a fancy Web 2.0 interface, or expecting your customers to fend for themselves on support forums is not enough. The ESG SaaS with a Face report identified that 66% of customers cited vendor support as an important vendor selection criteria, only 34% noted that they had actually achieved improved service and support compared to traditional software vendors. It would seem that well-known cloud vendors are letting their customers down.

The impact of bad service and support by SaaS email management vendors are wide and have a significant impact on their customers. When asked what service and support challenges customers faced with their SaaS email management vendor the list of problems indicates a severe lack of aftercare; for example 27% of non-Mimecast customers were not able to find the right person to solve their problem. A further 15% reported inexperienced support staff, while missed SLAs and long support wait times were reported by 18% and 17% respectively. Worryingly 12% of non-Mimecast customers cited that some problems were never resolved.

For a true Enterprise SaaS vendor, offering industry leading service and support is an essential part of the relationship we have with our customers. Unlike other SaaS and Cloud email management vendors who build their solutions by cobbling together a collection of acquired of OEMd products, Mimecast’s infrastructure is purpose built by our own team. This means we are not tied to 3rd parties for customer service and importantly can support our own customers in the high standards they expect.

This personal level of involvement by all our service, support, development and customer facing teams means the Mimecast difference, or out “SaaS with a face”, really shows; our customers rate our award-winning customer support highly and, as a result, report satisfaction well above the industry average – 85% of Mimecast customers have no plans to move to a different vendor.

To read the complete ESG SaaS with a face report, click here. We also hope you like our infographic, embedded in this post, which reflects the findings of the report.

Add your comment (0)

CISSP, CCSK
Mimecast

Article Tags

, ,

By on January 28, 2013

Postini Exit: Time to Choose

If you’re a Google Postini customer, or even an observer of the market, you’ll be well aware that Google has brought the curtain down on its Postini email services. To paraphrase Google, it’s “transitioning Postini services to the Google Apps platform beginning in 2013.”

“Transitioning”, is another way of saying we’re cutting you off and you better do something about it. As an IT professional you’ve probably been cursing the day you found this out; I bet the idea of an unplanned migration of such a core service is something you wished happened more often, isn’t at all disruptive is it?

 Part of the worry about moving to a new platform will be the completeness of said platform. The Google transition FAQ tells us there is some core functionality missing. For example; you won’t have a quarantine summary until Q1, 2013. Users won’t be able to manage their quarantines online, like they do now, until Q2, 2013, along with reporting. Outbound filtering won’t be with you until Q3, 2013. And, if you want any sort of admin quarantine the best estimate you’ll get from Google is 2013.

Sadly, the list of missing or unsupported features goes on, ultimately ending in a couple of shockers that leave you worse-off in terms of SLA too.

Frustrated? Worried? Considering your options?

By now you’ll have noticed the veritable feeding frenzy that email security vendors have got into. Some offering 6 months of service free, others touting free migrations to their platforms. Ultimately betting the farm on a gimmick in a hope they can attract you. They’re not really considering the financial impact on their business-model of ‘free’ stuff in this, already cut-throat, market. Race to zero anyone?

The problem I have with this race to the bottom, is it undermines the value of email security and the gateway and is a dis-service to you, the customer. The last thing you need is a vendor who’s sold themselves to dirt cheap technology in a mad dash to gain market share. In a year or two it’s likely you’ll be migrating away from that vendor too as they run out of money and innovation.

The knock on effect of this market behaviour is also a lack of investment in R&D, which you’ll notice when you start to conduct your own due diligence on these vendors. Offering a free migration to a service could well be covering up weaknesses in technology that are likely to be a show stopper if you dig deeper. If you’re in this situation as the vendor about their ‘cloud infrastructure, and whether it’s really cloud or not; chances are it’ll be a hosted version of their on-premise gateway technology. I don’t need to point out that’s not cloud, nor is it scalable, and it’s bound to hurt sometime down the line.

Faced with the choice between incomplete and imperfect it makes sense to take some time out from worrying about this unplanned migration, put aside the hysterical marketing from the ‘look at me’ vendors and consider your options.  We’ve put together a short video that makes this point and might help you decide what steps to take next.

Yours in email.

@orlando_sc

Add your comment (0)

CISSP, CCSK
Mimecast

Article Tags

, ,

By on December 17, 2012

Mimecast Gains Second Magic Quadrant Position

You may have heard last week that we had some good news; we’ve gained a second Gartner Magic Quadrant position this year – our enterprise archiving solution has just been positioned in the Gartner Magic Quadrant for Enterprise Information Archiving. Together with our recent inclusion in the Magic Quadrant for Secure Email Gateways, this is further affirmation of our standing as a leading provider of enterprise email management solutions, and a great way to round off 2012.

Gartner’s analysts took a very close look at the tools we give our customers to manage their information stores and saw our determination to bring innovation and new products to the Information Archiving space. Earlier this year we beefed up our cloud based Information Archiving services, adding some very useful new capabilities for your business and your users: We introduced the Mimecast File Archive which allows you to archive file data from network shares, home drives, SharePoint, Box and Dropbox.

 We also launched a new iPad app called Mimefiles, and a much talked about integration between Microsoft SharePoint and the Mimecast cloud archive. Importantly we have given your end users tools to access their personal archive from their chosen email client or mobile device (iPhone, BlackBerry, Windows Phone, Android, empowering their productivity, like no other Cloud Archive.

Mimecast’s vision for the enterprise archive is that it can do so much more than just store data. Mimecast has a vision for an Interactive Archive, where your cloud archive becomes not only a highly available and secure repository of all enterprise data, but it also becomes an incredibly useful source of information, allowing the business and its users to drive value from the data therein. EDiscovery, security, business intelligence and productivity all become vital components of the day to day use of your enterprise archived data.

We are thrilled Gartner have recognized our industry leading technology, and specifically mention the delight we bring to our customers and their users. To find out how Mimecast can enhance your information archiving and end user productivity as well as read the Gartner report, click here.

Add your comment (0)

CISSP, CCSK
Mimecast

Article Tags

, ,

By on November 14, 2012

Email is in great shape!

In June 2012, Mimecast released the first results of a series of regular reports that we are running under the banner of “The Shape of Email”.

You can view our blog post of the time here, or the original report here.

In that report we interviewed IT Managers and found that there was a perception that email was mostly unimportant or non-critical detritus clogging up people’s days.

Today we released the second in this series of reports. This time we directed our questions towards end users and found that the follow on from the assertion that email in-boxes are clogged with non-critical things is that workers are spending more than half their time interacting with their email.

This interaction is not limited to replying to messages or composing new items, but also encompasses things like using in-boxes as default file server and search tools. In fact, 86% of the two and a half thousand respondents said they rely on email to find documents. Because of this huge amount of time spend interacting with email systems, we have started to call these workers “Inbox Workers”.

Because of the amount of time spent working with email and because of the fact that users are using their email systems as informal file systems and document archives, it became very clear in this report that users are not particularly interested in changing the way they communicate today. This is interesting in light of the fact that our first report highlighted that IT Managers are introducing enterprise collaboration tools into their businesses in order to reduce the load on email systems.

“Email is dead” is something we hear all the time, vendors and industry pundits talking about how social media and the millennial generations are eating away at the way email allows us to communicate and slowly killing email. Millennial generation individuals want to consume bite size bits of info, they want to crowd source all of their conversations, social media is removing the need for archaic communications like email. We have definitely heard all of this before.

In this report, we find a completely contrary response.

Firstly, we found that email is preferred over social media for all forms of workplace collaboration including exchanging of documents (91% prefer email), arranging meetings (89% prefer emails) and sharing views and opinions (72% prefer email).

Next we found that 78% of respondents say that social media has not impacted on their reliance on email as a form of business communication, in fact, 74% feel that emails are taken more seriously than social media connections.

A short while ago I read this fantastic blog post in which Paul Carr, founder of NSFW Corporation, explores his preconception that email is dead. He sends out an email to his subscriber base telling them that he will be retiring what little email functionality they have with the unexpected turn of events that their subscribers suddenly notice them and start making requests for more email related features.

Peter Bauer, our CEO, makes an interesting observation out of the report. He says that even though there are a large number of specialist collaboration and social tools out there, email remains the communication and collaboration tool of choice for most business users.

In short, end users are telling us that they have a love/hate relationship with their email. They are dependent on it and don’t want to learn something new but are, at the same time, frustrated that email hasn’t evolved to keep pace with changing work practices.

All in all a very interesting report that shows in spite of all the things wrong with email and the rise of social media proclaiming email’s death, email is in fact in great shape! Go here to download the report.

Add your comment (1)

Enterprise Consultant
Mimecast

Article Tags

, ,

By on November 12, 2012

Mimecast’s Vision For The Interactive Archive

The Interactive ArchiveEmail is still the dominant form of communication in businesses today. It pervades almost every system and transaction and still remains a quick, casual form of communication. Email has become a mission critical application within businesses because of the importance of the data transacted through, and stored in, email environments.

A decade or so ago, as IT departments began to recognize the growing importance of the corporate email environment, they started to add supporting services and platforms around the core server environment, which is predominantly Microsoft Exchange. Appliances, applications and services to protect and store email were added, usually driven by business problems as well as changing corporate governance requirements.

Email archiving was one such platform, and remains of critical importance today. Email archiving systems were first added to our networks in the mid to late 1990s, initially designed to solve storage management problems, but more recently utilized to enable businesses to retain a complete record of their corporate knowledge and intellectual property. Long term retention of email nowadays is invariably driven by a need to respond to legal obligations under subpoena or eDiscovery request, or mitigate against the threat of data loss due to disaster or accident.

The advent of Cloud Computing in the same timeframe has disrupted these traditional on-premise email archiving markets. Cloud Computing has permeated almost every industry in ways even the most forward thinking IT departments could never have imagined. The result is a paradigm shift in modern computing. The rise of the Cloud could even be described as the dawn of a new computing age.

Those old on-premise archives are being eclipsed by the capabilities of a new type of Cloud-based email archive, an Interactive Archive.

The Interactive Archive, driven by the Cloud, is a more useful, valuable and interactive archiving platform for business users. The Interactive Archive allows users to leverage the archive and data therein for business intelligence, as well as end user productivity, ubiquitous access, and the corporate governance and compliance requirements that underpin the archive itself.

The concept of an Interactive Archive delivered from the Cloud requires a new way realizing value in a computing platform. The Interactive Archive is one that will be deployed from the Cloud, but not all Cloud archives are created in the same way. Simply archiving email in the Cloud only removes the local storage overhead and expenditure, while giving the users a degree of flexibility in terms of access – in fact, most Cloud archives are still about storage and eDiscovery.

The Interactive Archive is about much more – it’s about extending beyond this ‘simply-storage’ model by offering to leverage more of the value in the archived data. It’s a platform that puts the productivity benefits of using email back in the users’ hands by making their personal archives available in many ways – as well as including sources of information that would otherwise need a change in work flow for end users.

The Interactive Archive is one that acquires and consolidates the user’s desktop applications as a source of information – their web applications and services, their corporate information flows in platforms like email and mobile platforms – then provides a central and single copy under management. Importantly a single view of all these information streams also gives the business a concise, forensic and complete repository for eDiscovery, compliance and business intelligence use. The important concept of ‘interactiveness’ comes from the end users and the business can make use of the data; platforms such as Outlook, SharePoint, mobile devices and APIs all bring new ways to leverage the accumulated data. Delivering business intelligence back to the organization by leveraging the data-exhaust of the Interactive
Archive now becomes possible too; in short making the data within the archive worth more than simply an eDiscovery tool.

To find out more about Mimecast’s vision for the Interactive Archive, download our Whitepaper – “Is your Email Archive a Goldmine or a Black Hole?

Add your comment (0)

CISSP, CCSK
Mimecast

Article Tags

,
Previous Posts