All posts in Strategy

By on December 27, 2011

Future-proofing your Microsoft Exchange Upgrade & Migration Strategy

Back to the Future time machineThe future… if we actually had an endless supply of dilithium crystals or flux capacitors, gadgets like floating skateboards and Tricoders might be more common. But sadly they’re not; so the only real prediction I can make for the future (that’s relevant to this blog post anyway) is that Microsoft are planning to release a new version of their Exchange Server software every three years. We should be seeing the next version towards the end of next year, currently being called Exchange 15.

Like Christmas, it feels like new versions of core server software come round far too quickly, especially such valuable services like Microsoft Exchange. We’ve previously mentioned the lengthy procurement cycles that keep such services a constant version behind before, which generated some good feedback and discussion; many Exchange admins told me those delays adversely impact their own deployment plans, which is intensely frustrating for them and often forces their migration project into the red.

So, rather than roll out the ubiquitous predictions for 2012; I’m going to suggest that in the absence of 1.21 Gigawatts you can take a stab at future-proofing your Exchange environment now, so you’re not left thinking in future -

“I’m migrating again. Surely not? Didn’t I just finish the last upgrade?”

However the last migration or upgrade you performed was probably a little easier; the requirements were different then, and there was dramatically less data than today. The move from Exchange 2003 to 2007 was mostly about the new 64 bit hardware required, but the move to Exchange 2010 is often about the volume of data instead.

As your users make merry with the disk space allocated to the Exchange Stores, their mailboxes have grown and grown, you’re probably wondering how you’re going to move several Terabytes of data to the new Exchange platform; but, more importantly wondering when you might have to do this again. The short-term nature of IT and the constant cycle of upgrades and migrations means you may have to answer those question sooner than you expected.

One simple solution that future-proofs your migration and upgrade strategy is to deal with the data now by augmenting your on-premise Exchange with a Cloud based email management solution. Using this Cloud based email management solution is simple; the elastic and scalable nature of the Cloud lets you ‘dump’ your oversize email stores into a secure, scalable, flexible and resilient solution that will grow with you, but at the same time allow the users to have direct access to that email data through Outlook as though it was still on Exchange.

Now here’s the part of plan we don’t talk about very much, but one that provides a great degree of flexibility. When the next migration or upgrade comes around, or if you want to move from one platform to another, having already dealt with the data means your core email service i.e. Exchange, can be anywhere or anything. Upgrade, downgrade, move to Office 365 and back again, migrate some users or all users, the choice is yours; Augmenting Exchange with the cloud means you’re not tied to any one solution or version, both today and next year when it’s time to upgrade again.

 

 

 

 

 

 

Add your comment (0)

CISSP, CCSK
Mimecast, North America.

Article Tags

, , ,

By on December 12, 2011

What’s in an email address?

PasswordThere has been much debate recently about the value of email when compared to Instant Messengers and Social Media. I’m not going to reinvigorate that debate here, but the whole passionate brouhaha has got me thinking about what it means to actually have an email address and how important that short string of text has become.

Two words spring immediately to mind when I think about what is actually in an email address, those words describe a process that has quite a profound affect on you as a users of Internet services. Those words are;

           “Password reset”

Your email address, whether given to you by your employer, your ISP (remember CompuServe?), or chosen by your own fair hand seeks to identify you. In many cases an email address is your name, or part thereof, and is generally recognizable unless you’ve taken steps to make it less so.

I have an incomplete thought about this identity; we take this identity for granted, we assume that this identity is true, and we generally don’t question the legitimacy of an email address or the identity of the supposed sender. This of course is exploited fantastically well by malicious senders who are attempting to dupe us out of our financial information or login credentials. As a former penetration tester I can tell you that I’ve always had 100% success with email-based attacks sent from addresses that ‘claim’ to be from someone they’re not, especially if the sender demonstrates a little knowledge of the recipient or subject at task.

But, and here’s the paradox; we understand social engineering and phishing very well, yet we still treat an email address as an identity don’t we?

Often this identity is all you need to carry out that password reset; gain control of an email address or account and you have instant access to a mind-boggling array of personal accounts and information. Often the ‘forgotten password’ link simply asks you for your address, sometimes you may be prompted for more information – ‘mothers maiden name,’ ‘place of birth,’ ‘month of birth’ etc – social media anyone? Some sites even ask you for ludicrous validators like “your preferred internet password.”

I expect that just supplying an email address to a website to request a password reset is a shortcut on that website’s part, they could do more but probably don’t want to over complicate things for you. This is a fantastically naive expectation of identity on a simple, string of text. I suppose the expectation is that the recipient hasn’t had their email account compromised, but no website I’ve ever used has asked that question.

Culturally an email address now makes up a significant part of you identity, in some cases it is 100% you. I suspect without the casual and formal asynchronous subject centric communications currently known as email (to coin a phrase of our CTO) you will find you lose a little of your identity, even if you can no longer reset your <insert website of choice here> password.

Add your comment (0)

CISSP, CCSK
Mimecast, North America.

Article Tags

, ,

By on December 9, 2011

Velocity: How fast is your Exchange Server Store growing?

Blurred vehicle lights and cityscapeThis week Mimecast has been at the Gartner Data Center Conference 2011, in Las Vegas, with a packed agenda full of insightful discussions and presentations. As expected the Cloud was a strong trend throughout the week, but I couldn’t help but notice that another trend has emerged since the last summit; that of Big Data, a topic this blog has written about many times before.

One particularly compelling presentation by Gartner Research VPs, Merv Adrian and Sheila Childs delved into Big Data. The packed session was standing room only, so this is obviously a hot topic for people looking for insight to help them solve their own unique problems.

Adrian and Childs identified a shortcoming in the way business and technology leaders talk about big data, in that the emphasis is often placed on volume. They rightly pointed out that

“The most difficult information management issues emerge from the simultaneous and persistent interaction of extreme volume, variety of data formats, velocity of record creation and variable latencies, and the complexity of individual data types within formats.”

As we’re concentrating on volume of data, we’re often forgetting about the velocity, variety and complexity of the data too.

Adrian and Childs went on to quantify velocity, which is when I started relating it to email data and Exchange Stores.

Velocity involves streams of data, structured record creation and availability for access and delivery. Velocity means both how fast data is being produced, and how fast the data must be processed to meet demand.

The most important factor when it comes to thinking about Big Data in relation to Microsoft Exchange Server, in my opinion, is velocity. Of course most Exchange databases won’t have the sort of big data that most data center managers have to worry about, but to those of us who manage Exchange Servers, I’ll bet the data therein is one of the largest repositories of data in your environment. To coin a phrase of our Chief Scientist, you have essentially got a Nano-Google’s worth of data, it’s important to you, but nothing that hasn’t been dealt with before, but trying telling that to the Exchange administrator when they’re planning to migrate the stores from one version of Exchange to another.

So what is the Velocity of your Exchange Server? If Velocity is the stream of data, record creation and availability for access and delivery, I’m sure there must be a quadratic equation that will actually give us a figure for this. But I was thinking more about it in terms of every day reality, especially if that reality means an upgrade or migration.

The unique big data complexity that exists within each Exchange environment is compounded by the velocity of the email environment that surrounds it. The data will continue to grow at a rate that can only be determined by a number of local factors; corporate culture, use of email, access to email, integration of email into other systems. Again, I’m sure there is a quantitative way to work out what this velocity is.

When you’re thinking of doing something with your nano-Google Exchange store I would suggest that getting a grip on the velocity of Exchange is the first step. I doubt very much that you can do anything to throttle this velocity, not without upsetting your users at least. So I’m drawn to the phrase “Just Enough on Site” which is one we use at Mimecast, to describe an Exchange environment that has been given the benefit of Cloud Augmentation to take the Big Data load off said server, before, during and after a tricky migration.

I would argue that the amount of ‘online’ data needed in an Exchange Server is pretty minimal, probably about a month or two. The rest doesn’t need to be offline, but keeping it near-line is way more productive. Remember velocity is also about how fast the data must be processed to meet demand. Surely putting the less accessed and older data near-line in the cloud means your Exchange can concentrate on the on-line velocity of the real time data?

 

 

 

 

Add your comment (0)

CISSP, CCSK
Mimecast, North America.

Article Tags

, , , ,

By on November 28, 2011

Gartner Predictions for 2012 – Counterpoint

The Rise of the Client/Cloud Paradigm and the Age of the Cloud App.

Gartner has just published its predictions for ‘2012 and beyond’ and, as usual, there’s plenty of good content.  The overall focus is on IT relinquishing the traditional notion of ‘control’ as the big macro trends of consumerization of technology and cloud take hold.  Nothing particularly earth shattering there, but Gartner goes on to dig beneath the surface and look at how these things might manifest themselves over the next year or two, and this is where it gets interesting.

Matt Cain’s section on Social Software and Collaboration points to the move away from the ‘traditional desktop client’, prompted by the proliferation of mobile devices and a ‘richer mix of email clients and access mechanisms.’  All good so far.  But he then goes on to suggest that we’ll see a big shift in favour of browser-based access to email, with HTML 5 acting as the catalyst in closing the functionality gap between browser email and desktop clients like Outlook.

And this is where I take slight issue, although of course making predictions is a mug’s game at the best of times.  In my view, the idea that most people will consume their Exchange email via OWA is wrong. The more probable outcome is a client/cloud model – where the device you use (notebook, tablet, mobile) defines the client and the client simply interacts with the cloud service.

Even Gmail now has clients for iOS as opposed to stubbornly insisting that users use their HTML5 rendering. Taking this further, most Gmail users have pointed out that they see no need for an app or for using the HTML5 because they can simply set up their Gmail account on the iOS native email app and that gives them the best experience.

Facebook also realised this and eventually produced dedicated client/cloud apps for both iPhone and iPad after insisting – for years – that HTML5 was good enough.  The fact is, HTML5 is there as a catch-all for client app gaps, but it’s not the panacea we might have thought it would be.

Instead, the panacea is a consistent user experience – but not in the way people tend to think. The consistency of UX is device-dependent, not application specific. People want an iPhone email app to work in the way that works best on an iPhone, same with WP7 and Android. UI mechanics, look and feel, application switching, local settings and so on need to work the way apps for that particular device work;  otherwise it’s an annoyance.

Mobile notebook users running Windows will, I suspect, continue to use Outlook above OWA because it’s a Windows app with a rich experience and works the way Windows works. This leaves “bolted to the desktop” users with little to do in terms of remote access. They’ll use Outlook at work, and won’t use OWA at home or elsewhere – simply because they would have been given a notebook if they needed remote access anyway. So I see limited OWA use cases.

It’s all about client/cloud.

The rise of the app and the sophistication of touch UI means that you can’t dumb down the experience to a one size fits all anymore. Unfortunately, this also doesn’t mean that you don’t have to build HTML5 “clients” for end users – you’ll simply have to do all of the above, which is no mean feat for a service provider.  But the fact is, this approach makes perfect sense to the end user – and the end user is king in our future and just about everyone else’s.

Gartner’s Top Predictions for IT Organizations and Users, 2012 and Beyond: Control Slips Away, November 23rd

Add your comment (0)

Co-founder and CTO
Mimecast

Article Tags

By on November 23, 2011

Migrating Exchange at the moment? 2007 or 2010?

Microsoft Exchange MigrationMimecast recently commissioned Loudhouse, an independent research consultancy to take a look at the Exchange Migration situation. The research tells us that there is a mass migration of Microsoft Exchange Servers going on right now. At Mimecast we call this ‘The Great Email Migration’ and some interesting facts and figures have been discovered.

Underneath the headline research figures there is a lot going on that struck me as interesting if not perplexing and clearly frustrating; I’m often talking to CIOs and IT Managers about their email infrastructure and recently their plans to migrate to the next version of Microsoft Exchange Server; I’m always assuming they’re planning to upgrade and migrate to Exchange 2010 or Office 365, but I’m hearing more and more choosing to stay a version behind on Exchange 2007, but not for want of trying.

Microsoft, and in fact Mimecast, are desperate to get you all off the old versions of Exchange, away from those Exchange 2000 or 2003 boxes that are still out there, but for so many the upgrade path stops at Exchange 2007. I began to wonder why this is, and after a quick unofficial straw poll I found a pattern emerging.

Firstly I noticed that upgrade plans for Exchange have been in the pipeline for quite a long time. Many people tell me they were planning to upgrade from 2000/2003 versions to Exchange to 2007 pretty much as soon as they heard about the new release. But given the scale of the upgrade the project took them longer to budget and plan for, most blame their own internal and overly complex procurement process; whereby a non-technical procurement employee veto’s or delays the project for trivial reasons.

Secondly, I’ve heard quite a few mentions of a “patch-and-pray” mentality to upgrades. Let me be clear, there is only so long this kind of support process lasts before your Exchange Admin is facing a late night and lost weekend due to some sort of failure, and that’s the last thing we want. At some point the CIO has to admit the business and the users have outgrown their email environment and it’s time to look elsewhere; but this overly cautious approach, akin to the “if it ain’t broke don’t fix it” method, means you’ll never be close to the latest version. Fear of change, hesitation and caution are the enemy of new technology.

All of this frustrating behavior adds up to significant delays; delays that leave your IT project plans looking like the airport departures board during a heavy snow storm. You know you’ll get there in the end, but the wait is agonizing and you would do almost anything just to “get on with it.”

A permanent cycle of delays means your Exchange environment could always be stuck a version behind. Given that Microsoft plan to release a new version of Exchange every three years, I’m always concerned when I hear of project life-cycles that are even longer; how can you possibly take longer to deploy the platform, than it took the vendor to write the software in the first place? Don’t answer that I already know how; project scope, evaluation, planning, more planning, more evaluation, procurement, re-scoping, procurement, deployment planning, re-scoping, procurement, and so on. Initial project evaluation to final deployment for Exchange 2007 could have taken so long, that Microsoft have released Exchange 2010 in the meantime. And so the cycle continues.

Breaking the upgrade cycle is something I’ve written about before; now is the time. Seriously, Exchange 2010 is worth the effort, especially if you’re still floundering about with old versions like 2000 and 2003.

 

 

Add your comment (0)

CISSP, CCSK
Mimecast, North America.

Article Tags

, ,

By on November 18, 2011

How Does Microsoft Approach Cloud Security?

Doug Cavit, the Chief Security Strategist at Microsoft recently did a great video on Cloud Trust at 10,000 feet.

It boiled down to- Can you trust it and how does Microsoft do Cloud Security? Which raises the obvious question: How does Mimecast compare?

Doug is a really interesting guy- he was the CIO of McAfee for 8 years- protecting them from threats – an important job if you consider what happened to RSA. When he joined Microsoft he worked on the OneCare product team as Microsoft started to become more of a service provider in the security space, so he’s definitely one of those people that’s been on both sides of the table.

In the video he’s answering one of the questions we get asked most: How can I trust my data is going to be safe in the Cloud? And it’s a question we take more seriously than anything else.

The fundamental difference in Cloud vs On-Premise is control.

When your data is on your own equipment, you have ultimate visibility and control over the policies and processes that operate on that data, which means you can be the ultimate arbiter as to how it’s treated. With the Cloud, you aren’t. So how do you deal with that?

With Cloud, you need to trade control for transparency.

That’s the only sustainable way to cede control over something so important- your business data, and in our case, your primary communication method, email.

So we take transparency extremely seriously here at Mimecast, to the point where we have a whole team of people here at dedicated to transparency- helping our customers receive the insight and information from us.

What makes a provider transparent and therefore trustworthy?

Policies are the jumping off point- ensuring these meet your requirements as a customer. Policies are fine, but how do you make sure they are followed into procedures? This has consistently been one of the hardest things for Cloud companies to prove because in an emerging sector like Cloud, standards always lag behind the technology. So we’ve had to forge best practices and procedures through collaboration with organisations like the Cloud Security Alliance, which is helping ISO update the Cloud security controls for ISO 27001. But we’re getting there, and hopefully soon we’ll have the most comprehensive ISO 27001 implementation of any Cloud provider to date.

What about reliability?

This is where the rubber meets the road. To take a phrase from the financial services industry- “Past performance is no guarantee of future results” couldn’t be further from the truth- what has the service provider delivered to date? Are they open about it? What’s their SLA to back it up? And we like to put our money where our mouth is too, with an industry leading 100% uptime SLA.

Thinking more broadly about putting your data in the Cloud- one of the most important things to think about is the actual data- how much risk does it represent? It sounds like a ridiculous question, but classifying the data is such an important part of GRC: you don’t need to protect your marketing brochures the same way you protect your trade secrets. Doug has a great quote from the video “I can’t protect something if I don’t know what it is”.

Thinking about the lifecycle of the data and your relationship with the Cloud provider is critically important-  I talk about Birth, Marriage and Divorce in my presentations. It’s easy to think about the birth and marriage when going to Cloud, but vital to think about divorce, in case you need to get it out at the end. It’s a tough question for structured data, like accounting or ERP but significantly easier for unstructured data like emails. Our customers can download their data at any time.

One thing he doesn’t mention is data sovereignty… where your data is physically located, which is becoming more and more important because of legislative requirements and judicial concerns, like the Patriot Act. Having your data located in the right jurisdiction is critical.

So like Microsoft we take a two step approach to security.

  1. We reduce vulnerabilities as much as we possibly can in software
  2. And recognising that issues will happen- when they do, the key is how you deal with them. Triage, Identify, Learn and Integrate that learning into processes. We’ve been doing that for 9 years- that’s a lot of experience built into our processes.

To top that off you can always reach a human being at Mimecast. Someone to help you resolve your issues and escalating them appropriately. I love that. When I got locked out of my Google Apps account the other day- it took a few days for them to respond to my email…

Having a deeper understanding of Cloud security will enable you to use the Cloud provider to do what they do well – abstracting your IT department away from the complexity of running the service.

So can you trust the Cloud? I think so. Like Doug says, just know what you’re trying to accomplish and make sure the vendor offers you the right amount of transparency.

Add your comment (0)

Cloud Strategist
Mimecast

Article Tags

, ,

By on October 12, 2011

The Great Email Migration

Microsoft Exchange 2010 is here, Exchange 2013 will be along at the end of next year and Exchange 2003 is out of mainstream support, so it’s fair to say The Great Email Migration has begun.

At Mimecast, we are always talking to CIOs and IT Managers about ways in which we can make their email management easier, and the conversation more often than not involves plans for migration.  So, we commissioned Loudhouse,an independent research consultancy, to conduct a survey into email system upgrade plans. The results are being published today.

The rush to upgrade

With so many new features and enhancements being added to each new version of Microsoft Exchange it’s no surprise that three quarters of respondents told us they were planning to upgrade in the next two years; 57% even said within the next 12 months. Most are migrating to Exchange 2010 on premise, but 21% are headed for the hosted option and 13% for Microsoft’s Cloud-based Office 365.  As you read this, there’s a 1 in 10 chance that you have no plans to migrate at all, perhaps having recently completed a move to Exchange 2007.  Maybe you want to see what  Exchange 2013 (version 15) will bring? We’ve written on this blog before about Exchange 2003 and a reluctance to upgrade, but now the time is right.

The benefits are clear

Continue Reading →

Add your comment (0)

CISSP, CCSK
Mimecast, North America.

Article Tags

, ,

By on October 12, 2011

RIM outage not only hitting consumers!

In April 2010, Mimecast released a report entitled “Keeping the Enterprise Agile and Mobile” in which we examined the growing pressure to keep BlackBerry services up and running at all times.

At the time, we thought the results were pretty interesting and events over the past few days have played them out pretty well.

Our report found that the expectations of BlackBerry users are extremely high – 66% of respondents claimed that as much as one hour of downtime per month is not acceptable and a further 22% saying NO downtime is acceptable at all! I can only imagine how these users feel about the last three days’ worth of interruptions…

With the reported impact on support desks and the board level fall out that BlackBerry outages seem to cause, we were, at the time, surprised by the high percentages of organizations that had no provisions for high availability (41%) in place at all. A further 59% said they couldn’t provide continuity for their users and 61% don’t have an internal BlackBerry availability SLA.

So with these numbers, the corporate world breathed a collective sigh of relief when RIM announced that the outages that they have been having are only affecting their BIS and BBM users… Well, they sighed until their corporate users started complaining about service unavailability.

Continue Reading →

Add your comment (0)

Enterprise Consultant
Mimecast

Article Tags

, , ,

By on October 6, 2011

Steve Jobs: The Soul of an Industry

[This remembrance first appeared on Xconomy.com and is republished with permission.]

When I heard the news of Steve Jobs’ death last night, even though I was hardly surprised, I felt like I had been kicked in the gut, as if the industry in which I’ve spent my career had lost its soul.

I’m rarely shy about criticizing the titans of our industry, but from the beginning Steve was different: a brilliant businessman whose primary motivation wasn’t money, a CEO who involved himself in every detail of product design, and a restless perfectionist who would change his plans in a heartbeat if he saw a better way to do things.

I saw this first-hand in the 1980′s, when he visited my team at Carnegie Mellon. We introduced him to sending pictures, fonts, etc., through email. He saw the value instantly, and tried to hire the whole team on the spot. When that failed, he quickly created the team that built NeXTMail, which eventually evolved into Mail.app on the Mac. Nobody ever “got it” faster than Steve — and when he got it, he made things happen in a hurry.

One of Steve’s least-mentioned talents was his mastery of email. He was surely flooded with it, yet he answered more promptly than I can. I’ve spent my whole career working on email, but if he had written a book on managing your email, I would have bought it the day it was released.

I also admired Steve a great deal as a person. When my wife once put the busy CEO of NeXT on hold for over ten minutes while she hunted for me, he graciously uttered not a word of complaint. And when he famously called LSD “one of the two or three most important things I have done in my life,” he risked broad censure rather than betray the truth as he saw it — that LSD had helped open his mind to the insanely great possibilities of the coming digital age.

Steve left us too soon, when he still had much to teach us. But our world is incalculably better for the 56 years he gave us. May he rest in peace.

Add your comment (0)

Chief Scientist
Mimecast

Article Tags

Previous Posts
Newer Posts