Lotus Notes too ... kinda
Stuck with notes at work still, for just my mail I have an agent setup to forward all my stuff
Hardly corporate solution though :)
Google has unveiled a service that lets businesses use Gmail as a back-up for Microsoft Exchange. Known as Google Message Continuity, the service replicates all your Microsoft Exchange data on Google's servers. If your Exchange servers crash or you take them down for maintenance, your employees can open up a browser and switch …
Speaking of which, I wonder if they have a size limit... I have more than a few users who store a rather obscenely large (as in, two-digit gigabyte sized) mailboxes (esp. the fscking marketing critters). Since the PHBs here won't even think of implementing mail retention, it'd be nice to supplement the usual eternal backup times with something that I can simply swap users over to.
Google also "saw you coming" if you subscribe to this. How on earth will google comply with the myriad of data retention and compliance laws and the paranoia of ISO-secure IT?
That said, for non-paranoid industries and small to medium ones this could be a great way to dump MS for potentially less than an exchange server would cost.
Hmph, I hope this takes off but I wouldn't like to be involved in IT policy if it does.
> Google also "saw you coming" if you subscribe to this. How on earth will google comply with the myriad of data retention and compliance laws and the paranoia of ISO-secure IT?
And how would this be any different than storing your company date in the MS.Cloud? And we don't need laws just a computer that can securely store files.
Here's one thing. Should, even by accident, we send an e-mail to an outside party that contains a client;s account, or SSN, we have a filter that catches that, and encrypts that data, and they have to request the key to open the e-mail (which we refuse if it was a mistake, as often happens sending messages back in forth in support to groups that may include outside contractors not screened to see that data). We not only have to encrypt it, but we have to log the even tare report it to auditors anyway. If we failed over to gMail, we could not do that.
Worse, we block ALL forms of web mail, cloud disks, any way at all for someone on the inside could put a file on the outside. We have tens of thousands of employees at computer desks, and the vast majority are low paid people in call centers with right to access the customer record databases. Any one of them could email lists of SSNs out of the building any time if we opened up to gmail. Any one of them could check their personal account on gmail and let a virus into our network that did not come through a filter, or click on a link to a phishing site that does not yet exist in the web filter. including people that might not otherwise have e-mail accounts at all inside the company.
This might be nice for a small office, but to be perfectly honest, with the fees this might incurr, and how easy it is to get CCR/SCR replication set up on a cheaper secondary exchange server you put in a hosting farm, and simply move the URL to the cloud over MPLS (or use MICROSOFT'S hosting services), and then you could keep security on the inside...
' Any one of them could check their personal account on gmail and let a virus into our network that did not come through a filter'
Use group policies and restrict users to only be able to run programs on a list.
We implemented this for 5-6 years on a college network of PC's and it worked perfectly. We used a policy editor to list the programs which could be run by users - and this policy was loaded when they logged in. We had Win98 and XP PC's running for years with never a single infection and no crashes.
If course - the new GPO stuff is horrendously complicated so it may not be as easy to set up - we certainly couldn't auto defrag and disk check on log in any more.
BTW - this all ran on a Samba server emulating a Windows domain controller.
> And how would this be any different than storing your company date in the MS.Cloud?
Microsoft's cloud solutions have self-hosted alternatives. The "cloud" isn't about having someone else host all your services, its about maximising utilisation and scalability of systems.
By default, they enable contextual ads on their business service, i know, i found out the hard way.
Despite you paying a not insignificant fee, they still scan your data so that you can have the pleasure of having targetted ads delivered to your inbox.
So what else are they using your corporate data contained within those emails for?
before a rogue Google employee decides your email deserves to be public. And what are you going to do about it then?
And more generally I think it's time everyone stopped being so beholden to the magic of "the Cloud" and recognised it for the unaccountable, insecure and unreliable pipe-dream it really is. Am I being an unfashionable killjoy? Maybe. But don't come complaining later on when your data gets abused.
What about rogue employees from Microsoft, or IBM/CSC/HPES(EDS)/ACS/etc?
I don't really disagree with you, just pointing out that there are plenty of other scenarios that have nothing to do with Google or "the cloud" that could result in potentially unaccountable employees from outside companies having access to your data.
It's odd, but I've seen a number of clients willing to ditch their security concerns to save money by moving to hosted services like Microsoft.
(I'm the AC musing on rogue Google etc employees)
I wouldn't trust any outside organisation - M$, IBM etc included - I'm not picking on Google, that's just what the article headlined on.
As we are painfully aware any security policy involves constructing 'walls' - physical or otherwise - around the things you value. Now we could all go off into great detail about how you build those walls, and the policies to be used to ensure they do their job. In fact there's a whole industry devoted to consulting on this, pointing out the pitfalls and so forth. It's very technical and rather boring (with some exceptions*).
The trouble is, we need to make one teensy-weensy assumption for it to work - and that is that your valuables are on the inside of the walls, and the bad guys are on the outside. But with the cloud, we have no idea where anything is.
The clue to why "the cloud" doesn't fit nicely with this model is there in the name - 'cloud'. Its natural geographic and ownership ambiguities are plain to see. Tricky things to build walls round.
But don't get me wrong - clouds do have their uses - but that's more for niche roles like free publishing and distribution, where security is unwanted.
* [I know it's a few years old now, but Kevin Mitnick's 'Art of intrusion' makes a jolly good read - if any Significant Others are looking for something to get you]
Still amazes me how many people on here can't tell the difference between "don't be evil" and "do no evil"
The latter is an absolute, but the former merely requires Google to do one nice thing to balance out each nasty thing that it does. In other words, it has to say sorry every time it gets caught...
On the other hand, Apple MS and IBM are all fairly clear about what/how they make their money whereas Google's reliance on advertising does make it hard for them to be honest about privacy.
Our corporate email is secured behind multiple layers, not just for filtering, but for ACCESS. Only a percentage of our users can access Exchange from off premises through any means other than VPN, and do so through secure servers and apps on their phone. Webmail is permitted for other users, backed by RSA dual factor authentication. ALL mail activity in and out of the dmioain is monitored and logged.
If we used google, we'd loose RSA, We'd loose cell phone connectivity, we'de loose monitoring and reporting and audit responsibility, and anyone who had an account could send any data they had access to out to unauthorized recipients without our abiltiy to stop it.
We have tools that scan outgoing e-mial for account numbers, SSNs, and many other types of critical data we have to protect. Seriously, all it would take for a hacker to steal our data if we implemented this would be for an insider to get on the network, point at gmail, and click send. We block every web mail system (and in fact most web access completely) to prevent just this scenario, and they suggest we turn this on for continuity (which is EASY with Exchange already?)
Methinks it exists to imply that MS' stuff isn't as robust as Google's.
And who cares about ads? it's supposed to be a continuity solution, not your day-to-day system. You'll probably never log in via the web (outlook+imap anyone), and if you did, the interface is probably less awful than outlook's.
Obviously, as with any outsourcing, it's only for use by those with no secrets - which probably excludes everyone with enough money to stump up for using exchange.
Or it could be an excuse for those who want to use gmail, but who are stuck with exchange to put forward a business case which just happens to allow gmail access to corporate mail.