Cloud-based disaster recovery has become a viable option for safeguarding e-mail, but IT departments need to ask tough questions about data security and resiliency before committing to a vendor, analysts say.
IT shops should stick with service providers that have multiple Tier 4 datacentres, and can promise replication between sites for redundancy, Forrester analysts Stephanie Balaouras and Christopher Voce write in a June report titled "Protecting Email with the Cloud."
Forrester says its clients typically say security is the biggest roadblock to adoption of software-as-a-service. "Beyond ensuring that your data will be encrypted in flight and at rest, you should also ask your service provider if it has a SAS 70 Type II certification as well as certifications for ISO standards … that spell out specific auditing requirements for hosting and security customer information," Forrester advises.
That being said, there are several advantages to using cloud-based e-mail continuity and recovery services, particularly for companies that lack a second datacentre, the financial resources to make new up-front and ongoing investments, or the expertise to implement and manage a new disaster-recovery rollout.
E-mail recovery services are being offered by several types of companies, such as hosted mailbox providers; e-mail supporting service vendors such as Dell MessageOne, Global Relay and Symantec/Message Labs; disaster-recovery service vendors such as IBM and SunGard; and online backup vendors such as AmeriVault, i365 and Iron Mountain.
"Traditional methods [of ensuring e-mail recovery and continuity] carry heavy facility, hardware, software and personnel requirements, and the capital and operating expenditures can be significant," Forrester writes. "Cloud-based message continuity offerings are a compelling alternative because they offload cost and responsibility to a provider."
Subscription pricing models are based on the monthly cost for each mailbox (usually $5 to $10) and the cost of storage (usually $3.50 to $6 per gigabyte), according to Forrester.
In addition to security and resiliency, there are numerous factors that could affect your choice of vendor, the report says. For example, levels of automation for failover can vary from administrator-initiated processes to a completely automated failover. Failback capabilities are also important, because "once the incident requiring failover has passed, you need to bring back messages that were sent and received during the failure," Forrester says.
When evaluating services, note that "there are two distinct capabilities: continuity of service and data protection," Forrester says. "For continuity of service, the offering can range from a Webmail interface for sending and receiving mail during an outage to adding recent (e.g., last week or month) or all messages. For data protection, a cloud provider could either augment or replace multi-site on-premise backup infrastructure."