Is Email the Biggest Threat to SME Compliance?

Written by iSheriff Guest Blog
February 14, 2014

Email, the lifeblood of many organizations, is also often the weakest link in a company’s security and compliance plans. A common misconception is that compliance is an ‘enterprise-only’ problem, however regulations don’t differentiate between large and small businesses. Often small to mid sized organizations are at greater risk, not having the personnel or expertise available to get them back into compliance. This creates a massive opportunity for MSPs to provide an offering to their customers.

When considering how to attack compliance, small and midsize enterprises face an uphill fight, in the form of two significant challenges. For one, there is no relief due to their size. They are often subject to the same regulatory requirements of Fortune 500 companies, with industry-specific demands centered on protecting how they process, store and transmit sensitive data.

Second, and just as important, they typically don’t have the human resources in place to tackle the myriad of regulations and steps necessary to improve the compliance situation. SMEs are increasingly looking to their MSP partners to help them with compliance measures and reporting, but even then, it’s a tall task to outsource.

Where to Start?

While some industries are more highly regulated than others, virtually all organizations have legal data retention requirements – in which email plays a pivotal role. Take a look at your inbox – many people use their email account as their own personal storage system – full of customer data, contracts, HR info, etc. Right or wrong, email is the de facto standard for sharing of sensitive information. This means it’s quite possible that email alone is the single biggest risk to SMEs from a compliance perspective. Email retention can quickly become a drag on any size enterprise, and as we discussed above, SMEs don’t always have the proper resources (time, people and most importantly, money) to take on this challenge in a comprehensive manner.

Where does this leave us? It shouldn’t be a surprise – the cloud. The cloud is a great equalizer when it comes to cost and flexibility, something SMEs and their MSP partners both can appreciate.

By moving (or implementing from scratch) email archiving to the cloud, expenses related to storage, power and upkeep are avoided, in addition to the cost of a system administrator’s time spent on managing the archiving system itself.

Another operational benefit that the CFO can appreciate is a budget friendly “pay-as-you-go” model where costs are predictable each month. There is also the benefit of visibility into the costs associated with scaling up your archiving and storage needs.

Cost savings and ease of use are important – but what about the actual compliance benefits? Moving email archiving to the cloud ensures that companies can recover critical and sensitive information in response to forensic or discovery requests – and not be dependent on internal systems to do so. Levering the processing power of scalable cloud systems also cuts down on the response time to those audit requests, further accelerating compliance.

What Should SMEs and their MSPs look for?

When considering solutions here are some key concepts to consider in your evaluation:

Does the solution capture email contents in real time?
Site-wide search capabilities
Cross platform support for all email programs
Complete audit trail capabilities
Customizable reporting on mailbox usage and trends
Integration with complementary security and compliance solutions such as Data Leakage Prevention, endpoint and email security

There are many facets to compliance, but in situations where resources are limited, it often makes sense to identify where you can get the biggest bang for your buck. Considering how dependent we all are on email, cloud-based archiving offers a significant opportunity to improve an organization’s overall compliance posture.

MSPs are partnering with Total Defense to offer an integrated and profitable security and compliance solution. Contact us today for your free trial at cloud.totaldefense.com/msp, or contact us by email at msp@totaldefense.com or telephone at 888-504-9800.

Total Defense is the leading provider of content and endpoint security from the cloud. We keep organizations and individuals safe from cybercrime, malware and digital threats. Thousands of businesses across a wide array of industries have deployed our solutions, including some of the most sophisticated buyers of security technology worldwide, and millions of consumers worldwide use Total Defense’s products. Total Defense has operations in New York, California, Europe, Israel and Japan.