E-mail in the Cloud: What Can and Can't Be Moved
By Gregory Shapiro
While moving data center infrastructure and business applications to the cloud continues to be the thing to do, many organizations are discovering it's not as easy as was originally thought. This is especially true in the case of e-mail, particularly machine-generated e-mail for business transactions (compared to people-based e-mail for human communication).
The typical enterprise messaging infrastructure has three layers -- the gateway layer, the groupware layer, and the e-mail backbone layer. The gateway layer, which handles inbound malware filtering, simple routing and security, is the easiest to migrate and will deliver solid ROI. The groupware layer (Microsoft Exchange, IBM Lotus Notes, etc.) can be technically more challenging to migrate but it also provides the greatest ROI -- some enterprises dedicate up to 95 percent of their IT messaging support team to manage this layer.
The real complexity comes in trying to move the third e-mail backbone/middleware layer, where the directory-driven policy and security enforcement, intelligent routing, and core infrastructure for machines and applications that generate e-mail reside.
Can this layer be moved the cloud? Virtually all enterprise IT managers I know who thought they could migrate this layer to the cloud quickly discovered there's little to gain by doing so. Very few IT messaging support resources are used to manage this layer, and IT managers are discovering the high cost of re-configuring or re-coding the departmental, e-mail-generating applications to interface with the cloud.
Furthermore, many IT organizations are shocked to discover just how many different departmental applications there are that rely on the e-mail infrastructure -- in some cases literally thousands of different systems and applications. The sheer number of applications along with performance, security, and technical limitations -- such as applications being hardwired to specific IP addresses and to other departmental systems -- often makes it impractical to move this layer to the cloud. These apps and systems include:
Machine-to-machine communications are the e-mail messages sent between systems and apps without any human intervention. Consider wire transfer requests: these e-mails are received by the financial institution's messaging system but contain special coding that tells the system to bypass mail filtering en route to the backend ERP system, which handles the validation, verification, and releasing of funds over the wire. Failure to complete the transaction within the agreed upon time between banks carries a significant financial penalty. Therefore, it's critical that these wire messages aren't delayed by spam filters or humans. Does it make sense to have all of this traffic between the cloud and the internal infrastructure for two applications that might be down the hall from each other?
Department Application-to-Human Communications
There are thousands of departmental applications and systems that communicate via e-mail to humans, including copiers, scanners, and office printers. Internal alarm systems of various types send urgent alerts via e-mail to personnel responsible for maintaining those systems. Billing, invoicing, and alert systems that automatically notify customers via e-mail when account transactions take place, are commonplace. The number of these types of applications found in the enterprise can be staggering, and the complexity and effort to migrate them to the cloud may not provide sufficient payback.
Enterprise Application-to-Human Communications
There are hundreds of these types of applications found in the enterprise. For example, banks give ATM customers the option to have their transaction receipts sent via e-mail. The ATMs are on private and secure networks that communicate via e-mail to the backend customer systems that handle transaction data and customer notifications. CRM and ERP systems, help-desk, and IT support applications are additional examples of e-mail-based applications that humans (your customers and employees) interact with on a daily basis. Some of these applications may be easier to migrate to the cloud than others, but are you willing to give up control of these types of applications?
Message Security and Policy Requirements
Above and beyond the requirements to support a myriad of departmental e-mail applications, there are a number of other risks, challenges, and business-specific requirements that should also be considered before embarking on a project to outsource enterprise e-mail infrastructure to the cloud. Organizations should ask themselves:
- What types of regulatory compliance laws affect your company?
- Does your company have stringent corporate governance policies that must be followed?
- What are your encryption requirements -- user-to-user, application-to-user, gateway-to-gateway?
- Does your organization have requirements for complex message handling that requires custom message header rewriting, stripping, and manipulation?
- Does your e-mail system need to interface with corporate directories (which contain sensitive information) for policy enforcement, intelligent message routing, and custom message handling?
- What are your message archiving and data retention requirements?
- Do IT personnel require access to message logs and control over message tracking?
The promises of cloud computing can be realized by migrating certain layers of the messaging infrastructure to the cloud. However, enterprise IT organizations need to be cautious and take a strategic and incremental approach. Virtually all large companies are discovering that to effectively enable cloud computing for their messaging infrastructure, a hybrid architecture with a modern on-premises e-mail backbone is required.
A well-architected modern messaging infrastructure gives businesses the agility required to adapt quickly to changing application requirements without being hindered by the constraints of cloud providers. Enterprises that take this pragmatic approach to cloud computing will reap the benefits today and well into the future.
Gregory Shapiro is vice president cloud enablement and CTO at Sendmail, a company that simplifies business email complexity and reduces IT infrastructure costs for large enterprises. You can contact the author at firstname.lastname@example.org.