(originally posted 21 April 2009 on CIO.com)
http://tinyurl.com/talgolan-cio-blog-20090421
Over the past six months, we’ve found ourselves in an extraordinary set of economic conditions, that, as we are constantly reminded, we haven’t seen in years, decades, or as the cincher the media loves to use to really drive home the point – the Great Depression. Companies are doing more with less, cutting resources back in all departments and being forced to make difficult decisions about what their organization fiscally values.
IT departments are no exception; however, these teams are in the unique position where operations must go on under two sets of unprecedented conditions: an economic climate that stresses fiscal responsibility above all else, in conjunction with an unparalleled set of e-mail security threats that worsen by the day.
What is an IT department to do? Compromise security to preserve financial goals? Sit and wait? Or, hidden option C, take a few tough lessons from our depression-era counterparts and optimize services while avoiding expensive investments? If you’re thinking about going with the latter, here I discuss the first step: protect the server as the costliest and most important network component.
Go Back to the Basics
E-mail is the lifeblood of contemporary business communications. Any breakdown in this mission-critical tool and most companies come to a virtual halt – the crowds become just a little bit larger at the water cooler, and you’ll find the IT team in a strategy huddle in the server room.
In this type of environment, an IT department’s primary task is to keep the network infrastructure focused on and undistracted from its role of managing inbound and outbound e-mail—quickly and securely. However, despite a natural expectation that something so mission-critical will have iron-clad protection, from an insider’s perspective it is one of the most vulnerable corporate components – threats go far beyond the annoyance of spam to include malicious components such as phishing attacks, worms, Trojans, bots, and other Internet crimeware.
Under this set of circumstances, more than ever, it’s important to do the simple things exceedingly well, and keep the focus on the core of the organization’s infrastructure: the server. Doing what’s best for the server is usually in the best interest of the entire organization, including that of your team. Employing simple strategies that are in line with this focus will pay off by giving you the edge it takes to weather these conditions.
Make Do With What You Have
Give the Server a Focused and Undistracted Role
Because servers are robust tools demanding significant processing power, using an e-mail security solution for the heavy e-mail security lifting keeps the server focused on its core competencies. Resources that are able to take the e-mail burden off of the server should be utilized to the fullest extent possible, allowing server resources to be diverted to core assignments. Organizations may be surprised at how much bandwidth their organization’s e-mail traffic requires, and similarly what the true value of that additional bandwidth is.
Sidestep Server Upgrades and Replacements
Organizations that are preserving Microsoft Exchange 2000, 5.5 or earlier versions don’t benefit from any form of sender DNS checking or recipient checking on inbound e-mail communications. In-house resources that are able to perform these checks before e-mail enters the network boosts a department’s e-mail infrastructure security, but do not require additional server resources. These potentially performance-amplifying tools dramatically reduce the volume of e-mail burdening the infrastructure and mitigate the need for pricey server upgrades or replacements.
Protect the Server from Outside Exposure
Deploying an e-mail security appliance first in the line of defense (behind the corporate firewall) buffers the server from unnecessary outside communication, and takes
full responsibility for anti-spam/anti-virus processing and bandwidth. Solutions configured to sit in front of the server mitigate exposure and are able to handle inbound/outbound e-mail communication as well as the accompanying assaults.
Employ Smart Host Services
An e-mail security appliance with smart host services can protect the server from communicating directly over SMTP with outside servers—always risky—and provides a “perfect” delivery path within the internal network. One with mailbagging support does away with the need for “non-deliverable” status messages to be generated or e-mails to be resent, both of which distract and contribute to annoying e-mail volley.
Invest Wisely
When there is an opportunity to invest in your department’s e-mail infrastructure: invest wisely. Choose solutions and technologies that will support, boost and protect the existing infrastructure as opposed to those options that will further tax already limited resources. To those who don’t believe: there is always a better way and there are always new and innovative options to those age old problems you thought had been solved five years ago. Taking the time to research the problem up front and finding a solution that will actually solve the problem will pay off multiple times over in the form of you and your team’s time and sanity.