The Impact of Machine-Generated Messages on Enterprise Email Infrastructure

Posted on May 10, 2012 by Gregory Shapiro

Sendmail has a new white paper available (PDF) on the impact of machine-generated messages on enterprise email infrastructure. The paper describes the category of machine-generated messages, the challenges they create, and what you can do to meet those challenges. It also offers examples of applications/devices which generate mail so you can identify them in your organization. It is especially useful for those looking to get better control over mail flow and for those planning or executing a migration to the cloud.

I would also recommend two related papers:

  • Can an Enterprise Email Backbone Infrastructure be Moved to the Cloud? (PDF)
  • Moving to the Cloud: Important Things to Consider Before Migrating Your Messaging Infrastructure to the Cloud (PDF)
Posted in Cloud, Email Backbone, Gregory Shapiro | Tagged , , , | Leave a comment

Interesting Observation Regarding IaaS at Silicon Valley Cloud Computing Group

Posted on April 24, 2012 by Gregory Shapiro

The Silicon Valley Cloud Computing Group kicked off a series of Infrastructure as a Service (IaaS) meetings last night with a presentation about CloudStack. CloudStack was recently relicensed by Citrix under the Apache Software License and is a public and private cloud provisioning and management stack, akin to OpenStack. One of its main benefits is it is both hypervisor agnostic (XenServer, VMware, Oracle VM, KVM, bare metal) and storage agnostic (local disk, iSCSI, Fiber Channel, NFS, Swift).

However, one of the main takeaways for me was the distinction between the usage of cloud compute resources based on the underlying stack. VMware vCenter/vCloud was portrayed as being best suited for traditional enterprise apps & client-server computing where the environment may have hundreds of hosts and in which applications (VMs) assume reliability thanks to, for example, vCenter’s fault tolerance features (e.g., vMotion). In contrast, CloudStack and other similar products/projects are best suited for big data, massive scale, next generation apps which scale out to environments with thousands of hosts running applications that assume failure such that loss of multiple resources doesn’t interfere with the operation of the overall application.

It is an interesting distinction and I wonder how accurate it is. If it is accurate, it is another point to consider for enterprises deciding on the technology to use to build out their private cloud infrastructure. If you have an observation either way or want to share how your enterprise has built out virtualization and/or a private cloud, add a comment to this blog entry to continue the discussion.

Posted in Cloud, Gregory Shapiro | Tagged , | Leave a comment

Sendmail Annual European Symposium 2012

Posted on April 19, 2012 by Gregory Shapiro

I just got back from the 2012 Sendmail Annual European Symposium in Frankfurt, Germany. This year’s event featured great customer presentations, partner workshops, and technical sessions. Glen Vondrick, Sendmail’s President and COO, kicked off the sessions with a look at Sendmail’s accomplishments since last year’s event and a look at where we are going.

Next up, Citigroup, which is celebrating their 200th birthday this year, gave a great presentation on how, as a digital bank, communications relies on the email backbone layer to be fast, resilient, reliable, and efficient and how the modernization of their messaging infrastructure was able to reduce their backbone from more than 100 servers in 5 layers to a single layer and a 10:1 server reduction.

The attendees were then brought through the migration of a major telecommunications industry enterprise email infrastructure from a mess of point products to a self-managed set of Sentrions in a hybrid private cloud environment, integrated with mailboxes living in the cloud and on-premises, all running under a single domain indentity.

The third customer presentation from arvato Systems, a provider of global consulting, system integration, and infrastructure services, took us through their modernization from 28 servers split between 4 layers running open source components. The modern infrastructure now takes advantage of their existing VMware services using Sentrion MPV and 3 Sentrion MP hard appliances. They are using Sentrions to provide this new mail security layer as a private cloud service to their internal customers.

Following the customer presentations, I brought the group through our work and plans for the latest application built on top of the Sentrion platform: Rogue Application Email Control. Rogue Email Application Control provides a fully automated solution to identify and control the communication flow of email-enabled application servers – reducing security risks, increasing value to individual lines–of–businesses, protecting brand reputation, all while reducing overall administrative costs. It enables mail administrators to discover, register, control, and monitor email enabled applications using their mail infrastructure.

We wrapped up the first day with an E-mail and the Cloud customer panel discussion featuring many of our customers who have already made the jump to a hybrid cloud and on-premises mail infrastructure. Through Q&A discussion, many useful lessons came out regarding what can and can’t be put in the cloud, potential future cloud product innovations, and the effects of the consumerization of IT and Bring-Your-Own-Device (BYOD). More details can be found in the live-tweet from the event mentioned below.

The second day began with workshops on three partner applications built on top of the Sentrion Applications Framework. First up, Totemo brought the attendees through the capabilities and a demo of the Totemo TrustMail application, which allows for client-less encryption and digital rights management using the recipient’s choice of S/MIME, OpenPGP, SSL/TLS, PDF-based encryption, or webmail delivery. In the second workshop, Image Analyzer described how illicit content in enterprise email can cause damage to brand & company reputation, company culture, and has legal liability. They demoed how the Image Analyzer application engine can be used to provide monitoring, user education, and enforcement of corporate acceptable use policies. The final partner workshop featured Trustsphere’s Logiq application that not only combats email false positives, spear phishing, and DDoS attacks, but also now features Enhanced Business Visibility to provide sales intelligence, operational intelligence, and the enterprise social graph to enhance decision making.

The day wrapped up with one last set of technical sessions from Sendmail’s Chris Meidinger and Kin Fung. Their sessions highlighted some of the new Sentrion MP 4.2 features and included a demo of the upcoming new Sendmail Quarantine. Chris showed off a new feature for enabling load balancers between email generating applications and sendmail MTAs while preserving the original source IP address of the application. Kin Fung gave the attendees a look at the Sentrion Apps SDK which enables building of applications on top of the Sentrion MP platform (such as the aforementioned partner applications). Kin then gave a demo of the new Sendmail Quarantine, currently under development, which replaces the existing end-user quarantine interface with a modern, flexible interface and has consolidated policy into the Sentrion MM policy engine. The new quarantine can support quarantining for different purposes beyond just spam (e.g., compliance, corporate governance, regulatory, etc).

As you can see, there was plenty of content and it was a jam packed two day event. However, at least for me, the best part was reconnecting with old friends (a.k.a., customers), meeting some of our new customers, and getting valuable feedback for existing and new products. I’m already looking forward to the next one. If you want to read more about what happened, I live-tweeted the event. Follow @GregShapiro and read all about it there.

Posted in Gregory Shapiro | Tagged , , , | Leave a comment

Cloud Service Selection Criteria

Posted on March 12, 2012 by Gregory Shapiro
During the 2012 Consumerization of IT Conference & Expo, Terri McClure, ESG Senior Analyst, gave a presentation on Online File Sharing & Collaboration in the Enterprise that included a useful list of key criteria for evaluating cloud vendors for file sharing.  Most of these criteria can apply to many, if not all, cloud services as well.
 
  • File Sharing Base Functionality
    • Sync, Share, Search, Collaborate, Endpoint Device Support
  • Pricing Models
    • Seat-based, Capacity-Based, or Hybrid; All Inclusive or Chargeable Add-ons
  • Deployment Models
    • Public Cloud-Based, Hybrid, or Software and Services
  • Administration and Control
    • Integration with Existing IT Applications & Tools
    • Sharing and Collaboration Tools
    • User and Group Quotas
    • Ease of Provisioning and De-Provisioning
    • Audit Reports
  • Availability & Support
    • Single Data Center or Multiple
    • Remote Replication
    • File Versioning (How Many?)
    • Self-Service Restore
    • Backup and Contingency Plans
    • Phone or E-mail Support
    • Response Times, SLA
  • Security
    • Data Encrypted in Flight and At Rest
    • Remote “Wipe” Capability
    • Data Center Certifications
    • Integration with Mobile Device Management Solutions
    • HIPAA, PCI, FINRA, Safe Harbor
 
This list is a good starting point for considering a migration of email services to the cloud. However, email has its own unique challenges and considerations. Two Sendmail whitepapers give insights into the challenges and questions you should be asking when investigating a cloud email migration:
 
Posted in Cloud, Gregory Shapiro | Tagged | Leave a comment

Embracing failure

Posted on March 5, 2012 by Gregory Shapiro

Amazon’s Rule #1: “Everything fails all the time.” (Werner Vogel, CTO at Amazon.com)

A common misconception for consumers of cloud services is that SLAs ensure availability.  In reality, SLAs do nothing to improve availability.  SLAs only provide a way for attorneys to make money arguing over compensation after a failure.  In most cases, the eventual compensation is the cost of the services for the outage period, not the loss the outage caused.  Cloud service providers must plan and engineer for failure in order to be successful.

At CloudConnect 2012, Jesse Robbins, Co-Founder, Opscode,  gave a keynote (PDF) recommending Game Day real world testing, which has three facets:

  1. Preparation: Identification and mitigation of risks and impact from failure.  This reduces frequency of failure (MTBF) and reduces duration of recovery (MTTR).
  2. Participation: Builds confidence and competence responding to failure under stress.  It also strengthens individual and cultural ability to anticipate, mitigate, respond to, and recover from failures of all types.
  3. Exercises: Trigger and expose “latent defects”.  This lets you choose when to discover issues, instead of letting that be determined by the next real disaster.

The lessons that come out of Game Days usually include:

  1. We have a bunch of manual processes that we need to automate.  Jesse’s advice is to automate everything to point that you can view your infrastructure as code, reconstructing the business from nothing but a source code repository, an application data backup, and base resources (hardware).  This requires continuous integration & deployment, and automatic failover and fallback
  2. We need better incident management.  Development and operations need to work together (which may represent a culture change for the organization).
  3. One of the cloud service tiers (e.g., load balancing, website, DNS, database, etc.) failover didn’t work.  We need to test and maintain our emergency tools & processes.  Infrastructure as code can help here too.  Build emergency management processes into what you do every day (e.g., deployment code).

If you run a cloud service (whether private or public), I’d recommend following Jesse’s advice.  If you are a consumer, pay attention to SLAs but more importantly, talk to your vendor about how they test for failure and how often they test production failover.

Posted in Cloud, Gregory Shapiro | Tagged | Leave a comment

*aaS: A picture is worth a thousand words

Posted on February 17, 2012 by Gregory Shapiro

During a presentation, I attempted to explain the differences between Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) using examples to illustrate the resources provided by each:

However, some of the participants didn’t understand the subtle differences between these different services.  Luckily, I ran across Kate’s Comment blog’s graphical representation of the various layers that conveys where each of the *aaS services starts and stops.  I’ve included it here so you can use it to help understand the difference and/or explain it to others.

IaaS, PaaS, SaaS Layers

IaaS, PaaS, SaaS Layers

I recommend starting from the bottom, where you will find the physical layers (power, networking, machines).  From there it moves up into software and client devices/end users.  On the right side, you will see where each of the *aaS (IaaS, PaaS, and SaaS) start and stop.  For example, in IaaS, the cloud provider provides the data center, networking, physical servers, and a virtualization layer.  The customer must bring their own OS, infrastructure, application software.

Posted in Cloud, Gregory Shapiro | Tagged | Leave a comment

Email Policy: Self-Governance or Central Enforcement?

Posted on January 25, 2012 by Barry Shurtz

Glen D. Vondrick Sendmail President and COOOur President and COO, Glen Vondrick, who has been in the messaging market for years, wrote an excellent article published in Messaging News on whether email policy should be self governed or centrally enforced.

In the article Vondrick sets the stage about how corporate email is the backbone of business communications and if it goes down productivity of the workforce plummets and how there is a greater outcry than when any other “utility” becomes unavailable. He argues that in the enterprise email has become more reliable and trusted than the telephone or any other human collaboration tool.  He suggests however that if it is not properly secured, it can also pose a great risk.

He then poses the question:

“So why is it that so many large organizations have not implemented reliable email use and enforcement policies to govern security and compliance risks, data leak protection, messages accidentally sent by mistake, or even best practices for communication and systems efficiency? Is it the lack of available and trusted technology, human apathy, or a little of both that prevents most organizations from doing more about it?”

To learn more about the answer to this question, read the full article here on Messaging News.

Tell us what you think.

Posted in Barry Shurtz, Glen D. Vondrick | Leave a comment

A Look Back and the Road Ahead for IT

Posted on December 14, 2011 by Barry Shurtz

It’s been a significant year in IT and there have been technologies, such as cloud, awaiting their due that received time in the spotlight, as well as some trends that may come as a surprise.  Sendmail CEO Don Massaro had the opportunity to share a few of his thoughts and predictions on the past year in IT, as well as what to expect in 2012, with Enterprise Systems Journal (ESJ) in a contributed piece titled, “A Look Back, The Road Ahead for IT.” In the piece, Don shared his take on key 2011 trends and his take on three trends we’ll see in IT in 2012. Here, we share just a snapshot:

2011 Trends:

  • The Cloud Opportunity
  • Increased Adoption of Encryption Solutions
  • Increased Reliance on Delivery of Business-Critical Information

2012 Predictions:

  • The adoption of hybrid infrastructures that make use of both cloud services and in-house infrastructures will be key
  • Application-generated e-mail will dominate messaging
  • More U.S. government agencies will get on board with cloud computing

To read Don’s full article on what to expect next year, you can reference the full article here. We look forward to your comments and thoughts below.

Posted in Don Massaro | Leave a comment

Sentrion C3E Podcast

Posted on December 7, 2011 by Barry Shurtz

I recently sat down with Sendmail’s product manager, Christiaan van Woudenberg, to discuss the new Sendmail Sentrion C3E application suite.  This is the first in a series of podcasts we plan to do on Sentrion C3E.  Stay tuned for future podcasts that will drill down into each one of the Sentrion C3E applications.

Listen to the podcast here.

Posted in Barry Shurtz, Podcasts | Tagged , , | Leave a comment

Tracking Malware at its Worst – Commtouch Shares Study Findings

Posted on November 17, 2011 by Barry Shurtz

Over the past few months, a major shift has been seen in malware activity, with a significant climb in email-borne malware and the highest observed in over two years. After years of low-volume attacks, malware email outbreaks reached a new high of 25 billion messages in one day in August of this year and the average daily email malware was up 400%.

Sendmail is a proud partner of Commtouch, a leading security company and service provider with cloud-based Internet security services. A recent report by Commtouch, “Internet Threats Trend Report,” published in October, identified the huge outbreaks of email malware in Q3 2011, looked at compromised accounts, Facebook and other hot spots for malware.  For this report, Commtouch conducted a survey with end-users whose email accounts had been abused and the results (pdf)of the study indicate that 62% of users did not know how they were hacked, and that two-thirds of the hacked accounts were used to send spam or scams.  The study found that in Q3, there was an average of 93 billion daily spam/phishing emails sent.

Ultimately, their findings show a large shift in how spam is being distributed, and spammers are increasingly relying on legitimate webmail accounts that have been hacked or hijacked. In addition to Webmail accounts, Facebook has become prime territory for scammers. The use of these accounts for malware is expected to rise, and users should be careful when accessing these in public domains and protecting their passwords.

Have you been hacked in the past year? Tell us your stories in your comments below.

Posted in Barry Shurtz | Leave a comment