E-Mail Security As A Service

I missed the chance to comment on last week's Google/Postini announcement, but hot on its heels comes a somewhat related announcement from Webroot, and a chance for a two-for-one blog entry. While Webroot's announcement is less interesting in terms of changes to its e-mail security SaaS offering itself and more about the value to resellers in working with it, it's definitely continuing the trend of expanding its SaaS line post-merger with Email Systems. While e-mail security as a service ("Esaas?" Ugh!) is clearly heating up, I wanted to point out some of the strengths and weaknesses of this type of approach.

First, this is a great chance for organizations that might not already be planning on it to gain some entry-level e-mail content control. Gaining filtering shouldn't be a primary motivator for using either of these two solutions, however. Compared with a dedicated DLP solution, neither supports the rich set of features needed to be competitive. I'm sure the products will continue to be improved in this area, but as of right now, neither offers features I'd want to see in a true e-mail DLP product (automatic metadata parsing and flexible rules based on multiple characteristics besides just pattern matching, identity awareness, heuristic detection of encryption, etc.).

Webroot's closer to this goal than Postini is right now (it has some identity awareness and additional features besides just pattern matching), but there's some room for improvement.

I think both products are potentially viable options for many customers and offer some great value and advantages for other reasons. But neither should be considered a full-fledged DLP solution right now. That's not to say that a SaaS approach can't or won't compete with the best of 'em, just that these two aren't it.