Appliances: The future of mail hygiene?

Meta Trend: As ad hoc electronic communication grows in importance (e.g., e-mail, instant messaging, Web conferencing), organisations will be challenged to create a hygienic and low-cost infrastructure, with special attention through 2005 focused on spam blocking, policy enforcement (e.g., archiving, regulatory compliance), and relevancy (e.g., knowledge management). Through 2007, rising electronic communication volumes will frustrate users coping with information overload. IT groups, struggling to manage resource consumption, will accelerate server consolidation and use of centralised topologies to reduce e-mail and instant messaging costs and risk.

The rise of the e-mail hygiene appliance is the result of the nexus of two broad industry trends. The first is the recognition of the criticality of e-mail services to the health of an organisation, which has led organisations to aggressively combat e-mail threats such as spam, viruses, and denial-of-service attacks.

The second is the broad availability of powerful off-the-shelf computer components (e.g., microprocessors, disk drives, chipsets, memory) at low prices, which enable vendors to quickly assemble application-specific hardware devices. Appliances -- or hardware/software bundles -- are common in areas outside the messaging market (e.g., firewalls, routers, storage), but for many e-mail managers, this is the first time they are being exposed to appliances (defined here as a function-specific, turnkey, prepackaged combination of hardware and software). Therefore, many mail managers charged with upgrading their messaging hygiene infrastructures are wary of the appliance model.

Adding to the confusion is a wide variety of e-mail hygiene appliances on the market. Some appliances target only spam blocking and virus control, while others add support for denial-of-service prevention, content filtering, intrusion detection, and message encryption. Many appliance vendors also offer third-party spam-blocking software on their own devices (see table below).

Our broad definition of appliances reflects market reality: Appliances range from the generic -- a bundle with a Windows operating system loaded with shrink-wrapped software on commercial Intel hardware -- to a machine with a completely customised operating system with a custom application using specialised ASICs. (Buyers need to understand if there is any hardware value-add to the appliance or if the packaging is a matter of convenience.)

For vendors, appliances are attractive. They get to make margins -- mostly slight -- on the hardware, which leads to a much larger revenue bump per sale, In addition, the testing matrix is vastly simplified -- only one (locked-down) OS and hardware configuration to test -- compared with numerous versions of many operating systems on a variety of hardware for traditional suppliers.

In volatile markets such as mail hygiene, this can cut weeks off development time and therefore create temporal advantages for the vendor. Organisations might want to use the e-mail hygiene appliance decision as an opportunity to establish corporate policies on appliances. There is a great diversity of appliance types. Left unmanaged, it is possible for organisations to have hundreds of appliances running over a broad geographic distribution within a few years. Therefore, we believe an overall policy on appliance acquisition and deployment is necessary to manage proliferation as well as standardise and streamline the acquisition process.

Perhaps the biggest benefit of an appliance to an organisation is time to value. The advantages start with procurement -- where organisations buy a single SKU (stock keeping unit) -- as opposed to separate applications, OSs, and hardware purchases required for the traditional model.

With an appliance, there is no software load time and no compatibility concerns along with a shorter burn-in period. There is usually increased security at the OS level, because most appliances are based on a stripped-down variant of Linux where ports have been shut down and unnecessary daemons/services are disabled.

Off-the-shelf Unix versions can be similarly hardened but require extra time and skill sets to configure. Because the OS is often a proprietary implementation, hackers have a tough time knowing where the vulnerabilities are. A hardened proprietary OS is no absolute guarantee against corruption. We know of several instances when appliances have been brought down by malicious code. Different appliance supplies have diverse notions of security, and organisations must closely scrutinise the appliance security proposition.

They should also take a close look at the administration tools of appliances before purchasing. In general, these are attractive because they are device-specific, but occasionally administration tools are so stripped down that they tend toward the cryptic. We also prefer administrator access via a secure Web interface -- not an OS prompt -- to configure the software to reduce inadvertent and malicious activity.

Although there is yet no formal study, anecdotal evidence suggests that appliances are more reliable compared with the traditional model due to stripped-down codes and parts. The advantage may be mitigated by the inability of administrators to troubleshoot/repair the device on their own.

One of the negative appliance characteristics includes lack of control. Most IT technicians like to be able to understand what is going on inside a machine and troubleshoot and fix it -- whether it is a hardware, OS, or application problem.

The "black box" nature of an appliance means almost total reliance on the vendor (or the vendor proxy) for hardware and OS-level issues. Even some application issues can be only vendor-resolved. With earlier versions of Ciphertrust's Ironmail appliance, since corrected, mail managers had to call the vendor to empty the message-processing queue. Organisations must understand the exact chain of support for all three system components prior to purchase. There have been instances where, deep in the fine print of the contract, the vendor disavows hardware support, and leaves it up to the user organisation to procure support from the hardware supplier.

By nature, appliance vendors regularly update the operating system and application over the wire, which reduces administrative burden but does have some security risk due to the open path directly to the server. Such a service is also used by traditional mail hygiene suppliers, which routinely download spam signatures and heuristics over the wire. Part of the attraction of appliances is their singular functionality, but that factor can also work against them. The hardware, of course, cannot be redeployed for other use, and it does conflict with standard OS/hardware builds that the organisation is already ramped up to support.

In addition, appliance vendors occasionally change hardware suppliers, which brings even more hardware proliferation when upgrades are needed. Organisations need to be aware that appliance vendors, which rely on third-party suppliers, may see disruption in the future if the partners decide to part ways, leaving them with a decision about staying with either the appliance vendor or the software vendor.

Overall, we believe the cost factor is neutral. Appliances can cost vendors less money because they are stripped down to only the elements they need for operation. Most Global 2000 organisations have favourable volume-purchase agreements with server vendors. Organisations should compare the fully loaded cost of the traditional model (e.g., purchase price of hardware, OS, and application plus three years of support for those elements) versus the three-year cost of an appliance (including support) for a true-price comparison.

Because of the packaged nature of appliances, it is also easier to swap vendors: Just pull the plug on the old one, and plug in the new one. In addition, it means that swapping vendors is more expensive because, with a traditional software model, the hardware can be reused for the new supplier. Furthermore, traditional servers can be upgraded easily and cheaply to accommodate growing requirements, while appliances are not upgradable. New machines have to be purchased when capacity needs to be boosted.

Conclusion
Because there are still broad feature-set differences among mail hygiene vendors, organisations should gather requirements and select vendors based on ability to meet those requirements, rather than starting off with a bias in favour of or against appliances. Only when the shortlist is selected should the appliance factor come into play. At that point, decision makers should survey other parts of the IT organisation to determine if there is an institutionalised view of appliances.

In the absence of any corporate policy, decision makers should evaluate the relative merits of appliances previously mentioned and make a decision. We believe most organisations should conclude that an appliance form factor should not be a showstopper. In other words, mail hygiene server acquisitions should be based on traditional decision-making criteria -- not on the delivery model (see table below).

Bottom line: Organisations must carefully consider the short- and long-term implications of appliances when selecting mail hygiene suppliers. Meeting functional needs should be the first order of business.

Business impact: Organisations must create a hygienic messaging system to protect a core corporate communication asset.

More from META Group
		View more research on META Group Australia META Group Australia Advisory Services META Group Australia Consulting Services