Should You Rent or Buy Your Email and Productivity Apps?

Microsoft dominates the business email and desktop productivity markets. Over the past few years, the company has been pushing hard to move its user base for both to Office 365 and away from Exchange Server and desktop versions of Office. The push has intensified in recent months to the point where the company is now telling customers not just to adopt Office 365, but also not to use non-Office 365 solutions. For example, as noted in this article, the Microsoft corporate VP for the Office and Windows group said that the various applications in Office 2019 are “frozen in time. They don’t ever get updated with new features”. By contrast, Office 365 keeps “getting better over time, with new capabilities delivered every month.” It makes one wonder why Microsoft bothered to produce Office 2019, but that’s a subject for a different post.

Perhaps telling people not to use your products is the natural consequence of having such a dominant market share that the only competition left for your new and shiny products is your old and dull ones.

The key for decision makers, then, is to determine if the “new capabilities delivered every month” in Office, coupled with the reduced IT labor required to manage corporate email, is worth becoming a renter in perpetuity rather than a buyer.

To compare the costs of renting versus buying for a 50-person company, we compared the cost of two competing systems:

  1. MDaemon Server (including MDaemon AntiVirus, MDaemon Connector for Outlook, MDaemon ActiveSync and MailStore email archiving) and Office 2019 Home & Business.
  2. Various flavors of Office 365 (Office 365 Business Premium, Office 365 Enterprise E3 and Office 365 Enterprise E5).

Using only publicly available pricing on the MDaemonOffice 365 and Amazon.com web sites, here’s the annual pricing to support 50 users with business email and productivity applications over a three-year period:

  • MDaemon and Office 2019: $114.68 per user per year
  • Office 365 Business Premium: $150.00 per user per year
  • Office 365 Enterprise E3: $240.00 per user per year
  • Office 365 Enterprise E5: $420.00 per user per year

Of course, the primary advantage of any cloud-based solution is the reduction in IT labor realized from not having to manage on-premises infrastructure. But productivity applications don’t need significant levels of IT support, and most on-premises email solutions for small companies, as in our 50-user example, don’t either.

Please understand that this is not meant to disparage cloud-based solutions. Osterman Research is a strong proponent of the cloud for productivity solutions, CRM, security, archiving and a wide variety of other capabilities, and we are also a strong proponent of Office 365. But when making decisions, it’s important to understand where to rent and where to buy — buying is still not a bad business decision in some cases.

 

You Need to be Concerned About Targeted Email Attacks

Targeted email attacks are a serious issue for organizations of all sizes and across every industry. Various industry research has shown that these focused emails are by far the number one initial attack vector for targeted attacks on enterprise data. In fact, they account for more than 95% of initial intrusions that lead to important data breaches. Moreover, Osterman Research found in a survey conducted during September 2014 that 47% of organizations considered targeted email attacks to be a very high priority to address and prevent, while only one in six organizations considers them to be a low priority.

While virtually all organizations have deployed security solutions that will block spam and known malware, most have not implemented solutions that will deal with the much more serious problem of targeted email attacks.

Targeted email attacks are not run-of-the-mill malware incursions. These attacks use sophisticated delivery techniques and advanced malware that will normally not be recognized by standard email and endpoint security solutions. Additionally, these attacks provide an entry point into the larger organization and its sensitive data, wreaking havoc on an organization’s finances, its intellectual property and its other sensitive or confidential data. Organizations of all sizes are the victims of these attacks and those that are successfully breached will experience critical business impacts, inclusive of damage to reputation, unexpected legal, regulatory and response costs and more.

We recently published a white paper about Targeted Email Attacks that discusses five key issues:

  • Targeted attacks and advanced threats that result in data breaches are most often initiated by targeted email attacks. While a great deal of press attention focuses on attacks directed against large retailers and other high-profile companies, all types of organizations regardless of size and industry vertical are being subjected to attack.
  • A single employee can be an entry point for a full-blown attack on the corporate network, sensitive data assets or financial accounts. Senior staff members like CFOs or CEOs are sometimes targeted in highly specific attacks, but the much larger attack surface is comprised of every employee in an organization.
  • Users must be the first line of defense in thwarting targeted attacks; they require thorough and ongoing training to detect the social engineering techniques that these attempted attacks are employing.
  • However, because targeted email attacks employ advanced malware, employee training is simply not enough – sophisticated technology to detect these threats is essential to prevent these attacks from achieving the loss of financial or other data for which they are designed. Further, while employees should serve as an important line of defense against threats, in many cases it is unrealistic to expect employees to keep abreast of every changing social engineering tactic.
  • Ninety-one percent of organizational decision makers do not wholeheartedly agree that their current email security solution is sufficient to protect them from targeted email attacks. This, despite the fact that security professionals understand the problem.

You can download our white paper on Targeted Email Attacks here.