you're reading...

Going Google


My employer has now started the long process of converting a huge number of mail systems into a single Corporate entity and they have selected Google to be the bearer.

I’ve been testing and working on this for nearly 18 months and it is good to see that the project has progressed.  It will be the first time the corporation has had a unified mail platform and a huge plus is the unified directory for all the staff globally.

There are many reasons and savings that come into play with a solution like this and mostly they are financial.  Removing the mail environment into the cloud significantly reduces the in house IT requirement.  A global Exchange installation with multi-home and full resilience is a massive investment, whether in-house or outsourced.  Google have this covered by the intrinic nature of their “cloud”.

We have, of course, had to make decisions that are unpopular with users.  We have elected not to use POP3 or IMAP with GMail.  We have elected to only provide the Web Client.  This means that users have lost MS Outlook and that is quite a wrench for some.

For some people Outlook is the only mail client they have known.  Although we provided OWA most users elected to cope with the delays and issues in Outlook over slow connections rather than use the browser.  There is a mental block relating to Mail-over-Web.  It is still seen by most system administrators as the poor cousin or only suitable for home consumption or the Uber geek.

The other problematic area is the QWERTY Mobile Devices (Blackberry).  But again we have this covered within our GMail solution.

We have previously implemented (earlier in the year) the Google Message Security solution and Google Web Security.

These show Googles ideas for purchasing and partnership (respectively) as along with the GAPE (Google Apps Premier Edition) all these products are part of a unified billing system, purchased via Google.

GMS is now rolled out globally, protecting some 40 e-mail gateways and massive number of systems and users.  The mechanisms, filters, settings and roles available are compliant with our requirements as a global corporation.  Everything for AntiSpam, Whitelists, Attachment Blocking to Audit, Archive, Discovery are covered and available to the administrators – or even users if you so desired.  the in built spooler is excellent for when your site “disapears” and simply accept mail on your behalf and trickles it back to you when you’re all up and running again.

GWS is a product resold by Google but provided by Scansafe.  The configuration is easy and simple and even includes a connector to link your policies, gorups and users to your AD.  Categorised management has been a godsend – we had one business with 1200 separate rules trying to control access to the Web.  Now we have 18 rules covering a much larger estate. Luverly.  Linked to our internal AD we have the ability to audit the system for the first time right down to the individuals actual login.  As they are responsible for the security of their login there can be little arguement about whom is responsible for accessing “Virtuagirl” or 400MB from YouTube in a single day.

We have started the ball rolling and it is rapidly rolling down the hill of progress but we are aware of limitations and problems ahead that will require some inginuity to resolve.  No system I have ever seen ticks every box for every person but the simple fact that everyone will be on the same system doing the same things is just simply better.

About harlekwinblog

"Thoughts of an idle mind." Information Security professional.


No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: