The arguments in favor of managed email security are easily made. Cost savings tend to be dramatic, with ROI often coming in months. The load on mail server infrastructure can be reduced to a tiny fraction as all spam and malware is blocked before it enters the client network. As a result, resistance to denial-of-service attacks and mail reliability are much improved.
The arguments against are fewer, but growing stronger. Compliance requirements might raise concerns about the integrity of the managed security service provider network, and while most are undergoing ISO17799 testing, few offer the assurance you would expect from an outsource provider.
Email service providers operate data centers in multiple countries for redundancy and global coverage, and may not guarantee where your messages are processed, which might affect protection.
The market is changing rapidly: few email service providers are focused on pure messaging any more. Most are investigating other areas of service, so picking a provider will involve much closer examination of their service roadmap — there is talk of web filtering, IM integration, long-term message archival, encryption and more — and not just a look at the spam filters.
These services are moving out of plain filtering roles into a much more strategic position, particularly with compliance-oriented facilities, such as mail archival and policy reporting.
Product: MIMEsweeper Email Managed Service
Verdict: Top-class filtering and policy management as a managed service.
Product: Mimecast Online
Verdict: A very impressive debut with a lot of value to offer.