When you start to consider the sheer magnitude of email within corporations, it makes your brain hurt. Mimecast, for example, deals with 180m emails on behalf of its 26,000 clients every day, or 125,000 emails every minute. And that's just the 'good' stuff – those numbers exclude the vast mountains of spam that don't even pass through the gates in the first place.
All that email has to be scanned, processed and often archived in real time. If a client on the phone in Singapore tells you he's sent an email confirming the contract you're discussing, you don't want to wait five minutes for the attachment to be virus checked, embedded URLs to be scanned, and the domain of the sender to be verified as genuine. You want it now, while he's still on the phone to answer any queries.
Yet, all it takes is one of those 180 million emails to slip through the net to cause carnage for the receiver and ruin the vendor's reputation. Whether that's a link to download ransomware that the scanners failed to detect or a malicious email ingeniously disguised to look like it came from a trusted source, such as Arnazon.
See, you didn't even notice we'd substituted the 'm' in Amazon for a squished-up 'r' and an 'n', did you? And neither would most employees when they blindly clink on a link in an email from 'Amazon' and end up with a package they most definitely didn't want.
All this is the challenge facing Peter Bauer and his team at Mimecast, the now global email security business that was founded in London almost 15 years ago. We caught up with the CEO to discover how he went from a two-man startup to managing 190 billion emails on behalf of some of the world's biggest companies.
Clearing house rules
Mimecast is a clearing house for email. Whether your firm still maintains its own email server or relies on another cloud provider, such as Office 365 or Gmail, you can have your company's incoming and outgoing email pass through Mimecast to ensure its safety. You can also choose to have the company's email archived by Mimecast, ensuring that even if your server or cloud provider goes down, you've still got uninterrupted access to live and historic email, as well as calendar data.
When Peter Bauer and his partner Neil Murray first launched Mimecast back in 2003, the idea of companies passing one of their most sensitive digital assets through a cloud provider "was fairly foreign to them," Bauer admits. However, it wasn't quite the uphill challenge to gain acceptance that other cloud businesses faced at the time, when cloud computing was still at such an infant stage that most people wouldn't even recognise the term.
"We benefited from two things," Bauer told us. "First, email – by definition – travels over the internet anyway," so the idea of routing through it through another cloud provider didn't seem quite so scary to CTOs as storing locally-held data on someone else's servers. "Second, there was another British company that pioneered email security in the cloud," said Bauer, referring to MessageLabs, which was formed four years before Mimecast and was swallowed up by Symantec in 2008. "MessageLabs had already evangelised the product," he added.
With email by now becoming a common target for corporate attack, companies didn't take too much convincing that they needed to defend themselves and Mimecast expanded rapidly. It went from 7,000 customers in 2007 to more than double that number by 2015, and has now come close to almost doubling that number again. During that time, the company has also opened offices in Boston (where Bauer now works from), Chicago, San Francisco, Dallas, Cape Town, Johannesburg and Melbourne.
It's not only the offices that have expanded rapidly, but the company's server infrastructure. "We deal with 180 million 'good' emails per day – that can be thousands per second [at peak times]," said Bauer. "Forty-five percent of customers also archive their email with us. We have services in five jurisdictions and two data centres per jurisdiction."
"It's a highly distributed architecture," Bauer adds. "It's the kind of hardware Facebook and Google would use." Components such as "entry-level hard disks and motherboards" with server farms that are built with massive levels of redundancy and data duplication, so that if one server falls over another can take over without any noticeable disruption to the customer.
Cloud competition
The way companies run their email has changed massively since Mimecast first arrived on the scene in 2003. Back then, most big firms would have been running their own email servers. Now, they're more likely to be partnered with a cloud provider such as Microsoft or Google.
Does that make Mimecast's proposition a harder sell? Don't companies expect Office 365 and Gmail to take care of matters such as malware scanning and archiving? On the contrary, Bauer claims the shift to cloud email has been good for his business. "We've seen a huge uptake of our services alongside Office 365," he said. "Twenty-one per cent of customers hire us to protect Office 365 environments."
Mimecast, it seems, is benefitting from the same effect that the antivirus vendors did when Windows became near ubiquitous in the 1990s. Previously, "each company had its own [email] arrangements and that attack had to think about each organisation and the security arrangements of that company," if he wanted to break in. Now, says Bauer "we think Office 365 will become a monopoly. Everybody is 'protected' in exactly the same way as everyone else."
Bauer likens an attack on Office 365 to the scene in Ocean's Eleven, where they build a replica of the vault that they're planning to attack before they launch the raid itself. "Office 365 really becomes all your eggs in one basket," he said. "And it's not just you – everyone has their eggs in the same basket."
It's not only the ubiquity of security that companies need worry about, but the impact of outages too. "If there's an outage – and there have been many – it's very difficult to predict what the implications of 75% of the market's system's failing in one go will be," he added.
The end of email?
While Mimecast's business may be flourishing despite the shift to cloud email services, email's diminishing importance as a means of business communications must surely be a concern. Services such as Slack, Basecamp and Microsoft Teams are creeping into businesses large and small, often replacing a good percentage of internal email, and increasingly communication with regular clients, too.
Bauer points to the increasing volume of messages passing through Mimecast's servers as evidence that email isn't about to die off in business anytime soon. "The communications mix is becoming richer," he said, adding that in even in companies where Slack and the like have taken hold, they've not replaced email, merely become a complement to it.
Bauer adds that protecting and archiving services such as Slack are "of great interest" to the company. "We see a need for companies to have security on top of those platforms," he said, although added that it won't be part of the Mimecast product offering in the near future, as "we don't see a lot of immediate demand for it".
Instead, Bauer is more concerned about protecting customers from surging email threats, such as impersonation. With security solutions becoming ever more effective at weeding out dangerous attachments or malicious links before the recipient has even opened the mail, attackers are resorting to strikes that are much harder to defend against. There has been a huge surge in impersonation attacks, where the email itself contains no malware, but instead encourages the recipient to send money or data to the attackers by pretending they are someone from within the firm. The attacker identifies someone from the company's senior management, spoofs the domain (using techniques like the Arnazon trick we discussed at the top of this article) and fools staff into thinking their dealing with the boss. There was a five-fold increase in this type of attack over the past quarter alone, Mimecast recently reported.
As well as watching out for domain spoofing, Mimecast is now also having to examine the content of the messages to check for well-known lure phrases. "Impersonation attacks are low-tech but they're really successful," said Bauer. It's not what you know, it's who you think you know.
