It used to be that there were two kinds of email in the world, business and personal, and never the two shall meet. But some business users today mix personal cloud email services and corporate email accounts -- a combination that can be like oil and water for IT pros.
There are risks associated with corporate email leaving the enterprise, and with personal email entering. There are licensing and compliance to think about, and there's also the issue of users' preference for cloud email services. So what can IT do to mitigate the risks that employees create when they mix business with pleasure? You can take legal steps, set up policies and still give users what they want.
Why do employees prefer cloud email services such as Gmail?
Cloud email services are free and usually easier to use than most corporate email systems. Because users can access cloud email from anywhere on any device with a browser and Internet connection, it improves flexibility. Some services, such as Google Offline Mail, even offer email access without an Internet connection.
What are the risks associated with personal email use in the enterprise?
Forwarding corporate email to a personal account sends it to the cloud, where there are no security or compliance guarantees. Once the email comes out from behind your company's firewall, all business email security bets are off. Personal email is also usually unencrypted, so password information and corporate data can be up for grabs. IT has to worry about emails coming into the network too, because email that passes through a personal account can be much more susceptible to malware. If a user sends a personal email to a corporate account or accesses cloud email services while connected to the network, it can also put the network at risk of infection.
How can my department mitigate those risks?
It's becoming more and more important that companies have cloud and mobility policies in place to control users' behavior with consumer technology in the workplace. But ultimately, you're going to need cooperation from your employees. If you want them to keep their corporate email in their corporate inboxes, you're going to have to give them a reason to. That might mean less stringent inbox limits and attachment restrictions and educating employees about the risks of personal email account use.
This was first published in August 2012