Bad things happen to good software. In particular, security transgressionshappen to very popular software, more because it presents a big target thanbecause of an inherently frail constitution. Such is the case with Microsoft’s widely installed enterprise e-mail solutions, Exchange and Outlook.
Both Exchange on the back end and Outlook as the front-end client are exposed to a slew of Microsoft-targeted viruses and worms. The cost of downtime as a result of this malware plague is measured in dollars, lost productivity, disrupted communications, and massive doses of aspirin to treat IT administrators’ headaches.
Is the pain harsh enough that IT administrators are ready to dump Outlook and Exchange? And would doing so be a wise move?
Microsoft’s New Outlook
Every IT manager is familiar with the weighing of features, reliability and cost-effectiveness that goes into every software purchase decision. When considering the Exchange/Outlook quandary, it is important to remember two things.
First, Outlook is just a front end that can be used with other server engines besides Exchange. Attacks are sometimes directed specifically at the Outlook client, but other security issues can be traced to operating system and framework problems, especially in systems that are cobbled together from components acquired at different times. In other words, not every security threat spreads via Microsoft’s enterprise e-mail products.
Second, Microsoft itself is hardly content with its mixed reputation, and is doing its part to address security concerns while continuing to develop its feature set. The company’s “Trustworthy Computing” initiative involves extensive security reviews of its enterprise (and consumer) software, and results have been substantial. As Mark Levitt, vice president for collaborative computing at IDC, told the E-Commerce Times, it is “disproportionate targeting” of Microsoft that makes such tightening necessary in the first place. “Outlook doesn’t deserve the bad reputation it has,” he said.
Regrouping in Redmond
Aberdeen Group research director Dana Gardner concurred, invoking a Spy-vs.-Spy scenario in which Microsoft battles hackers, staying barely a step ahead. He also told the E-Commerce Times that Outlook-related security issues have not been as severe lately as in the past.
And with Exchange Server 2003 (formerly and evocatively code-named Titanium) coming down the pike in mid-2003, Microsoft is promising greater cost-effectiveness andserver consolidation. That is a significant potential benefit, since the ability to run enterprise communications using fewer machines is a core value of network administration. In its own internal migration to Exchange 2003, for example, Microsoft intends to reduce the number of e-mail servers in its U.S. network from 70 to 20.
Also, in recent press releases, Microsoft has emphasized the ease of upgrading to Exchange 2003 — not a trivial benefit for time-pressed IT administrators, if it proves to be the case.
The Price of Change
Does all of this mean it is not worthwhile to migrate from Outlook/Exchange to an alternate solution? The answer depends on several factors. True, software migration is painful for administrators, business departments, technicians and end users, but in some cases, the results are worth the pain.
The decision to abandon Microsoft e-mail solutions seems unthinkably futile to some — but other experts say the expense of migration and retraining is a necessary cost of correcting a mistake that never should have been made.
Judson Whiting, formerly an IT manager at SBC Communications and now asystems consultant who has managed back-end conversions for Aetna andUnisys, is in the latter camp. He told the E-Commerce Times that he prefers safer alternatives to Microsoft. Whiting emphasized the damage of service disruption and said he takes the long view of cost-effectiveness. “What’s the cost incurred in a day-long interruption?” he said. “And over the course of time, what pays out better?”
Levitt, on the other hand, said dumping Outlook solely because of hackers would be short-sighted. He stressed that Outlook is the most feature-rich client that can be paired with Exchange, and that replacing just one end of the equation (either Exchange on the back end or Outlook on the front end) will not necessarily solve security problems.
If an IT manager does make the choice to switch, what options are available?
Whiting, who by his own description “was never an Exchange man,” said he likesNovell GroupWise, which supports the Outlook interface for administratorswho do not wish to foist a new client on end users. GroupWise alsoimplements instant messaging and a Web interface.
Meanwhile, Samsung is trying to crack the Exchange market with its Contact product,built on the OpenMail standard the company acquired from Hewlett-Packard.Adoption of Contact is furthered by OpenMail’s large installed base, which, as of October 2002, was estimated by Aberdeen Group to be 60 percentof Fortune 1000 companies, translating to about 5 million end users.
IBM’s Lotus Notes is another player in the communication and collaboration sector. The software, which operates atop the Domino server platform, is a soup-to-nuts alternative to Exchange and Outlook.
And the Oracle Collaboration Suite, due in mid-2003, combines a suite ofunification features including e-mail, calendaring, conferencing, voice mail,instant messaging and an online whiteboard.
The Bottom Line
In the end, when it comes to Microsoft’s enterprise e-mail products, administrators must balance the expected cost of migration and retraining against the cost of probable downtime if a switch is not made — all the while considering the familiar feature set that Redmond brings to the table.
An analytical white paper by Aberdeen Group identified several corevalues of a high-quality messaging and e-mail product:
Of course, it would help if the system were not the target of every softwareworm breeder attempting to disrupt electronic communications. As Aberdeen’s Gardner said, “Security is always at the top of the list of concerns.” But it is not the only concern, and IT managers would do well to take all factors into account before making their decision.