Natalia Merzlyakova - Fotolia

What advanced email security controls does AWS WorkMail offer?

AWS WorkMail is set to compete with Microsoft Outlook, but how does it compare security-wise? Expert Dan Sullivan explains.

Amazon announced a new cloud email management service called WorkMail, which will reportedly offer advanced security...

controls. What are the notable features this service offers, which vendors or services is it competing against, and is it something an enterprise should consider using?

WorkMail is a new email and calendaring service that is currently in preview mode. AWS is clearly setting this product up to compete with Microsoft's email service, going so far as to make its email system compatible with Microsoft Outlook. The service is also compatible with Microsoft Active Directory, so users can authenticate with AWS WorkMail in the same way as they would Microsoft Exchange.

WorkMail includes a Web client that allows users to perform common tasks such as viewing and writing email, scheduling meetings with the calendar services, and searching an enterprise address book.

WorkMail leverages the AWS Key Management service. All email data is encrypted at rest; this includes email message content and attachments, as well as metadata about a mailbox. SSL is used to encrypt data in transit. Keys are managed by customers, who also have the ability to control where their data is stored. This is particularly important for organizations with concerns or requirements that dictate where data can be stored. Users currently have the option of storing data in one of two U.S.-based data centers (Virginia and Oregon) or in an EU-based data center (Ireland).

Incoming and outgoing messages are scanned for viruses and other malicious content. Additional security controls are included, such as support for requiring a PIN or password when using a mobile device, meeting password-strength criteria, and requiring device and storage card encryption. For those who need further evidence that Amazon is targeting Microsoft email users, the mobile device policies are specified using the Microsoft Exchange ActiveSync protocol. Enterprise users should consider the AWS offering when evaluating alternatives to their existing email infrastructure; email and calendaring are such important enterprise tools that any switch should be carefully evaluated.

The email service also integrates with AWS' WorkDocs service to facilitate the distributing and managing of document sharing.

The service costs $4 per month, per user, and each user is allowed up 50 GB of storage under the plan. For customers using the email service along with WorkDocs, the latter service will cost an additional $5 per user, per month, and includes 200 GB of storage. Additional storage for WorkDocs is billed at $0.03 per GB, per month.

Ask the Expert!
Want to ask Dan Sullivan a question about cloud security? Submit your question now via email! (All questions are anonymous.)

Next Steps

Don't miss this primer on cloud email security in the enterprise

Dig Deeper on Cloud Computing Software as a Service (SaaS) Security