Security and resiliency strategy – email hosting
JerseyConnect’s hosted services are engineered for convenience, security, and reliability. With this newsletter we’re starting a series that looks at each service: how we make it work for you, how we keep your data safe, and how we make sure the service is there when you need it.
For Spring 2018, we’re going to take a look at email. Since 2009, JerseyConnect has used the SmarterMail platform to host email for libraries across the state. This platform offers a rich web interface and support for all popular mail clients, along with popular groupware features like calendars, tasks and notes, mailing lists, and file storage.
Email is critical to modern communication, and we work hard to keep your email secure and make sure your messages reach patrons. Before any mail reaches our servers, it is scanned for spam and viruses offsite. About 40% of email is quarantined or outright blocked.
Once mail is on box, we run additional virus and malware scans to make sure malicious email does not reach user mailboxes. Finally, users can create filtering rules to help separate important email from bulk messages.
At the same time, we’ve taken major steps to prevent attackers from using library email accounts to send malicious messages. At the perimeter of our hosting environment, we block connections from hackers trying to send email using library addresses. This protection takes advantage of industry-leading malicious behavior detection rules as well as curated lists of known attacker IP addresses. Since attackers work to evade these rules, we use automated programs to detect and stop brute force attacks and other efforts to compromise individual mailboxes.
We know that library staff are concerned about protecting their email from snooping, so we offer secure access through webmail.jerseyconnect.net, a single trusted URL for secure email access for webmail or any email client. For more information on connecting your mail client to JerseyConnect email, please see the following guide:
Finally, this Spring we are updating our email account password policy to meet or exceed new NIST standards for account passwords. You can read more about the new password policy on our website:
All this security and convenience is of little value if your email can disappear at a moment’s notice. To protect your email, we also use a layered approach.
Our email service runs on fully redundant hardware, so no single equipment failure can disrupt service. This hardware is also housed in our secure data center, with redundant power and generators, cooling, and network access. In case of a software failure, email service can be restored from a good snapshot within seconds.
For data recovery and long-term protection, we maintain two backup copies of email data, each on separate hardware, and one in a totally separate data center. If there is a catastrophic hardware failure, we can restore email service within hours. Finally, in the event of any service downtime or maintenance, all email is queued offsite for delivery once the system is back online.