Hosted email and hosted security services have gained attention recently, as the Software-as-a-Service model catches on. But is SaaS always the best option? Clearly, no. A recent Business Week article, entitled “Beware the Hype for Software as a Service“, dispels a few myths about this popular option–breaking open several common myths and explaining that SaaS is not always cheaper, it does not necessarily reduce hardware investment, it is not always quicker to set up, and data are not always secure and backed up.

When looking at managed security solutions, it appears that the cost is lower than in-house solutions, although this is not always the case–it seems lower, because the cost is spread out over the entire duration of use, as opposed to a single up-front license, but this won’t fool the CFO.

There is of course, a great temptation to see SaaS as a panacea, with its promoters arguing that it is by design both cheaper and easier to use. While in some cases this may be true, it’s by no means a slam dunk. In fact, the perception that it is an easy-to-use, turnkey solution can be dangerous, because in fact, it is not. Many services–in particular, security services–delivered as a hosted service do come with several configuration options, and managing that service still requires the customer to have hands-on involvement. There are also likely to be integration challenges to bring the solution in sync with the rest of the enterprise. Believing that this is not necessary for hosted security services is an open door to trouble.

Businesses are only just recently coming to accept Software-as-a-Service and other types of hosted services, and they are gaining ground rapidly—particularly as major players such as Microsoft and Google move into this market. The growth in hosted email solutions is part of the changing attitude about hosting in general and a greater interest in “cloud computing.” There have been some high-profile outages in recent months however, which may give one reason to have second thoughts about it and stick with the in-house solution. The Amazon S3 service went down for a total of eight hours—an outage that was totally unacceptable to anyone using the service. Outages have also happened with Google Apps and Gmail.

One must not get lulled into a false sense of security by assuming that the hosting organization will take care of all the security and archiving matters. Hosting companies will very likely have some sort of filtering mechanism, but is it adequate for your needs? Not always. In the world of security, two levels of protection are always better than one, and in-house filtering should also be applied.

For those who are required by policy or by law to archive emails, don’t count on the hosting provider to take care of this, either: Make sure that the hosting provider offers this service, or use an alternative archiving solution to do it in-house.