Select and Implement an Email Security Gateway

The emails you want are only the tip of the iceberg compared to what you get.


This content requires an active subscription.

Access this content by logging in with your Info-Tech Research Group membership or contacting one of our representatives for assistance.

Speak With A Representative Sign In
or Call: 1-888-670-8889 (US) or 1-844-618-3192 (CAN)

Your Challenge

  • Within the Email Security Gateway (ESG) marketplace, there are numerous vendors with varying options. Each of these vendors claim to be the best fit for your organization and it can be difficult to determine which vendor to choose.
  • Today, ESG technology offers a wide variety of security and IT related functions. An ESG must serve a multitude of functions for the organization as well as meet an array of requirements, all of which can be hard to accurately assess and include confidently.
  • IT security always struggles with costs. An email gateway can become expensive, but it is vital and a strong case must be made for implementation, improvement, or replacement scenarios. 

Our Advice

Critical Insight

  • Get it out to the cloud: Cloud adoption among business functions is already high. Moving email to the cloud is just another step. Take this into consideration when selecting an ESG.
  • The professional attack: They are advancing day in and day out. Advanced Persistent Threats (APTs) and Zero-Day attacks are changing the way organizations deal with threats. Recognize the need for greater visibility and tools that stay on top of these developments. 

Impact and Result

  • Gain visibility into your organization’s email related security incidents and email volumes.
  • Identify your organization’s requirements for an ESG.
  • Understand what’s new within the ESG market to properly evaluate all capabilities and functions of an ESG.
  • Evaluate ESG vendors and products based on your enterprise requirements.
  • Implement an ESG with supporting policies and processes.
  • Develop standard operating procedures around gateway and email handling to ensure high security value and sustainable benefits from the ESG.


  • Marc St Louis - Canadian Blood Services
  • Terry Honeycutt - Pueblo of Isleta - Tribal Government
  • Barracuda
  • Cisco
  • Clearswift
  • Fortinet
  • Microsoft
  • Proofpoint
  • Sophos
  • Symantec
  • TrendMicro
  • Websense

Want to Participate in Our Research?

  • Analyst Interviews: Share your best practices, opinions, tools or templates with your peers.
  • Webinars: Interactive session to keep us focused on topics you want to tackle.
  • Upcoming Workshops: Accelerate your project with an onsite, expert analyst to facilitate a workshop for you. Contact us for more details.

Become a Participant

Get the Complete Storyboard

See how all the steps you need to take come together, with tools and advice to help with each task on your list.

Download Now

Get to Action

  1. Determine email security gateway appropriateness

    Increase visibility into email-related security incidents and understand your organization's email volumes.

  2. Identify the organization's email security gateway requirements

    Determine what the organization needs from an ESG.

  3. Perform a financial analysis of ESG deployment options

    Determine expected ROI from an ESG to gauge TCO and the selection process.

  4. Evaluate email security gateway deployment options

    Evaluate, communicate, and solicit responses from vendors.

  5. Deploy the email security gateway

    Efficiently and quickly deploy the ESG and ensure proper processes and people are allocated and developed.

  6. Ensure continued email gateway sustainability

    Move from a project to a program and achieve strong vendor relations.

Guided Implementation icon Guided Implementation

This guided implementation is a four call advisory process.

  • Call #1: Email security gateway event analysis

    Determine the appropriateness for your ESG. Properly understand what constitutes an email-related incident and which ones are most prevalent, what your email volumes mean for you, and what this means for your email security risk posture.

  • Call #2: ESG requirements gathering

    Determine what you need based on the solutions provided and not the features themselves. Know the available solutions that are being provided by current ESG offerings and what features your organization requires. This is the first major step in vendor evaluation.

  • Call #3: ESG TCO and ROI

    Develop an accurate TCO and ROI in order to best gauge the financial parameters of your ESG as well as develop a strong communication point. Understand what goes into the costs of an ESG and the financial benefits that can be realized from proper implementation of one.

  • Call #4: Vendor Landscape: Email Security Gateway

    Discuss the market space and how vendors are evaluated. Review vendor RFPs and ensure the solution is meeting your needs. Review contracts and discuss best practices in negotiation tactics to get the best price for your solution.

Onsite Workshop

Module 1: Gather and align requirements for the Email Security Gateway

The Purpose

  • Conduct current state assessment to gain visibility into current email security maturity and capability levels.
  • Collect organizational and architectural requirements to narrow ESG options.
  • Collect security requirements to understand your risk appetite.
  • Conduct requirements assessment .

Key Benefits Achieved

  • Realize the necessity for an email gateway.
  • Identify the specific requirements that an email gateway must carry out for your organization.
  • Understand gateway requirements to understand deployment options. 

Activities: Outputs:
1.1 Know the volume of your security incidents and the volume of your email and related statistics.
  • Identified email volumes and related email based security incidents
1.2 2Identify all architectural, organizational, security and other requirements of your ESG.
  • Defined requirements of ESG solutions
1.3 Determine what email security solutions your organization needs.
  • Identify relevant features of your ESG

Module 2: Capture costs and benefits of Email Gateway

The Purpose

  • Understand benefits of various deployment options.
  • Determine costs of implementation.
  • Develop a financial analysis of an Email Gateway implementation.

Key Benefits Achieved

  • Calculate the total cost of ownership (TCO) and the return on investment (ROI) of an email gateway implementation.

Activities: Outputs:
2.1 Determine inputs for TCO calculations.
  • Determine your TCO and ROI of your ESG
2.2 Identify incident related costs/losses for ROI calculations.
  • Understand how to effectively use your TCO and ROI within your ESG project
2.3 Identify organization email information for ROI calculation.

Module 3: Evaluate Email Gateway solutions and vendor selection

The Purpose

  • Understand the email gateway product landscape.
  • Determine key advanced features to meet your organization’s requirements.
  • Prepare to evaluate potential vendors.

Key Benefits Achieved

  • Understand what products best meet your organization’s requirements.
  • Prepare proper documentation, such as an RFP, as well as a vendor demo script to comprehensively evaluate your shortlist of chosen vendors.

Activities: Outputs:
3.1 Understand the ESG vendor landscape.
  • Create a shortlist of vendors
3.2 Determine a shortlist of vendors.
  • Create an RFP.
3.3 Create an RFP.
  • Prepare a demo script
3.4 Prepare a demo script.

Module 4: Prepare for Email Gateway implementation and continued operations

The Purpose

  • Determine your deployment method.
  • Create incident response team.
  • Create an email attack information page.
  • Maintain information in central document.

Key Benefits Achieved

  • Understand key consideration points for the deployment of an email gateway.
  • Develop an incident response team.
  • Construct an email attack information page.
  • Understand what is required for the maintenance and sustainability of an email gateway while developing processes to ensure this.

Activities: Outputs:
4.1 Develop supporting policies.
  • Deployment Roadmap
4.2 Develop a stakeholders communication plan.
4.3 Develop education plan on proper email security.
  • Email attack information page
4.4 Manage vendor contracts and relationships, vendor risk and vendor performance.
  • Incident response team
4.5 Develop ESG continuing governance plans.
  • Email gateway business case and operations plan
4.6 Create an computer incident response team (CIRT).

Workshop Icon Book Your Workshop

Onsite Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn’t enough, we offer low-cost onsite delivery of our Project Workshops. We take you through every phase of your project and ensure that you have a road map in place to complete your project successfully.

Book Now
GET HELP Contact Us
VL Methodology