Trend Micro today announced its new InterScan Messaging Security Virtual Appliance 8.0, which mixes both a virtual appliance -- able to run in a VMware environment -- with SaaS-based inbound email security. The product will be available via perpetual license as well as a subscription service.

The product should be available by September, and in beta this summer to participants in a Trend Micro early adopter program.

Applying cloud-based spam and virus filters, as well as reputation analysis, on all inbound email means that spam -- which accounts for 90% of all email today, by many estimates -- should rarely reach the corporate gateway. "Stopping that volume of spam and viruses out there, in the cloud, is where it makes sense," said Magaret Diego, a product marketing manager at Trend Micro.

But why mix an email gateway security appliance with SaaS-based email scanning?

In fact, more than half of businesses already do that, combining an on-premises email security appliance with SaaS-based security from the likes of MessageLabs, Postini or others. That finding comes from a May 2010 survey of 150 administrators of email environments with 1,000 or more users, conducted by Infonetics Research for Trend Micro.

In other words, a majority of organizations already use redundant on-premises and SaaS-based -- or what Trend Micro is dubbing home-brewed -- email security. Why is that? "It was mostly a band-aid approach -- they already had something on premises, had configured their gateway, so they said we'll just layer hosted email security on top of it," said Diego.

One benefit of ditching the home-brew for the hybrid approach, not surprisingly, is cost. According to Michael Osterman, president and founder of Osterman Research, "enterprises can save between 55 to 70% by moving from a home-brewed to an integrated hybrid email security solution."

The hybrid approach also promises easier manageability, since the email gateway can talk to the cloud, and vice versa, via Web Services. As a result, email administrators have a single console for making policy changes or running reports, for example on email traffic and spam volumes.

But why not just ditch the email gateway appliance altogether in favor of SaaS-based scanning?

"A lot of organizations, as a reactive approach, have been putting the hosted services on top, but they haven't been able to give up the on-premises gateway appliances; there's kind of an emotional attachment," said John Maddison, Trend Micro's senior vice president for SaaS and the xSP business.

In addition, many organizations worry about who sees their outbound email, and prefer to not route it through a third-party cloud, for example when scanning for intellectual-property-loss-prevention purposes. "There's a gray area, but a lot of people think that once information has left the premises, it's out of their control, so if you do the compliance portion on-premises, people feel better about that," said Maddison.