Home CTR Exclusives Shedding Light on Top Email Security Concerns

Shedding Light on Top Email Security Concerns

Thursday, 24 April 2008 18:31

By Chris Bradley

Security threats and overflowing archives continue as top concerns for today's IT professionals. Yet only 10 percent of enterprises effectively address these issues, leaving most in a seemingly never-ending battle for security and archive management.

Lacking enterprise security is a real concern, especially surrounding email. IDC, a prominent industry analyst firm, estimates that internal employees account for 84 percent of all data leaks--an especially alarming statistic because a large majority of intellectual property typically resides somewhere within the messaging system.

Given the overall dependence on email, security and IT professionals face an ongoing challenge to balance corporate governance requirements with user needs for email and corporate messaging. How this balance will be achieved has yet to be seen, but consideration of best practices can help get the conversation started.

Reshaping Information Security

Five key drivers consistently arise as concerns reshaping information security.

  1. Understanding email: Comprehending message flow and traffic patterns is a key piece of securing email. Without first knowing what and where the problem is, there is no viable way to fix it.
  1. External threats: Viruses, worms, phishing and other external threats are widely publicized and a known “X” factor for email security. There’s little doubt that any security plan must incorporate protection from external threats.
  1. Internal end-user threats: Beyond external threats, the internal end-user is a critical variable for email content and security-related issues. Internal data breaches must be included in the overarching security plan.
  1. Mobile devices and personal laptops: Next-generation workers will come to the workplace with a mobile device and laptop versus company provided equipment.
  1. Expansion of communication platforms: In addition to email, instant messaging (IM), text messaging, and other forms of Internet-en­abled collaboration are growing in use within the workplace.

Corporate security policies must embrace and proactively address these issues versus avoiding them as bad news. Raising awareness of the technologies available, as well as applying best practices and/or corporate policies for using communication and collaboration applications, are equally important to increase information security.

Understanding Email—Audit Your Email Usage

The fist step in reshaping information security for enterprise mes­saging is to gain a clear and timely understanding of how email is being used. This is typically accomplished through an extensive internal or third-party audit. Today’s challenges are about how people do their jobs every day and whether business processes or end-user habits could expose the company. IT managers must know what information is coming and going and how email is being used. Without this information, it is impossible to have timely responses to potential security threats.

External Threats

Most enterprises are aware of the potential danger of spam and other external threats. Viruses, phishing and worms continue to pose a serious threat. Spam accounts for nearly 75 percent of messaging traffic and is set to grow to 82 percent by 2011 according to analyst firm Radicati. Some spammers are using techniques to mask spam, such as integrating personal information to make messages more believable, and thus more likely to be successful.

Understanding mail flow plays an essential role in ensuring security and protecting the business from malicious and unlawful attacks. Businesses must protect themselves at the gateway through a variety of methods, including hardware and software protection systems, such as filters and virus scanners. Mail flow, however, can encompass many aspects of an email system. Monitoring outgoing mail is also a key part of managing the messaging environment.

Internal Threats

There is much discussion about the role end-users play in email security, caused primarily by trust issues. It’s time to face the reality that internal end-users must be involved in enterprise security across the board. Awareness and training are needed to educate all parties about email security policies and procedures. Any effective IT security program depends on it.

Most internal end-users assume and feel entitled to email privacy. It’s a utopian assumption, but does not always exist in today’s highly regulated marketplace. To reduce potential issues, a clear line must be drawn about personal email use levels. That line must then be upheld, taught and enforced across the enterprise. Providing immediate feedback on suspect emails, which has proven to be effective, is accomplished through tangible security policies and automated email controls.

Mobile Devices and Personal Laptops

Personal devices are increasingly common in the workforce. For security professionals, banning personal devices may seem like the easiest thing to do, limiting employees to corporate devices only. However, such harsh policies do more harm than good. The portability of personal devices has created a community of rapid and constant communication that cannot be turned off easily. Personal devices have become a lifeline, and employees are not shy about using personal technology to ensure productivity, especially when it comes to mobile phones. Instead, CISOs must anticipate and accommodate the demands of their employees, rather than try to change this behavior surrounding technology and information sharing.

Expansion of Communication Platforms

Email is still the 800-pound gorilla when it comes to messaging security. New technologies, however, broaden the discussion. There is a great emphasis being placed on instant messaging, texting and other electronic messaging systems as a popular conduit for sharing information. Unified messaging is being looked at to some degree, but turning voice mails into emails appeals to no one. There is no way to get rid of email, but there needs to be a way to address issues like chain letters, forwards of forwards, replies to all, and remote workers.

Email is not going away, but messaging is rapidly changing. If you cut the wire (email), an alternative must be provided and there is currently no better alternative.

Conclusion

Information security is evolving from an IT function to a line of business. The new age of messaging is reshaping collaboration technologies and the way people engage and share information. The challenge is to balance efficiency with proper safeguards, risk mitigation strategies, and content management programs, while at the same time keeping these solutions tangible and practical for the large enterprise.

 

Chris Bradley is vice president of marketing and business development at MessageGate. www.MessageGate.com

 

White Papers

Achieving Rapid Data Recovery for IBM AIX Environments

The Benefits of Data Replication in HACMP/PowerHA AIX Cluster Management Implementations

Introduction to High Availability for IBM System i High Availability

Five Reasons Why Smaller Organizations Should Consider High Availability

The Benefits of Continuous Data Protection (CDP) for IBM i5/OS and AIX Environments 

State of Resilience of IBM Power Systems (AIX and i5/OS)

Journaling and High Availability - Understanding IBM i Data Protection

Breakthrough Data Recovery for IBM AIX Environments - How New Technologies Are Making Data Protection, Recovery and High Availability Easier and More Affordable

High Availability in an SAP Environment- Keep mission-critical SAP operations running no matter what

How to Solve Downtime Challenges to Manufacturing and Supply Chain Operations

Information Availability: What Every Health Organization Should Know      


Computer Technology News
  See current issue or subscribe below

Subscribe to CTN