Email is a mission-critical element of all business practices today, but email security and management are not sufficiently understood by most companies. A recent Ziff-Davis/Strategy Group survey found that although some antispam and antivirus measures are in place, most organizations are not adequately prepared to handle new threats, to ensure secure delivery of sensitive data, and to protect themselves from legal and regulatory liability due to misuse of outgoing email.
Email Security Management:
Keeping Threats Out and Data In
Executive Overview: Email is a mission-critical element of all business practices today, but email security and management are not sufficiently understood by most companies. A recent Ziff-Davis/Strategy Group survey found that although some antispam and antivirus measures are in place, most organizations are not adequately prepared to handle new threats, to ensure secure delivery of sensitive data, and to protect themselves from legal and regulatory liability due to misuse of outgoing email. To achieve ongoing security, companies need solutions that continually adapt to evolving threats. To prevent data leakage and assure regulatory compliance, companies should also consider thorough outbound mail scanning and encryption. To avoid IT overload, these solutions must be easy to configure and manage. Tumbleweed Communications delivers those solutions effectively and economically.
Introduction
For most organizations, email management is an oxymoron. Email and instant messag-ing have become a critical source of documenting what goes on within organizations, and yet managing this critical information resource is often an afterthought. C U S T O M - John Mancini, president of the Association for Information and Image Management, October 2006 PUBLISHING There's no question that email makes the world go 'round. The average knowledge worker spends several hours a day on email, and it is the primary method for distributing data, project files, and multimedia content across enterprises in every industry. A recent Enterprise Management Associates survey, in fact, reports that almost 90% of respondents deliver content primarily via email. The problem with email is that, as a major intersection between your company and the outside world, it's a primary injection point for threats. Spam can overwhelm message servers and tie up valuable resources. Internet-borne malware can infect network devices and end-user systems with viruses, Trojans, and other exploits. Worse, email represents a serious vulnerability for companies that need to keep sensitive data inside the organization. Many companies are subject to government and industry regulations around customer privacy, financial infor-mation, and trade secrets, plus legal liability for inappropriate content. If anything slips through to the outside, corporate management has to contend with potential lawsuits, heavy fines, and even criminal prosecution.In today's communication-rich business environment, though, email is just the tip of the iceberg. Non-traditional content such as instant-message transcripts, Web pages, blogs, and podcasts, are all flying among colleagues, part-ners, and customers-and all may contain sensitive data. Most organizations have some form of spam filter and antivirus scanner in place for incoming messages-and believe that the basic vulnerabilities have been covered. But threats are evolving every day-new techniques such as image spam and botnet attacks can easily bypass existing filters, and outbound content is monitored far less often than is prudent.
With the threat landscape evolving rapidly, IT managers and executives must ask these questions:. Should we be monitoring outbound content?. How can we deliver sensitive messages securely? . How equipped are we to handle advanced forms of threat delivery, such as image spam, botnets, and as-yet-undiscovered attacks?. How much time and money can we devote to shoring up these defenses?. Are there bottom-line benefits to consolidating and fortifying email security?
To better understand current attitudes and the state of email security management, Ziff Davis Media and The Strategy Group conducted a survey of 151 technology decision-makers in the spring of 2007. This paper will discuss the results, provide insight and analysis into the numbers, and identify successful and comprehensive solutions to effectively address the concerns laid out above.
Current state of affairs
Figure 1: The state of your email security management Security problems occur Costs, hours and staff regularly. We do our best are under control. to contain them on an 36%ad-hoc basis.3%Costs, hours and staff Security problems occur are mostly under control, regularly. We are evaluating but occasional spikes in ways to create a more solid activity cause upheaval. infrastructure.58%3%
We asked respondents to pick a phra... [download for more]