For most organizations email compliance management is synonymous with outbound email control. This white paper describes how internal email control is crucial to an organization's compliance mandate and the underlying technical architecture required to do it effectively.
Internal Email Control
Its Essential Role in Compliance Management
A Whitepaper By: Nemx Software Corporation 14 Poplarwood Avenue Ottawa, Ontario K2S 1V3 Canada
Copyright 2006 Nemx Software Corporation Internal Email Control - Its Essential Role in Compliance Management TABLE OF CONTENTS Introduction........................................................................................... 2 Why Internal Email Control Is Needed ....................................................... 2 Internal Email Control As It Relates To:............................................................. 3 Regulatory Compliance ................................................................................ 3 Internal Corporate Policy Compliance............................................................. 4 Architectural Requirements for Internal Email Control .................................. 5 Limitations of "Appliance" Solutions .................................................................. 6 The "If You Can't See It You Can't Monitor It" Problem ..................................... 6 The "Who Are You and What Are You Permitted To Do?" Problem....................... 6 Internal Email Control - An Effective Approach................................................... 7 Product Considerations ................................................................................... 8 Integration with Corporate Mail System ......................................................... 8 Integration with Corporate Authentication Systems.......................................... 8 Encryption & Digital Signatures..................................................................... 8 Intelligent Content Analysis - Concept Scanning.............................................. 9 Conclusion............................................................................................. 9
www.nemx.com Copyright 2006, Nemx Software Corporation All rights reserved Page 1 of 9 Internal Email Control - Its Essential Role in Compliance Management
Introduction Hardly a day goes by without another example surfacing of how a break- down in corporate compliance is linked to email. No wonder, with 103 1 The sheer billion corporate emails a day projected for 2008 . The sheer volume of volume of electronic correspondence guarantees literally every company will electronic experience a serious incident of non-compliance resulting from their use correspondence of email - whether they know about it or not! guarantees literally every Any uncontrolled use of email can lead to violations of both government company will regulations and internal corporate policies, with consequences that can experience a range from employee lawsuits, to substantial government penalties, even serious incident of non-to irreparably damaged brand and corporate reputation affecting sales complianceand customer retention. Protecting your organization against all these risks, liabilities and costs is crucial. A truly effective compliance strategy is proactive and preventative in scope and would, by necessity, require every email message be managed with consideration for both regulatory and corporate policy. Yet, most organizations have focused their email compliance efforts on only their inbound and outbound traffic-a mere 15% of their total corporate email volume!
Why Internal Email Control Is Needed If there were only one reason internal email control is needed it would simply be because there's 8 times as much of it (i.e. email between employees) as all other inbound and outbound traffic combined. Put another way, a corporate security or compliance policy violation is 8 times more likely to occur within internal email than outgoing. Compliance violations are Of course, volume isn't the only reason. While outbound email control 8 times more likely to occur currently occupies the publicity spotlight, and for valid reasons, many of within internal the driving factors that have pushed it to the forefront of corporate email than attention substantiate the immediate need for internal email monitoring outgoing and control as well. Consider, for instance, the following: o According to IDC's 2005 Security Survey, employees following security polices was rated as the second-highest security c... [download for more]
