|
Email remains the most important medium for communications both inside and outside the enterprise. But the convenience and ubiquity of email as a business communications tool has exposed enterprises to a wide variety of legal, financial and regulatory risks associated with outbound email. Enterprises continue to express a high level of concern about creating, man-aging and enforcing outbound messaging policies (for email and other communication protocols) that ensure that messages leaving the organization comply with both internal rules, best practices for data protection and external regulations. In addition, organizations remain very concerned about ensuring that email (and other electronic message streams) cannot be used to disseminate confidential or proprietary information.
Now in its fifth year, Proofpoint’s survey of enterprise attitudes about outbound email, con-tent security and data protection has annually “taken the pulse” of IT decision-makers in the US and has helped raise awareness of the policy, technology and cultural issues surrounding email monitoring, data protection and information leaks. This year, for the first time, the survey takes a broader look at global attitudes as well—with British, German, French and Australian enterprises surveyed in addition to the US. The results show that data protection concerns are not confined to the US and that globally, email, webmail, FTP, blogs message boards, media sharing sites and social networking sites are a source of concern as well as real-world risk for IT professionals working in large enterprises.
As in previous years, data protection continues to be a hot topic—in the mainstream and IT press, legislative arenas and IT professional circles—as large-scale breaches of personal in-formation continue to come to light and as the regulatory environment becomes more sophisticated. At the same time, data protection, monitoring, filtering and encryption technologies continue to advance. The continuing proliferation and growing popularity of electronic communication channels (such as webmail, blogs, social networking sites, media sharing sites and instant messaging) pose new sources of risk for IT security professionals and the organizations they serve.
About the Study
This report summarizes findings from Proofpoint’s fifth annual study of outbound email security and content security issues in the enterprise. This effort was started in 2004 when enterprise attitudes about inbound messaging issues (e.g., spam and viruses) were much better under-stood than concerns about outbound email content (e.g., data protection, privacy, regulatory compliance and intellectual property leak protection).
This study was designed to examine (1) the level of concern about the content of email (and other forms of electronic messaging) leaving large organizations, (2) the techniques and technologies those organizations have put in place to mitigate risks associated with outbound messaging, (3) the state of messaging-related policy implementation and enforcement in large organizations and (4) the frequency of various types of policy violations and data security breaches.
Over time, the scope of this survey has expanded from a pure focus on email to an examination of other message streams including web-based email, blogs and message board postings, media sharing sites and social networking sites. For 2008, Proofpoint added questions related to security concerns around Internet connected mobile devices and storage media. In addition, the 2008 survey was fielded in the US, UK, France, Germany and Australia to explore global concerns.
As in previous years Proofpoint, Inc. commissioned Forrester Consulting to field an online survey of email decision makers at large enterprises in the US as well as in the UK, France, Ger-many and Australia. Respondents were asked about their concerns, priorities and plans related to the content of email leaving their organizations. During March 2008, Forrester gathered responses from enterprises with 1,000 or more employees. In total, 424 valid responses were received, comprised of 301 US, 32 UK, 30 German, 31 French and 30 Australian companies. Respondents were qualified based on their knowledge of their organization’s email and messaging technologies. In all cases, respondents were either decision-makers or influencers of their organizations’ messaging technologies and policies.
Complete demographic information about the respondents and their organizations can be found in the appendix to this report.
|
