Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Wednesday, April 27, 2005

Be Aggressive With E-Mail Policies

An aggressive, strategic, and proactive approach to e-mail hygiene is essential for businesses, large and small, according to Matt Cain, senior vice president at the Gartner Group, who participated in a recent webcast sponsored by IT Papers and CNET Networks.

“In the last three years the amount of interest in e-mail hygiene has increased dramatically, especially in light of regulatory compliance issues,” said Cain, who acknowledged that message hygiene is a broad topic and spans multiple tiers.  “It is more than just a security issue.  Mail hygiene effects all parts of the organization, and Cain suggested that the legal department be brought in as organizations establish an overall e-mail policy.  There should be a common policy engine that stitches everything all together,” said Cain who suggested that the policy-based approach is necessary to manage this very complex environment.  Many regulations are specific to e-mail activity within an organization,” Cain said.  “Not everyone in an organization requires the same kind of hygiene.”

There are more pushes for increased privacy and everyone wants to have encrypted messages with no effort from the user.

“I’m not sure that magical target will ever be reached, but you do need something sitting at the gateway that recognizes key words,” he said.  “From a regulatory compliance perspective, archiving has been a particularly fascinating topic over the last 12 months, and there has been quite a bit of acquisition activity and consolidation in this market, according to Cain, who points out that finding the right vendor is not easy.  Too many organizations focus on the initial cost of software and fail to consider the whole lifecycle and resultant storage costs,” he said.

“Budgets need to be expanded to accommodate growing hygiene and management complexity.  Policy driven e-mail services are required to lower overall costs.”

Before introducing his company’s product mail security product Pure Message, Mark Borbas discussed the role of archiving and content management since e-mail has become de-facto record storage.  “E-mail architecture has been restructured in the last five years.  Very few of us delete e-mails and we are asking a system to do a lot more than it was designed for,” Borbas said. 

Organizations are looking to automated identity management systems to fulfill the privacy and access requirements of regulations like HIPAA and Sarbanes-Oxley.

Posted on 04/27