It almost goes without saying that email is the most critical application in use by organizations large and small. Email is used in virtually every organization by at least some, if not all, employees—and its use is growing at a rapid pace. Organizations increasingly use email as the primary method for communicating with employees, managers, customers and prospects. Four out of five organizations use email for critical activities like transmitting and accepting proposals, finalizing agreements and transmitting business-critical records of all sorts. Email has become the de facto file transport mechanism for almost all organizations and the best way for employees to communicate while at home, traveling, and at their desks. The Growing Problem with Inbound Email.
The dominance of email for corporate communication has been driven in large part by its extremely low variable cost, its ease of use and the fact that the SMTP standard has made email interoperable worldwide. However, these factors have also made email one of the most vulnerable infrastructure elements currently running on corporate networks and the avenue through which an enormous number of threats have entered these networks. For example, email is the primary avenue by which viruses, worms and Trojan horses enter corporate networks, causing problems that range from irritating pop-ups to the complete destruction of corporate data. Email has become dominated by spam with the result that three out of every five email messages received by the typical email user is an unwanted message. More insidiously, email is also the vehicle used by criminals to fraudulently obtain sensitive personal information like credit card or bank account numbers through what are known as phishing attacks.
Problems Start Inside the Organization, As Well.
The problem for those charged with maintaining the integrity of their corporate email systems, as well as those who use those systems, does not stop there. In addition to viruses, spam and phishing attacks, organizations are increasingly vulnerable to information that is sent not only to their users, but also by them. Audits of email content sent from corporate networks reveal that email users often—and typically inadvertently—send messages that contain sensitive corporate data like passwords, credit card numbers, intellectual property, and financial information. Further, many employees will say things in email that can have a serious impact on corporate reputations, often with embarrassing results for their employers when this information is leaked to third parties or is brought out during a legal action. Further complicating the issue is the growing array of regulations, such as Sarbanes-Oxley and the Health Insurance Portability and Accountability Act (HIPAA), that focus on the security and preservation of email content.
Email is Relied on More and Trusted Less.
Serious problems are being caused by this growing array of email threats. For example, while email is an excellent method for legitimate marketers to inform prospective customers about their offerings, spam has caused recipients to be very distrustful of any sort of marketing message received via email. Users increasingly employ email for sending file attachments, but viruses and other threats carried in attachments have forced organizations to increasingly block email attachments. The net result is that email is becoming increasingly important as a critical business tool, and trusted less by the people who need it.
Changes in the Email Landscape.
To combat the growing threats posed by viruses, worms, Trojan horses, spam, phishing, spyware, and other threats introduced to the organization through email; and to protect organizations from employees who often inadvertently send sensitive content out of the organization; people who manage email systems for their organizations must do more simply to maintain email’s usability and utility. A number of new protocols, techniques and best practices are emerging for protecting organizations from the growing variety of external and internal email threats, including domain authentication, traffic shaping, development of better email policies, user education, and other techniques and practices. New offerings from a growing array of vendors promise to combat email threats more effectively—while reducing the quite serious problem of false positives (tagging messages as threats when they are, in fact, valid messages), the bane of email threat management systems.
The Bottom Line for Messaging Managers.
IT staff and others charged with maintaining the integrity of their corporate email systems must continually do more with resources that typically do not grow as quickly as the threats that face them. Consequently, they must become more effective with the tools and techniques they have available. The good news is that vendors, like IronPort Systems, are responding to this challenge by introducing increasingly sophisticated systems that more effectively prevent threats from entering or leaving networks and that allow those who manage email systems to handle these threats more efficiently. In addition to deploying more capable systems, however, those who manage email systems must become more proactive by educating users about the dangers of email, establishing corporate policies about email use, and ensuring that users are familiar with and comply with these policies. In short, the combination of effective technology and a focus on best practices can help messaging managers to maintain email’s role as the corporate world’s most critical application. The booklet that you’re about to read will help you understand the key issues involved in protecting your email system—helping your users to get the most out of email and helping those who manage email for your organization to do so efficiently and effectively.
Email has become the world’s most important form of business communication. The low cost, high efficiency, and ubiquity of email makes us wonder what life was like before its widespread adoption. Today the question is no longer “do you have an email address?”, but rather “what’s your email address?”.
But email is a victim of its own success. The very attributes that make it so compelling for business communication, have also made it attractive to those who use it for illicit and illegal forms of marketing.
Today’s business email systems must contend with an ever growing volume of spam, viruses, fraudulent or “phishing” email, and (the latest scourge) email borne spyware. In addition to these inbound threats, companies are growing increasingly aware of the need to stop outbound threats— intellectual property leaving the company by email or outbound email subject to regulatory requirements.
Sagging under the weight of these unending threats, the infrastructure used to send and receive mail is entering a period of rapid change. New authentication protocols are being developed to attack the spam and virus problems at their core. Also, new techniques and standards are being developed for the handling of bounce messages, a huge headache for the entire Internet community.
This report will attempt to cover the basics needed for a modern email security solution:
1. Stopping Spam
2. Stopping Viruses
3. Protecting Your Identity
4. Outbound Scanning
5. Fixing Email
No comments:
Post a Comment