This eWeek story takes a look at the world of remote e-mail security. A frightening scenario is posed: The writer cites a white paper from Messageware that says people often access their e-mail from remote locales -- conference kiosks and Internet cafes are two of the examples -- and navigate to another URL without logging off. This, of course, compromises security in a big way.
A Forrester researcher suggests that online banks face the same issue, and handle it by timing out the password access after a predetermined -- and presumably small -- amount of time. Another option, which is offered in Messageware's NavGuard software, is to not allow users to navigate away from the Web access URL without first logging off.
This is but one of many concerns about e-mail. Indeed, e-mail security continues to be a major concern for enterprises and the analysts who cater to them. Earlier this summer, the Aberdeen Group released a report, "The Ins and Outs of E-mail Vulnerability," which looked at the costs of various e-mail security threats. These include viruses, hoaxes, phishing attacks and spyware. E-mail attacks, the study says, are growing in sophistication. Despite this, the minority of "best-in-class" companies are reducing losses. The release points out that combining e-mail and Web security is seen as a key to doing this.
Luckily, vendors see the opportunities and are introducing products to combat the threats. In early August, for instance, Proofpoint introduced Proofpoint on Demand. The platform, the company says, offers anti-spam, anti-virus, e-mail policy enforcement, data loss prevention and policy-based encryption. Also in August, IBM Internet Security System (ISS) unveiled a "virtual" e-mail security appliance. The story says the product is collocated with other applications instead of running separately. The virtual platform, based on ISS's Proventia Network Mail Security System, is said by the company to reduce costs and simplify the management.
Encryption, while perhaps not a cure-all, is a powerful weapon in the battle to secure e-mail. This Enterprise IT Planet story describes a variety of approaches, including endpoint-to-endpoint, gateway-to-endpoint, gateway-to-gateway and gateway-to-Web. As the names imply, the issue is what portion of a message's total trip the organization feels should be encrypted. Presumably, the choice affects cost and complexity.
E-mail is the lifeblood of many organizations. However, it also offers an alarming number of threats. Constant vigilance is necessary. The good news, as the Aberdeen study points out, is that disciplined companies aware of potential problems can effectively guard their messages.