Messaging Compliance Keeps an Eye on the Exits

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

From the "Where Do We Send Our Resume?" Department:

In fact, Orchestria's director of sales consulting, David Miller, says its system once blocked one company's boss from sending a message that upbraided an underling with foul language. That further enraged the CEO, who told his compliance officer: "Don't (expletive) block me again," according to Miller.

The Associated Press story, here posted at Sci-Tech Today, is an interesting look at the broad area of messaging compliance software. While they vary broadly, these can be defined as software that digs deeply into content to enforce corporate policies.


For instance, one piece of software is designed to raise red flags if an email with sensitive data seems to be addressed to too many recipients. Another program can automatically encrypt sensitive data on employee hard drives. A third looks for certain words -- such as the names of competitors -- and keeps them off blogs written by employees. That functionality would have come in handy, an Orchestria executive points out, when Whole Foods Market Inc. co-founder and chief executive John Mackey posted a series of negative comments about competitor Wild Oats Markets on Yahoo Finance stock forums.


The applications described in the story straddle the line between security and regulatory compliance, and we certainly hope that it is as useful in real life as it is positioned in the story. While the author does mention the erroneous holding up of legitimate messages -- the analog of e-mail "false positives" -- the piece seems a bit Pollyannaish. We'd be surprised if the technologies described in the story work efficiently -- yet. The goal, however, is laudable.


The fields of information security and its cousin, compliance are facing a growing challenge: their tasks are rising in complexity as new applications and devices are added, while penalties for not adequately protecting data grow more draconian. The story says that this sector -- which it refers to as messaging compliance -- is moving beyond highly regulated sectors to companies interested in acting ethically and proactively protecting their reputations. This Jupiter Online Media feature doesn't mention messaging compliance until the end; instead, it uses the phrase "content monitoring and filtering," which appears to be a definition from Gartner. The analysts say that CMF is the performance of deep packet inspection on inbound and outbound communications. It includes the tracking of session and performance of linguistic analysts to enforce policies. The bulk of the story describes Symantec's Premium Content Control platform.


Symantec is not the only player in the game. Among the others are Reuters, which launched its Messaging Compliance Manager in June. The story -- which seems to be a repositioned press release -- says that the product enables financial institutions' messaging and collaboration applications to meet regulatory muster. The platform complements Reuters Messaging, which reportedly is used by 90,000 people in the financial marketing sector.


It is important to keep in mind that any new sector -- particularly in an area as active, broad and complex as security and compliance -- likely will feature tools and labels that partially overlap. Despite these nomenclature issues, this is an exciting and promising field. The key for enterprises is to decide whether to buy standalone products or wait until the technology is subsumed into broader security/compliance platforms.