Category Report - Email security

Category Report
10 March, 2009 16:25

Email security without the hype

by Rakash Gupta, CEO, PineApp

Barely a day goes past without a story warning us about the latest IT security threat and the potential damage it poses to an organisation. Whether it is the website of German interior minister, Wolfgang Schäuble, hacked by those opposed to his plans for biometric passports, news that a sizeable Facebook group has been seized by spammers flooding the group with advertising, or careless Twittering by a member of the US Congress announcing his alleged ‘secret' trip to Baghdad, IT security is a concern that pervades every level of an organisation, writes PineApp UK CEO Rakash Gupta















                                  Rakash Gupta

Whether it is a careless human error, malicious phishing attack or purely a misjudged sales tactic, many things have the potential to damage the operational efficiency of a company. But panicking and buying the first security solution that comes to hand can do more harm than good,

There are currently two broad categories of email-related threats; non-targeted and targeted. 

Non-targeted threats are randomly sent to organisations in the form of spam, phishing, vishing (where high-tech criminals use broadband phone systems to pry personal information via fake voice mail or computer-generated phone calls), backscatter and malicious code. 

Targeted threats, as the name suggests, are aimed at specific organisations and include Denial of Service (DoS), mail-bombing, Trojan horses, focused spam and SMTP exploits.  

In an effort to combat these dangers, anti-spam and anti-virus solutions are now accepted as standard practice by businesses wanting to protect their IT systems, but traditional wisdom would suggest that comprehensive protection comes at a rather hefty price.

As belts are tightened security protection cannot be ignored, however, not all solutions are prohibitively expensive. Implementing the proper steps should not have to be difficult. The trick is to choose a supplier that offers a good track record of producing reliable and frequent updates.

Security solutions need to be able to scale as the workforce contracts and expands with minimal effort 

Legal considerations will play a major role in your decision making process and changes to the regulatory requirements in the EU, for example, mean that companies in the finance and security industries now have to adhere to strict audit policies over emails to ensure that sensitive content is encrypted.

There are a number of compliancy laws that businesses should familiarise themselves with including Basel II, Sarbanes Oxley, PCI, Health Insurance Portability Accountability Act (HIPAA), SEC Rules 17a-3/a-4 and NASD Rules 3010/3110, Gramm-Leach Bliley Act (GLBA)‏ and the Freedom of Information Act (FOIA).

Furthermore, with a growing number of redundancies and threat of unemployment, information theft from within organisations is expected to rise as some disgruntled workers may try to exploit their employers' data. Again, secure, encrypted solutions that protect against this risk are vital. 

What to consider

Given the daily threats to company security in a regulatory culture where compliance requires mail encryption and vast amounts of storage, what are the key considerations for IT managers when it comes to email security and how can they be best addressed?

Flexibility

In a challenging economic environment, it is difficult to predict how the size and shape of a business will change. Security solutions need to be able to scale as the workforce contracts and expands with minimal effort. This will ensure your assets are protected regardless of the climate and you are not experiencing any unnecessary costs for upgrades or new solutions. Look for suppliers offering license fees that are not based on a ‘per user' or ‘per domain' basis. 

Productivity versus cost

In a five person office, where each member of staff gets paid £25,000 a year, here is a quick calculation of the cost of fighting spam in your inbox. 

If each member of staff spends 15 minutes every day deleting or forwarding spam, this equates to:
- £16.27 lost per day
- £81.37 lost per week
- £325 lost per month
- £3,906 lost per year

Future-proofing

The volume and nature of internet-borne threats changes every minute and companies should focus efforts on deploying security solutions that can not only protect against current dangers but also protect against future threats to the company. 

The size of today's new generation of spam has grown quite significantly and this is reflected in the amount of space it now takes up on a server. 

Perimeter security measures can block these unwanted messages before they arrive in your inbox. In fact, industry leading solutions offer Envelope Level Protection, which means that spam and malware threats can be rejected before they have even hit your gateway, freeing up bandwidth and network resources. This approach also saves the organisation from having to upgrade its current system and it can help protect against Denial of Email Service attacks (DoES), mail bombing and relay exploits.

Fit for purpose

Today, there are plenty of open source solutions designed to tackle email security threats. However, without a solid foundation of corporate research and investment these solutions do not have the intelligent barriers of their industrial counterparts. While it may seem an obvious cost cutting exercise, businesses may find them unsuitable for large-scale use.

PineApps MailSecure prices

No cost per user, domain, server, additional sites, load balancing, fallover or mirroring. No cost for any corresponding Microsoft client or server/database licences.

Price example:
- 5 to 30 users: MailSecure 1010  £990 
- 25 to 60 users: MailSecure 1020  £1,145
- MailSecure appliances include 24x7 support for the first year, firmware updates, spam and virus pattern file updates.
- Remote support and trouble shooting
- Next day hardware swap-out and warranty
There is no fixed limit on the number of users, but if you are planning on a 1,000+ user roll-out you would experience a significant slow-down on the server.

Consultative approach

IT security is often outsourced by SMEs simply because their size does not justify having the support in-house. 

Since security is a high risk area, if you decide to outsource, it is vital to work with providers that not only understand the dynamics of your business, but also appreciate any potential financial limitations and are able to provide you with the right solution at an affordable price.

If you use a managed email, or managed archive/storage solution already, do you know in which country your private data is actually stored?

Malware threat

Viruses, worms, Trojans and all the rest of them will not disappear overnight; just look at how quickly the Conflickr B Worm spread through networks and offices. 

But there is nothing stopping organisations from taking adequate measures to protect themselves. Reducing the threat from malware need not be a headache. By picking the right solution you will also stand a good chance of increasing employee productivity, since they will be spending less time clearing spam out of
their inboxes every morning.

Do not be fooled by the scaremongers and do not believe the hype - simply choose a supplier that can match your budget and business needs, and
your troubles, in this space at least, should be over.

PineApps at a glance

PineApp specialises in security products to secure networks and email systems. Mail-Secure is a perimeter security appliance that protects the company and its networks from malicious email and spam attacks. Surf-Secure is an in-line, real-time filtering appliance for internet-based threats and web surfing policy management. Secure-SoHo is an all-in-one security solution for small businesses. Archive-Secure stores email to meet legislative requirements for email retrieval by encrypting and storing all email communications based on pre-defined rules for retention and recovery policy. http://www.pineapp.com/