July 29, 2008

Alan Pelz-Sharpe, CMS WatchThe sheer volume of e-mail that passes through our organizations means that we have to accept that security can never be 100 percent. And before we get paranoid about stopping malicious e-mails from the outside, we need to remember that the most damage often is caused by those we employ and who have full and secure access to our systems.

That said, there are some common-sense precautions and prescriptions that need to be heeded. Clearly you need to filter out spam and malicious e-mail, and there are a plethora of solutions on the market to do that. It also makes sense to monitor e-mail for keywords and keyword combinations that potentially signal wrongdoing by internal staff. But these systems, though of value, are not as thorough as you might think.

Frankly, your best bet is to be in a position to defend yourself and detect wrongdoing as soon as possible after the event. Capturing all e-mail securely and directly from the mail server (not the gateway), filtering out duplications and then archiving all the remaining e-mail in a single location -- enabling easy, fast and thorough searching -- is the best you can typically do.

The truth is, e-mail will likely remain your Achilles heel for some time to come, and software vendors in this space seldom deliver as promised. To manage e-mail securely and sensibly, you need to make use of the archiving, management and monitoring options out there -- but you also need human resources, policies that are enforced and, most of all, a realistic attitude.