Email Security - What Are The Issues?
by Matthew Johnston - Senior Technical Consultant, Windows Management Organisation, Quest Software UK Ltd. -
In today’s electronic world, email is critical to any business being competitive. In most cases it now forms the backbone of most organisations’ day-to-day activities, and its use will continue to grow. According to the The Radicati Group’s study, “Microsoft Exchange and Outlook Analysis, 2005-2009,” the worldwide email market will grow from 1.2 billion mailboxes in 2005 to 1.8 billion mailboxes in 2009.

As email becomes more prevalent in the market, the importance of email security becomes more significant. In particular, the security implications associated with the management of email storage, policy enforcement, auditing, archiving and data recovery. Managing large, active stores of information takes time and effort in order to avoid failures – failures that will impact the users and therefore the business, undoubtedly leading to lost productivity. For secure and effective storage management, organisations must take a proactive approach and invest wisely in a comprehensive solution.

When considering a secure email storage management solution, a layered approach, combining both business processes and applications makes sense. By considering the service email provides to the business, email management can be broken down into a number of components: mail flow, storage, and user access – both at the server and user levels. Whilst each one of these components should be addressed separately, they must be viewed as part of a total security agenda.

Mail flow can encompass many aspects of an email system. However, the security of mail flow is for the large part focused around the auditing and tracking of mails into and out of the organisation. Monitoring the content and ensuring that any email that has been sent and received complies with business policy is fundamental. Proving who has sent or received email is a lawful requirement for many industries and email can often be used as evidence in fraud and human resource court cases.

Another key aspect of the management of mail flow security is the protection of the business from malicious or unlawful attacks. It is at the gateway into the mail system where a business must protect itself via a variety of methods including hardware and software protection systems, such as spam filters and virus scanners.

Storing of the actual email data includes physical storage, logical storage, archiving systems as well as backup and recovery solutions. The biggest security threat to any email storage system is the potential for mail data to be lost. Most organisations see this threat as existing in the datacentre and spend many millions of pounds on securing it. In fact, the threat is most likely to come from lost or stolen hardware, such as laptops containing offline email files. When you consider that the number of employees working remotely is growing, including those who only work away from the office periodically, email security on laptops becomes more significant. Providing a managed method of archiving and controlling this data is therefore essential.

When it comes to archiving, organisations should take a two-pronged approach, to reduce the risk and retain corporate knowledge. Firstly, users should be frequently educated about email retention policies. In addition, an archiving solution should enable administrators to remove items from users’ mailboxes based on administrator-configured options such as the age or size of a message. Administrators should be able to control, retain and backup the email files, by consolidating the information stored in email files whilst ensuring that users are prevented from simply creating new emails.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th