Email Security - What Are The Issues?
by Matthew Johnston - Senior Technical Consultant, Windows Management Organisation, Quest Software UK Ltd. -
Organisations must plan for the inevitable request to recover data from backups and archives. For the most critical users, such as company executives, many administrators have turned to slow, expensive brick-level backups to provide quick restoration of data to a select few. However, with the onslaught of regulations dictating email retention policies, organisations need to have a comprehensive recovery plan for their entire organisation. For example, Bank of America was fined $10 million USD in March 2004 when it failed to turn over messaging data to the U.S. Security and Exchange Commission (SEC) in a timely manner (currently interpreted as only 36 to 72 hours). Faced with this challenge, the traditional method of restoring lorry loads of backup tapes to find all the communications that fit specific criteria is extremely time consuming, and not entirely accurate.

An email recovery solution must allow for individual, message-level items, including; messages, appointments, tasks, contacts, and attachments to be quickly restored from regular backups and information stores without setting up a dedicated recovery server.

A large risk to email data within the enterprise is unlawful access to highly sensitive mailbox information. Without a method to both secure and audit this access, there can be no guarantee that data is in fact secured. This can be any link in a lengthy chain, all the way from the administrator resetting, and therefore knowing, the CEO’s password through to proving that some other party had access to his/her mail account. Authentication and mailbox data security are both constant battles that need to be monitored closely to ensure that the critical data contained within the email system is available only to those for whom it’s intended.

The email client is another threat to the security of a business’s mail system. It is here that often the greatest threat to the businesses is found. With the increased viability of email access via the internet, another level of process and control needs to be addressed. Although secure when implemented properly the potential for people to illegally access this information is much higher. Consequently, organisations must focus their attentions to not only addressing the immediate security threats of the standard mail client from viruses and the like, they also need to invest in strategies for the control of access to mail data via the internet.

Of this ever expanding email market Radicati reports that Microsoft’s Exchange server currently commands a 33% market share of the in-house messaging software market. This is up from 31% in 2003 and expected to reach 39% by 2009. With the release of Microsoft’s Exchange 2003 we have now seen a more secure and manageable mail system. However, creating any secure email environment that can be managed efficiently and proactively requires a solution that addresses all of the issues, without exception. As with Exchange, this will usually involve the use of third party add-ons. Only then can a business be confident in its knowledge that the security of its email system is not being compromised.


What's the real cost of a security breach?

The majority of business decision makers admit that their organisation will suffer an information security breach and that the cost of recovery could start from around $1 million.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th