Five mistakes users make when securing e-mail
Computerworld - E-mail has become an important application on corporate, service provider, education and government networks, and securing it is equally important. Although some things in life can work 90% of the time and it's good enough, customers' dependence on mission-critical e-mail communications requires that the right e-mail security solutions work 100% of the time at the highest levels of effectiveness.
Accordingly, when organizations select and deploy what they believe is the right solution, they need to follow certain guidelines to prevent mistakes that could jeopardize the whole network.
Here's a list of top mistakes that many customers make regarding e-mail security:
1. Running security software on an insecure operating system
Insecure operating systems like Microsoft Windows or even Sun Microsystems' Solaris have many public exploits that hackers can take advantage of and technical documentation for the world to see. Many administrators deploying these products at the edge of their networks forget to harden the operating system from attack. The result is that hackers can seize control over executable environments that are left available, ports that are left open and services that are left running for non-e-mail applications such as FTP or Telnet.
2. Using only desktop antivirus and antispam software
Many companies think desktop software solves the problem. However, this approach creates the problem of junk mail and malicious e-mail that traverses the internal network creating significant risk of exposure and then gets to the core mail server where it wastes storage and process resources. Desktop software is often controlled by the end user and can be disabled, or it may not be updated often enough to yield the highest levels of protection. By using an e-mail security gateway appliance, end users need not worry about desktop-based updates or installations because security is done by the IT department and through intelligent, self-updating appliances within the network.
3. No outgoing protection
With many viruses propagating via e-mail, no business wants to let spam containing a virus like Sobig to get sent to its partners, suppliers or customers. Some customers, such as service providers or educational institutions, also need to watch out for the "spammer" within their network. Outgoing filtering can reduce these risks. In addition, using filtering and policy enforcement features can prevent leaks of sensitive information and filter out inappropriate content such as profanity or harassment.
4. No redundancy of gateway
Your home alarm system is effective only if it's working properly. It's the same with e-mail security: It needs to be running and providing protection around the clock. The right solutions need to have built-in reliability and system redundancy to recover from a power loss and to ensure that no critical e-mail messages are lost or corrupted.
5. No logging or reporting
Just as companies can view employee activity on the telephony network using call records from bills, the same approach should be applied to e-mail, so managers and IT administrators can get a bird's-eye view into e-mail activity. IT managers should know who is sending large volumes of outgoing e-mail, who is sending e-mail to competitors or who is having inappropriate communications with other employees or outsiders via e-mail. This is especially important for regulatory compliance and increasing corporate liability concerns.
Jeff Brainard is a senior manager at Mirapoint, a provider of e-mail server and security appliances based in Sunnyvale, Calif.
- E-mail: Big Decisions
- E-Mail: Suite Dilemmas
- Keeping a Tight grip on E-Mail
- You go First: Making the E-Mail Upgrade Decision
- QuickStudy: Collaborative Software
- The Almanac: E-Mail
- The End of E-Mail
- Editor's Picks: The Best of Our E-Mail Coverage
- E-Mail Horror Stories
- Five Mistakes Users Make When Securing E-Mail
- Sharky's E-Mail Inbox
Read more about Applications in Computerworld's Applications Topic Center.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
Red Hat Enterprise Linux - The Original Cloud Operating System
Linux adoption is growing against a number of measures, such as the
number of supercomputers that run Linux and the size of the contributing...
- OpenStack Hype vs. Reality: CIO Quick Pulse Open-source architecture can enable IT departments to build infrastructure-as-a-service (IaaS) clouds running on standard hardware.
- Building a Bridge to the Next Generation Data Center Selecting a widely adopted operating system is a foundational component of a standardization strategy.
- OpenStack and Red Hat: IDC White paper Most OpenStack deployments are by public cloud providers that are early adopters of technology and use OpenStack in a do-it-yourself deployment and support...
- Live Webcast Best Practices for the Hyperconverged Enterprise Network To the Age of Constant Connectivity and Information overload
- Live Webcast Unmasking the Differences between Consumer and Enterprise File Sync & Share The consumerization of IT combined with the rapid pace of the modern mobile workplace is forcing enterprise IT teams to evaluate file sync...
- Live Webcast Government Agency Webifies Outdated COBOL Applications Let this CTO tell you how his agency converted 1980s-era green screens into an e-filing portal for the 100,000 cases handled each year...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,...
- Getting Ready for BlackBerry Enterprise Service 10.2 Find out how BlackBerry® Enterprise Service 10 helps organizations address the full spectrum of EMM challenges, while balancing the needs of both the... All Applications White Papers | Webcasts