Why Now is the Time to Review Corporate Email Security
Published: April 18, 2011
Author: Denis Batrankov, Microsoft MVP - Enterprise Security
Does your corporate email make it comfortable for employees to do their jobs? Many IT professional assume that internal employees use corporate email to do their jobs. But is this a reality?
For example, consider the following exchange, in which an employee from a large corporation receives a phone call from a customer or partner:
How often does this situation, or one like it, happen in your company because of out-of-date spam filters? And, how often do people outside your company, or even your own employees, have their communications inhibited because the size of an email message is limited to 10 MB, or because your corporate mailbox limit is exceeded and the mail server prevents you from sending important and urgent mail? Often, in order to do their jobs, people have to use alternates to corporate email—and these workarounds might not conform to corporate policy. So, have you done everything you can to help your employees use your corporate mail easily, successfully, and with adherence to corporate policy?
Here are some considerations to keep in mind in order to make your corporate email work effectively and safely for your employees and your customers or partners:
Many companies installed antispam solutions years ago, so they have assumed that the spam issue has been resolved. However, these solutions need to be updated, and many IT professionals find it challenging to keep up with the new options. This is understandable, because with many good commercial solutions on the market, it’s difficult to learn about them all. But, it’s important to be proactive: Become familiar with the latest technologies and deploy the one that’s best for your company to your mail server. And, consider whether you want employees to be able to access the mail that has been quarantined individually, or whether you want to run antispam protection that is integrated with the mail client.
Mail Server Engine
One of the many advantages of cloud computing is that it is available everywhere. So, do smaller companies need to buy their own mail servers, and then install and manage them? Or, are cloud services an option? When considering on-premises solutions versus those in the cloud, it’s important to calculate costs. Cloud services are often 50 percent less expensive than implementing the same services on premises, and there are many companies that provide cloud-based services and technologies, such as Microsoft Exchange Online. If you like features such as calendaring, scheduling meeting rooms, and even ordering equipment—such as projectors for a presentation—to facilitate those meetings, you can provide these services through an on-premises server engine or through cloud services.
Many people access their email through their cell phones or PDAs, and they use web interfaces not only to check email, but also, for example, to check presence—to see if a friend or colleague is online. When people come to your company—as employees, or as customers or partners—they expect that you will be using these new technologies and be able to provide access to them through your company’s IT infrastructure. If you don’t meet these expectations, employees will use external tools to access the capabilities they need and want. However, it’s important to understand that because you cannot fully control external services, company security will be at risk. Even if your company’s IT infrastructure is in transition, you should still manage what employees are doing—what applications they run, how secure these applications are, and what vulnerabilities you can detect.
These days, we create and send huge documents. For example, it is normal for me to receive a 40 MB presentation from a colleague. Are your mail servers ready to handle documents of this size? There are many ways to save mail-server space, and you can provide additional features by placing files in internal storage locations and sending only links to those resources.
Now is the time to implement your mail servers in a more secure and comfortable way, safeguarding your corporate email while providing employees with the services they need and want. But that’s not enough. For the best security, you’ll also want to check your file server infrastructure, firewalls, intrusion prevention systems, antivirus and antimalware protection, and data loss prevention DLP systems.
About the Author
Enterprise Security MVP Denis Batrankov has worked in the security industry for 18 years, starting as a programmer and security administrator and eventually landing in his current role as Solution Architect for HP TippingPoint.
Denis specializes in practical ways to protect corporate IT systems against emerging IT threats and enjoys delivering information about the various tools available to today's IT professional from firewalls and intrusion prevention systems to security scanners, deep packet inspections, and Web filtering.