When it comes to securing the messaging infrastructure from malware and network outages, enterprises typically have two options: do it in-house or get a third party to host their e-mail environment.
If they opt for the latter, the level of IT data security can be a big concern for enterprises, a recent study says.
More than 86 per cent of businesses surveyed by Osterman Research Inc. in Black Diamond, Wash. said data security is a significant concern when they consider outsourced service providers.
More than half the companies polled said they are not comfortable outsourcing data archiving services because of concerns around IT security.
The report titled Messaging Security Market Trends 2005-2008 found enterprise security requirements have increased due to new compliance regulations. Businesses, the report said, have to do more than just scan inbound messages. Now they have to also check outbound messages for content and possible confidentiality breaches.
Three out of ten organizations polled have had one or more e-mail messages intercepted, while more than one in five has experienced a hacking attack on an application server.
According to Osterman Research president Michael Osterman, the onus to improve security levels is ultimately on the outsourced service provider, so companies feel secure in sending data to a third party.
Indeed, e-mail security has been a hot topic of late.
Earlier this year Symantec Corp. unveiled a hosting service (Symantec Hosted Mail Security) that filters spam and viruses and controls compliance for companies. And earlier this week, Microsoft Corp. announced its plan to purchase Marina Del Rey, Calif.-based FrontBridge Technologies, provider of an online service for securing and archiving e-mail.
According to the Redmond, Wash.-based firm, it intends to continue running the company and offering a service to provide end users with archiving features targeted at e-mail disaster recovery and compliance, spam and virus protection.
The message compliance service includes archiving, retrieval and reporting services for e-mail and instant messages, while the security component of the service is based on multi-layered filtering technology and encryption, Microsoft said.
Chris Tebo, chief technology officer for Toronto-based message archiving and compliance software provider Fortiva Inc. said encryption is one way to improve security levels in outsourcing. The firm dubs its technology DoubleBlind Encryption, which is featured in its Archiving & Compliance hosted messaging product suite. The appliance encrypts data at the customer site before it leaves the corporate network, Tebo said, keeping it encrypted both in storage and transmission.
Tebo acknowledges there is an inherent risk in outsourcing but notes that companies must be careful when choosing a hosting provider. "The further that data gets away from its owner, the more you have to concerned about who has access to it.” But he said there are also security risks in internally managed messaging environments.
Ultimately, using an encryption technology model represents a best practice that not only makes outsourcing an appealing option but also allows companies to focus on core competencies, he added.
Security has always been a concern for companies when it comes to outsourcing, Osterman said, adding that choosing to outsource the messaging environment may not necessarily be about gaining a competitive advantage. Rather, the decision should be made based on providing the best overall level of security for the organization, Osterman said.
