Establishing Digital Trust: Don't Sacrifice Security for Convenience
As global IT director at Ampacet Corp., a large chemical manufacturer inTarrytown, N.Y., Woods has a staff of eight IT professionals who serve800 employees worldwide. Normally these numbers work, but when MyDoom andother high-profile viruses took down his messaging system early lastyear, that delicate balance was destroyed.
Woods was forced to outtask the security of his messaging system ratherthan tax his own IT team to keep up with the threats. Outtasking allowshim to offload one duty, instead of outsourcing his entire messagesystem.
''We deem our messaging system to be mission-critical -- it's theprominent source of communication between our user community and ourcustomers," Woods says. "[Virus outbreaks caused] not only a loss ofproductivity for users, but a lot of lost productivity for IT staff toreact to situations. In some instances, we spent days trying to eradicatethe worms.''https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i Woods says the worm annihilation process was draining for his team.
''Not only did we have to patch the server and scan for viruses, we hadto go to the tape media to restore files, then go to each desktop, patchthere and identify the corrupt data,'' explains Woods. ''We operate leanand efficiently. I didn't want to say to management that we neededresources to solve this issue.''
The Ampacet team looked for a suitable in-house solution. ''We searchedthe marketplace for add-on functionality, such as network appliances, butthe investment was too great,'' he says. ''We would have to maintain themourselves and the training and management were just too expensive.''
So Woods chose a different path -- outtasking. While the companymaintains control of its Exchange 5.5 servers, it contracts with Equant,a service provider based in New York City, for spam blocking, anti-virusand content filtering. The cost is a flate rate of $2.05 per user/permonth. Woods initially started with a pilot project of 100 users, but hassince expanded the service to the entire company -- even remote workers.
Equant uses FrontBridge Technologies software to intercept inbound e-mailfor customers and scans it for various threats. Alan Simpkins, practicehead for IT services at Equant in New York, says off-loading messagingsecurity lowers an enterprise's total risk profile.
''If you never get that e-mail in your network, then the likelihood ofhaving problems elsewhere is lessened,'' he says. ''There's no 'click onthis link' to worry about.''
Security experts agree that outtasking from companies like Equant,Postini and MessageLabs creates another level of complexity for ITworkers in an already-complex network -- but sometimes it's a necessaryevil.
''Filtering spam and viruses tends to be a game of one-upmanship,'' saysAndreas Antonopoulos, senior vice president at Nemertes Research in NewYork. ''As soon as you have a slight advantage, a new generation of spamand viruses comes out. Your only other choice is to spend money onsoftware and licenses and appliances to do this.''
He adds that message security requires constant attention from an ITstaff, especially in this era of compliance and regulatory constraints.
''Its not like an e-mail server where you're simply adding andchanging users,'' adds Antonopoulos. ''With security, you have to makesure that signatures are up to date and your anti-virus is up to date.''
The biggest problem for IT staff surrounding message security is handlingfalse positives. ''Something may leak through occasionally -- anexecutive didn't get his e-mail because it's in the spam filter,'' saysAntonopoulos. ''With the high volume of e-mail at most companies today,they don't have the resources to deal with these false positives.''
But some experts warn that outtasking could give companies a false senseof security.
''The drawback to these managed services is that if the mail has beendelivered through to your server before a fix has been issued for avirus, you could find yourself vulnerable to attacks,'' says Paul Stamp,an analyst at Forrester Research in Cambridge, Mass. ''You still needyour IT department at the ready when viruses hit.''
Woods agrees. He says even with the service, his team has been diligentabout keeping on their toes and heightening user awareness about viruses.
Stamp says he sees an additional opportunity for message securityouttasking.
''So far, these services have mostly been devoted to incoming mail but Ican see them starting to look at outgoing, as well,'' he says.''Companies in high-compliance areas like finance and health care coulduse these services for intelligent scanning of their mail to make surethat confidential information is not leaving the network.''