What began as a communication tool for the academic community is now rated as the most critical form of business communication.
Despite its ubiquity, however, email is increasingly unable to live up to the high expectations demanded by businesses. It has become a victim of its own success – whereas it once improved efficiency and helped to reduce operational costs, email is now hampering productivity and draining IT funds and resources.
Coping with growing traffic volumes and increasing attachment sizes pales in comparison to the problems and disruption caused by the increasing misuse of email systems.
Figures from the UK's Department of Trade and Industry reveal that half of businesses fell victim to either a virus or distributed denial of service attack in 2003, compared to 25 per cent the year before. This increase is not surprising, considering the sophistication and high number of variants of recent viruses.
Viruses, however, are not the only threat to organisations' productivity – the other much-hyped email criminal is, of course, spam. Yet blaming just viruses and spam for email's fall from grace would be short-sighted – the application's own architecture is also contributing to its demise.
The protocol that underpins email – Simple Mail Transfer Protocol (SMTP) – was developed more than 20 years ago for a climate equivalent to today's text messaging. In fact the root cause of many of today's email threats can be traced back to the anonymous nature of SMTP, which assumes that you are who you say you are.
At the time email was developed, it was inconceivable that a sender would falsify their identity. As the birth of phenomena, such as phishing, has demonstrated this is by no means still the case.
It is not surprising therefore that validating identity is becoming an increasingly important part of the email process for IT departments. Identity is the most effective way to protect the integrity of email, and by combining this with reputation, organisations gain increased granularity beyond binary black-listing and white-listing.
The importance of identity will grow to such an extent that in three to five years' time, we will all be using an authenticated email system. Those organisations that fail to embrace authentication will find themselves – and their mail – treated with suspicion. Messages will be blocked while extensive tests are carried out to prove the origins of the mail – a delay that could have massive performance and business continuity implications for the sender.
To ensure business critical mail does not suffer this fate, IT directors need to look at how they can not only authenticate their outbound messages, but also identify and prioritise inbound emails from trusted senders.
Signing up to white lists and setting tighter firewall parameters is just the beginning of a massive change in the way organisations use and manage email. The design of the current system provides malicious individuals with the invisibility cloak they need to carry out their activities. Authentication will destroy this protection, and give IT directors the help they need to reinstate email as a critical and efficient communication tool.
Steve Ronksley is European managing director for IronPort Systems
