What we are looking at this month is protection of information on the internet. The problem really is that simple. The solution set, not so much.
We need to consider all of the traditional facets of information security when we consider protecting information on the internet. These really break down into two overarching domains: data at rest and data in motion. When we think about data at rest, we now must consider the cloud and what we may have stored there. Clouds come in lots of flavors, but we can think of them as public or private – with the operational differences being those of control and legal/contractual constraints.
When we think of data in motion, we must consider email, file transfers and data exchanged application to application or between users and applications. All these issues point us back to the first principles of identification, authentication and authorization. It all harks back to the fundamentals, whether we are concerned about unauthorized interception of email; social engineering, such as phishing in its various forms; or access to data in the cloud.
Actually it is not that simple. So I was pleased to see the emerging products that we examined this month. These products address internet fraud prevention. They address this challenge in various creative ways, but it comes back to doing the things we all know about in a much more complicated environment than we may be used to. What I found gratifying is that issues, such as social engineering, are being recognized as the focus of today's fraud attacks. That should not be surprising. Fraud always has been predicated on some form of social engineering. The only difference is that we simply used to call it a con.
Next we address the most obvious data in motion on the internet: email. Our group review this month focuses on email security and content management. Email has been and continues to be a primary delivery vector for malware. This month's products address that problem head-on by managing and securing content with encryption.
I also want to introduce a new member of the SC Labs team: Kevin O'Connor. I enjoyed reading Kevin's reviews this month and I'm sure you will too. Check out his bio on our site. So, with that, on with the show.