While companies understand that they need to protect themselves and their employees against content security threats (such as the circulation of inappropriate material, litigation, spam, loss or corruption of data, viruses and malicious code), they also need to consider how email and web security can boost productivity.
Email is rapidly changing the way business is conducted and is proving to be an invaluable communication tool - IDC predicts the 9.7 billion messages sent worldwide every day in 2000 will soar to 35 billion every day by 2005. With this explosion of electronic communication in mind, there are real opportunities for companies to embrace content technology to enable productivity gains rather than simply using it for defensive and protective measures.
The Threats
There are many ways in which email and web security systems can be used to optimize business efficiencies. Many organizations today are familiar with the risks of giving employees unlimited Internet access at work but it is as much about managing large attachments to maximize bandwidth, as preventing workers from 'leisure surfing' during office hours.
Email and the Internet have become indispensable tools for employees, who use them both for work and non work-related communication. Work-related communication such as sending out corporate information (intentionally or not), as well as social interaction (sending and receiving junk email; creating spoof emails; surfing non work-related web sites), could all put corporations at risk. This was especially evident over the festive season, as many employees made use of fast Internet access to do online Christmas shopping and source e-cards for the season.
As well as using the Internet and email for recreational purposes, a recent industry survey found that 60 percent of respondents had experienced internal security breaches by employees who had been using company computer resources for personal profit (through the use of spam or from visiting gambling, share dealing and other personal e-commerce sites). (Figure taken from Information Security's fourth annual industry survey.)
In addition to the threat of lost productivity, companies that are using email are also opening themselves up to the threat of spam. The increasing incidence of spam is rapidly becoming a serious problem as it distracts employees from their work and it can lead to a degradation in network performance. A statistic from the Coalition Against Unsolicited Commercial Email (CAUSE) estimated that an 1,000 user network would receive over two million spam emails each year at a cost of $6.5 million (see Table 1).
In a global survey of Internet sites by Jupiter Communications, the majority reported that traffic to their site is heaviest during work hours. The survey found 14 percent reported that traffic was highest from 7 a.m. to 10 a.m., 24 percent stated it was highest from 10 a.m. to 2 p.m., 24 percent from 2 p.m. to 5 p.m., 20 percent from 5 p.m. to 8 p.m., and 18 percent from 8 p.m. to 7 a.m. These figures illustrate that the majority of surfing is conducted during office hours. In fact, a new IDC report (commissioned by Baltimore's MIMEsweeper on policy based content security) found that 70 percent of non work-related e-business is conducted at work and 50 percent of Internet activity conducted during office hours is not related to work.
The distraction of non work-related email can also have a disastrous effect on productivity. Though many employers are happy for their workers to send the odd non work-related email, they might take a slightly different stance if the office joker is sending thousands of jokes each year. Furthermore, inappropriate emails can quickly waste the time and money spent building the company's brand and reputation. One U.K. law firm found its reputation for discretion and confidentiality questioned after a hapless girlfriend had a highly personal email to her somewhat indiscreet boyfriend circulated around the company and ultimately forwarded to over 20 million people worldwide, as a result of which five lawyers were suspended.
Perhaps more of a worry though is losing competitive advantage through the loss of confidential information - data can be released by email without authorization, or secretly stolen (cyberwoozled) via malicious code on the Internet. About 90 percent of any company's intellectual capital - their inventions or concepts - can be found in a digital format. Of that, 45 percent of those corporate ideas are stored in an organization's email system at any time (see "Email Security," SC Magazine cover story, August 2001).
The Opportunities
In addition to putting a plug on these productivity drains, there are also clever ways in which flexible email content security software can open the organization up to new opportunities. Content security is a business enabler, enhancing the brand and promoting trust in the company. This includes making the Internet a trusted environment in which to conduct partner and customer relations and e-commerce via the web, extranets and intranets.
Incoming emails at a company's helpdesk, for example, can be automatically checked for certain words or phrases, e.g. product brochure, contact information, annual report, etc. All email requests can then be automatically categorized and re-rooted to the respective point of contact within the organization. In addition to automatic filtering of incoming emails, emails containing specific requests can trigger an automated response email with the requested information, which could read "We have attached the information you requested on product xyz..." The cost and time-saving features of these examples show the strong benefits of the deployment of a content security solution.
Large attachments can also be more effectively managed so that they are parked outside the network until the end of office hours. This ensures that the network bandwidth is fully maximized and communication speeds are optimum. In organizations or departments where employees may be sending and receiving large attachments (such as marketing and video-editing) the network stands to benefit enormously from effective attachment management.
It is not just attachments though - corporate users are either blissfully unaware or completely ignorant of the network bandwidth consumption associated with downloading large graphics files, playing online games, or accessing streaming audio/video. The large file transfers can degrade network performance for all users. In fact, an IDC survey indicates that enterprises are particularly concerned with bandwidth consumption by unwanted or excessively large email files. Bandwidth problems rank number 4 among email users' worries (see TechWebcom, August 20, 2001).
In order to fulfill the potential of email and web systems, it is important that organizations implement a well-thought-out policy so that employees and employers know where they stand. Policies clearly define what is acceptable and unacceptable business and personal use, and enable businesses to achieve return on investment and increase business growth. Policies determine how different emails are dealt with in each department of an organization - so for example, any emails containing large graphic images can be immediately quarantined whereas similar emails heading for the marketing department are allowed to pass through to the recipient - or scheduled to be processed outside working hours if over a certain size. We believe that only 30 percent of implementing an effective content security system is down to the technology, the other 70 percent is about policy.
Furthermore, the manageability and reporting capabilities of some policy-based email security software enables the corporate IT department to easily identify employees who abuse corporate Internet privileges. It allows for corporate policies to be set up to provide groups of users with varying allotments of personal Internet time and bandwidth. Therefore, a policy can be set to monitor overuse only. Also, the internal charge back for network costs can be fairly allocated to specific cost centers.
A further business enabler is the flexibility that can be introduced to boost employee morale - for example, employers can actually allow employees to visit web sites for personal use within defined guidelines - e.g. Hotmail/Yahoo allowed after 6 p.m. It is one thing to limit employees' access to the Internet, ensuring that non-productive sites are not visited, however, a company may decide to allow their employees to visit Internet based email sites such as Hotmail because, in the company's eyes, this keeps employees happy. However, confidentiality and security protection - and employee privacy - can still be maintained.
With a well-defined email and web use policy in place, companies will be able to configure email systems so as to maximize the opportunities that email and the Internet present, without making themselves vulnerable to e-security threats. With IDC's prediction that the number of emails being sent worldwide each day will rise from 9.7 billion to 35 billion, the need to implement content security will become paramount to business efficiency. IDC expects the worldwide content security market to reach $4.2 billion by 2005, with the Asia-Pacific region posting the highest average annual growth rate of 85 percent from 1999 to 2004.
In the current economic downturn, optimizing productivity is not just important but fundamental to an organization's survival.
Alyn Hockey is vice president of research, Baltimore Technologies' MIMEsweeper group (www.baltimore.com).
