Business email has IT organizations caught between a rock and a hard place. On the one hand, email has become the communications vehicle of choice for efficient, low-cost interaction with associates, partners, suppliers, and customers around the world. On the other hand, email is the primary vehicle for hackers, phishers and spammers.
The ever-increasing volume of messages a company sends and receives every day places a severe strain on email servers and storage systems. And with organizations facing increasing pressure from laws and regulatory agencies that require the retention, supervision and availability of email records it is increasingly important to protect and properly store the messages.
To continue to enjoy the convenience and cost-effectiveness of email, enterprises need to establish a flexible email infrastructure that protects email systems from accidental or intentional disruption and effectively addresses the financial and data management challenges of storing such large volumes of email records.
The Email Lifecycle
The lifecycle of each email message is marked by four points in time: when the email arrives from outside the network, when it leaves the corporate network, when it is transmitted internally among associates, and when it is transferred to storage.
As data traverses the messaging infrastructure, it can be exposed to a number of risks. Incoming email may include spam and phishing attacks as well amongst the legitimate mail. Outgoing email and internally transmitted email could harbor viruses and confidential content. And the volume of email to be retained is often so large that it slows the performance of the business critical-and expensive-primary servers on which it is stored.
Guarding the safety and accessibility of messaging information requires organizations to control and manage its flow through the email lifecycle. From the earliest point of entry to its eventual storage location, email needs to be protected from threats and kept easy to retain and retrieve. To begin, we need to identify email's earliest point of entry to the network and what can be done at that level.
Defensive Lines
The typical first line of defense against unwanted email content is the end user. Employees are cautioned to follow email usage policies and best practices. By not replying to spam messages, ignoring unsubscribe links, and only opening trusted attachments end users can effectively mitigate risk.
Better yet, however, is an environment wherein unwanted content is eliminated long before it reaches email gateways or user inboxes. This approach adds another layer to email security defenses traditionally placed at the server and individual mailbox levels, where virus scanning and filtering often are the technologies of choice. But the effectiveness of filtering is augmented by antispam technologies that are just now emerging.
"Sender reputation" and "traffic-shaping," are complementary technologies sitting at the edge of a network, operating much like a router, passively inspecting Port 25 or Internet email traffic. Unlike traditional spam filtering technology that operates at the inner SMT layer, these technologies work at the outer TCP/IP protocol layer.
As email arrives from the Internet, the sender reputation technology tracks both the source address for each email stream, as well as the quality of the messages being sent by any of those systems. It dynamically determines which servers are senders of good, non-spam email, and which senders deliver spam, and subsequently have a bad reputation. The traffic-shaping technology then limits the bandwidth and resources that spammers can use, causing spam to back up on the spammers' servers. As a result, spammers can no longer afford to send spam to your protected environment, as it ties up their own resources, which results in a significant reduction of spam even hitting your network. Because this technology does not completely block domains or delete individual messages, legitimate email cannot be lost, which eliminates false positives.
Complementing this approach, integrated virus detection and antispam technologies, that use constantly updated definitions, based on the latest attacks, this solution greatly reduces the amount of harmful email content that reaches the end-user. Ancillary benefits include reduced load on downstream message stores, archives, and end users; fewer non-business emails requiring archiving and end user review; and improved scalability of existing systems. In addition to threat controls, integrated content controls, often referred to as content filtering, can be used to enforce both email usage polices, i.e. what may or may not be sent through email, as well as regulatory compliance policies.
Retention and Retrieval
Email systems are designed to quickly send and receive messages, but are ill-equipped to serve as a short or long term message storage option. Messages often must be stored on network file servers or email servers, or users are tasked with storing their own emails on desktops or laptops. These approaches are not only expensive but precarious as email systems are susceptible to corruption, availability issues, user mismanagement and backup challenges.
Email storage has become a business priority, particularly as industry and government regulations include it as a best practice for information management. As a result, organizations must be able to minimize the size of primary storage and use the more cost-effective secondary storage capabilities offered by integrated archiving systems.
Message archiving systems allow organizations to automatically move messaging content to a secure, fully searchable online repository for safe-keeping. Policy-based message selection is automatic, allows messages to be compressed and a single instance storage policy is applied to reduce primary storage requirements and costs. In addition, the online repository is fully searchable via a web-based search function, allowing users to quickly and easily locate and recover specific messages or attachments, significantly improving user productivity and collaboration.
A secure archive allows customers to demonstrate compliance with laws and regulations governing the retention and supervision of email, and enables appropriate legal personnel to comply fully with a subpoena that requires the discovery and presentation of specific records. For an even more resilient infrastructure, these security and availability technologies can be combined with data protection tools such as backup, recovery, storage management, and clustering to create an environment that is both flexible and protected.
Spam, viruses, and other unwanted email content will likely continue to proliferate throughout the Internet, putting the viability of email at risk as message volumes increase at unprecedented rates. To protect their investment in email information and infrastructure, organizations can employ a more holistic approach to security and availability that leverages new and proven technologies across the email lifecycle to keep this critical communications tool-and the business it supports-up, running, and growing.
About the Author
Chris Miller is a Director of Product Management at Symantec,
responsible for its gateway security software offerings, including
solutions that address virus protection, spam prevention and policy
enforcement in enterprise messaging systems. Chris has been with
Symantec for seven years and worked in various product management
capacities in North America and Europe, primarily focusing on network
security solutions.