The 2006 Messaging Security Benchmark Report: Strategies for Securing Corporate Communications

Executive Summary and full report by Heather DalleTezze

AberdeenGroup looks at the results of the 2006 Messaging Security Benchmark Report and advises on messaging security solutions.

By No Analyst or Consultant

October 06, 2006 — CSO — The results reveal that while most IT organizations still view messaging security as an inbound threat centered on preventing spam, malware, and viruses to enter corporate networks through email, best-in-class companies are also addressing the risk of outbound information leaks. Best-in-class companies also understand that messaging is reaching beyond email to encompass instant messenger (IM) communications, as well as web based messaging and are proactively implementing solutions that embrace these mediums while bringing them under the protective cover of corporate security policy and control.

Under increasing pressure to meet regulatory and policy requirements, and an increased sensitivity to and understanding of the impact of confidential data leaks, IT organizations should take a new look at their messaging security plans and understand the gaps that might be present and the risks these gaps represent to their companys operation and financial health. In addition, IT organizations have the opportunity to harness the power of messaging mediums other than email, such as IM, in a way that improves operational efficiency for their organizations while addressing the very real risk that these mediums currently represent.

Though most IT organizations have made investments to control the inbound threat of spam and virus laden emails, many have not addressed the equally important risk of inadvertent or intentional outbound data leaks. Many are still struggling to adapt current solutions to constantly changing risks as well as lack an understanding of the security requirements to implement effective outbound messaging security. The biggest challenge most organizations face is in the area of training. The number one challenge faced by companies is ensuring compliance to policies and procedures by staff, which is often ignored through ignorance or the perceived need of business expedience. The chief information security officer for a large medical company reported that shortly after implementing a messaging security tool, senior-level management followed up regarding how the tool was being used and how the policies set by the tool were being enforced for end users. The ability to effectively monitor the productivity of the software was key in this customers messaging solution choice.

A variety of solutions exist to ensure effective security of both inbound and outbound messages. Mature technologies exist to block inbound email spam and message based malware. The technology to monitor and control the contents of outbound communications has grown out of its infancy and now offers a broad range of products to effectively control and protect the outbound flow of sensitive data. Message encryption technology allows companies to protect sensitive contents during the delivery process and actually acts as a business enabler allowing the secure transmission of sensitive data, such as account information and patient data, which could not normally be trusted to open messaging systems. To understand the effectiveness of messaging solutions better, Aberdeen Group surveyed more than 116 companies to determine the degree to which IT organizations are leveraging processes and messaging security products to improve the efficiency of their organizations and the integrity of their messaging.

• Print