As such, businesses rely on the Internet to provide connectivity to their remote or mobile work force, partners, suppliers and customers in a more flexible manner. While this increased connectivity is changing the way that businesses operate, helping them to improve efficiency and customer service, it is also creating greater exposure to information security issues, which have now become a fact of business life.
As each new type of threat has emerged, most organizations have adopted a solution from different specialist vendors. As the scope and complexity of both IT infrastructure and the evolving threats it faces has increased, organizations have found these seperate solutions to be cumbersome and costly, making it difficult to implement effective security policies.
Secure content management
Secure content management (SCM) has emerged as an integrated strategy for securing Internet communications with the outside world. It is based upon integrated software or hardware/software solutions that secure inbound and outbound Internet traffic against specific threats, such as viruses, spam and inappropriate content. It handles incoming and outgoing electronic mail messages, Web pages and file downloads.
An integrated strategy is required because most organizations have adopted a range of solutions as each new threat has arisen. They started off by installing anti-virus software and as the threat from spam emerged, they went to a different vendor for spam filtering. Some organizations have already installed content filtering software from a third vendor, while others are actively seeking such a solution.
The problem with this common and complex approach is that it is expensive to maintain and support multiple products from different vendors. Each product has to be configured separately and mistakes could result in corporate policy not being applied, as insecure messages slip between products. Management receives three different reports in three different formats that all seem to address similar security objectives.
How SCM works
A secure content management solution provides an integrated suite of products across the entire enterprise that addresses all existing and emerging threats. It provides a single place in which to deploy and configure all the necessary software in order to implement the organization's email security policies, whether internally generated or in response to regulatory requirements.
The solutions provide a single set of graphical reports across all network systems, servers and desktops that give IT administrators the information they need to evaluate the effectiveness of the organization's security policy, evaluate their network's weak points and customise reports to fit their specific needs.
SCM software secures the company against viruses, spam and inappropriate content. On September 20th, 2004, McAfee announced the 100,000th malicious threat from viruses and other forms of malicious code, an increase of 15,000 since the beginning of the year.
Once a mild irritation, spam has developed into a global epidemic. IDC estimates that the amount of spam being sent on an average day worldwide will jump from four billion in 2001 to 17 billion in 2004. IDC also predicts that the number of spam messages sent daily will continue to grow, reaching 23 billion worldwide in 2007.
Spam impacts an organization's operations in several different ways. First, unwanted spam infiltration wastes employee time, as well as network bandwidth and server resources. Spam also exposes the organization to a security risk because spam e-mails can contain malicious code. Finally, it can expose the organization to potential legal liability associated with inappropriate content.
Employees need protection against incoming electronic mail messages that contain offensive content, such as pornographic, racist, sexist or abusive material. They also need protection against accidental navigation to a site that contains similar material.
Employers need to be protected against employees deliberately sending such messages or visiting such sites. They also need to protect themselves against their confidential information, or information protected by legislation, being sent out by employees, whether accidentally or intentionally.
Software is now available that can analyze the content of e-mail messages, Web pages and recognize inappropriate words or phrases, as determined by the organization's security policy. It will block e-mail messages or disallow access to Web pages deemed inappropriate or not work related.
This is important, because 27% of Fortune 500 companies have defended themselves against claims of sexual harassment through inappropriate content. In 1996 Chevron paid $2.2 million to female employees after they claimed that a joke e-mail was inappropriate.
An integrated SCM strategy allows an organization to optimize its resources, be it people or networks. This can save considerable amounts of money. Gartner conservatively estimates that the average 3,000-person corporation loses $2 million to $7 million per year on labor for dealing with spam.
An integrated SCM solution means that the organization only has a single vendor to deal with for support and can implement detailed security policies from a single central location. IT administrators will save time and money through reduced deployment and training costs, reduced hardware investments and reduced policy redundancy. They will have a single place where all the information is available for reporting the effectiveness of security policies.
These issues together serve to reduce the total cost of ownership, compared with separate solutions. They also help the organization to comply with external regulations.
Businesses that fail to introduce a comprehensive SCM solution are leaving their valuable business content exposed to all manner of threats which deplete resources, impact productivity and contravene internal security policies as well as government regulatory policies.
In contrast, secure content management solutions consist of policy-based Internet management tools that help companies defend themselves against business and network integrity threats. They integrate a number of crucial security features to provide layered, enterprise-wide, best-of-breed protection. They control access to Web content, secure messaging traffic and provide protection against viruses and malicious code. They help organizations to optimize their resources, increase productivity, reduce their costs, implement internal security policies and comply with external regulations.
"It is important for today's secure content management solutions to provide protection for the key nuisance areas associated with messaging traffic, anti-virus, spam and content filtering, ideally in a combined or integrated solution," concludes Brian Burke, a research analyst with IDC. "This provides a comprehensive set of secure content management solutions that addresses these requirements in single product or suites, making it convenient for companies of all sizes to implement."
Zoe Lowther is Group Product Marketing Manager of Secure Content Management for McAfee, Inc