Companies should not outsource their e-mail security

E-mail security consists of five critical components: spam and fraud prevention; virus and worm protection; policy and content compliance; e-mail privacy; and intrusion prevention. Managed service providers address only two of these components: spam and viruses. Deciding to use a managed service rather than handling e-mail security in-house means leaving your organization vulnerable to threats that include policy violations, fraud, eavesdropping and intrusions.

Anti-spam technology has come a long way. Two years ago, products competed strictly on effectiveness. Six months later, false-positives raised concerns, and products began to compete on accuracy. A year ago, the administration of anti-spam point products became a hot topic. Today, companies demand anti-spam products yielding high effectiveness, maximum accuracy and low administration, which both the top managed services and in-house offerings can deliver.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

E-mail security consists of five critical components: spam and fraud prevention; virus and worm protection; policy and content compliance; e-mail privacy; and intrusion prevention. Managed service providers address only two of these components: spam and viruses. Deciding to use a managed service rather than handling e-mail security in-house means leaving your organization vulnerable to threats that include policy violations, fraud, eavesdropping and intrusions.

Anti-spam technology has come a long way. Two years ago, products competed strictly on effectiveness. Six months later, false-positives raised concerns, and products began to compete on accuracy. A year ago, the administration of anti-spam point products became a hot topic. Today, companies demand anti-spam products yielding high effectiveness, maximum accuracy and low administration, which both the top managed services and in-house offerings can deliver.

Much like anti-virus, anti-spam is becoming a commodity. Everyone needs it; both managed services and in-house solutions offer it. But the responsibility of an e-mail security provider does not end with anti-spam and anti-virus. In fact, it's just the beginning.

While managed services claim to have policy enforcement capabilities, companies require much more robust capabilities than providers offer. E-mail security products must be able to prevent content and policy violations for inbound and outbound traffic, and provide comprehensive content filtering, monitoring and reporting capabilities. Only in-house offerings provide this level of policy and content compliance. If your e-mail security provider isn't equipped to recognize and prevent policy and content violations, you don't really have e-mail security.

E-mail privacy is becoming a critical requirement for organizations concerned with intellectual property theft, eavesdropping and regulatory compliance. And as e-mail has been progressively more subject to snooping and other fraudulent activities, organizations are prone to new threats, and can run afoul of government and industry regulations. Protecting e-mail in transit is no longer just an option for organizations; it is a necessity. Again, in-house e-mail security products, not managed services, bring this expertise to the table. If your e-mail security provider cannot provide encryption capabilities, you don't really have e-mail security.

Lastly, managed services cannot provide intrusion prevention for e-mail systems. Properly architected in-house offerings act as a single, protected gateway to defend against threats and intrusions targeted at the e-mail system, utilizing an e-mail firewall and intrusion-prevention capabilities to protect against attacks.If your e-mail security provider cannot protect your company from attacks, including denial-of-service and buffer overflows, you don't have e-mail security.

While some organizations may outsource anti-spam and anti-virus protection, no organization can outsource its e-mail security.