Organizations of all sizes are very aware of the critical need to monitor their inbound communications. For example, according to an Osterman Research survey of midsized and large organizations completed in March 2007, virtually 100% have deployed antivirus systems, 94% have deployed antispam capabilities and 83% have deployed antispyware capabilities. Most organizations are on their second or later generation of antivirus and antispam systems.

However, far fewer organizations have deployed systems that will monitor outbound electronic communications, either for simple post-send review of outbound content or for more proactive, pre-send review. For example, in the survey noted above, we found that 47% of North American organizations have not yet deployed an outbound content compliance solution.

One of the key reasons that organizations have not yet deployed systems that can monitor or take specific actions on outbound content is that managers and employees are not aware of the potential risks that some content can create, nor are they aware of the situations in which data breaches might occur. For example, employees often mistakenly send confidential data in an e-mail – such as credit card numbers or other sensitive information – without realizing that the data needs to be encrypted. There are many instances in which confidential data is buried in an e-mail thread that is forwarded to others without being read thoroughly. A study by Pertemps found that two-thirds of e-mail users had mistakenly sent e-mail to the wrong person, often resulting in embarrassment or the leak of sensitive information.

Osterman Research has recently published a white paper sponsored by Borderware, CertifiedMail, DYS Analytics, Mimosa Systems, Mirapoint, Postini, Symantec and Workshare that focuses specifically on this issue. The document, which provides key drivers for the need to manage outbound content and advice on solving the problem, can be downloaded here.

Michael Osterman is principal analyst of Osterman Research.