• United States

Do you scan the content of outbound messages for regulatory compliance?

Feb 21, 20062 mins
Enterprise ApplicationsMalwareMessaging Apps

* The need for outbound content scanning

A visit to the RSA Conference in San Jose last week confirmed, at least in my mind, that 2006 will be a “breakout” year for outbound content scanning in messaging systems. While the inbound content scanning side of e-mail security – a.k.a. spam filtering – is still going strong and will be a necessity probably as long as e-mail is used, outbound scanning is gaining momentum for a couple of reasons.

First, there are a growing number of regulations that dictate the need for scanning outbound e-mail content, such as the Health Insurance Portability and Accountability Act (HIPAA). This Act requires that personally identifiable health information be kept confidential. For example, if an e-mail is sent from a manager in your company to a benefits administrator outside the company and that e-mail contains both the Social Security Number of an individual and a statement of that individual’s health condition, the e-mail should be encrypted to protect the confidentiality of the individual discussed. Further, various industry requirements, such as those from the Securities and Exchange Commission or Federal Energy Regulatory Commission, require that certain types of information not be exchange between regulated and unregulated operations.

Second, outbound content scanning can catch all sorts of undesirable stuff going out through e-mail before it can cause harm, such as loss of reputation or loss of revenue. For example, outbound scanning can catch offensive or racist jokes before they have a chance to traverse your company’s network or get stored on back-up tapes or in an archive or before they have a chance to be read by someone who might find them actionable. Outbound scanning can catch e-mails that contain your company’s intellectual property or financial statements before they get sent to someone outside of the company – or worse – to one of your competitors.

In short, outbound content scanning is becoming both a legal requirement and a best practice for organizations of all sizes. Vendors are responding to this demand and a growing number offer a variety of tools that will scan outbound content on the fly. E-mail and business managers should seriously consider evaluating these tools.