* Lessons from across the pond
In late October, I had the privilege of participating at the Message05 event in London, an event focused on the e-mail industry in the U.K and beyond. One of the more interesting parts of this conference was the roundtable discussions in which vendors, IT managers and others were given 90 minutes to kick around a variety of issues – the two I led were focused on content security and e-mail hygiene. Here are a couple of the more interesting takeaways from the conference:
* One of the U.K.’s largest employers recently experienced a major incident that brought its e-mail system and the rest of its network to a complete halt for three days. It took a full four weeks for all of the servers to be patched. At the time of the conference, the company’s IT management still didn’t know what caused the outage – it could have been anything from an IM worm to a virus brought in on a USB keychain device. The company has spent enormous sums of money combating the effects of whatever caused the outage and reinforcing its defenses to prevent something else like this from happening again.
* When Volvo negotiates with security vendors for new systems, the company requires that its employees are provided with the same desktop capabilities for use at home. Volvo’s thinking is that because a lot of its employees do work from home, it’s critical to make sure that threats cannot enter the corporate network by way of users’ personal machines.
Both of these points illustrate the critical need for organizations of all sizes to focus on a wide and growing array of threats that could easily impact their networks. A single piece of code, for example, one that could bring down a network for days, can enter through an e-mail, an image file embedded in an e-mail, a single IM, a USB keychain device, a diskette, an employee’s laptop, an employee’s home machine, a contractor’s machine, an employee’s child or any of a variety of other sources. It is critical, therefore, to protect every avenue by which a threat could enter a network, not just those in the workplace.




