Companies should not outsource their e-mail security

E-mail security consists of five critical components: spam and fraud prevention; virus and worm protection; policy and content compliance; e-mail privacy; and intrusion prevention. Managed service providers address only two of these components: spam and viruses. Deciding to use a managed service rather than handling e-mail security in-house means leaving your organization vulnerable to threats that include policy violations, fraud, eavesdropping and intrusions.

Anti-spam technology has come a long way. Two years ago, products competed strictly on effectiveness. Six months later, false-positives raised concerns, and products began to compete on accuracy. A year ago, the administration of anti-spam point products became a hot topic. Today, companies demand anti-spam products yielding high effectiveness, maximum accuracy and low administration, which both the top managed services and in-house offerings can deliver.

The other side by Dan Nadir Face-off forum Debate the issue with Nadir and Judge.

Much like anti-virus, anti-spam is becoming a commodity. Everyone needs it; both managed services and in-house solutions offer it. But the responsibility of an e-mail security provider does not end with anti-spam and anti-virus. In fact, it’s just the beginning.

While managed services claim to have policy enforcement capabilities, companies require much more robust capabilities than providers offer. E-mail security products must be able to prevent content and policy violations for inbound and outbound traffic, and provide comprehensive content filtering, monitoring and reporting capabilities. Only in-house offerings provide this level of policy and content compliance. If your e-mail security provider isn’t equipped to recognize and prevent policy and content violations, you don’t really have e-mail security.

E-mail privacy is becoming a critical requirement for organizations concerned with intellectual property theft, eavesdropping and regulatory compliance. And as e-mail has been progressively more subject to snooping and other fraudulent activities, organizations are prone to new threats, and can run afoul of government and industry regulations. Protecting e-mail in transit is no longer just an option for organizations; it is a necessity. Again, in-house e-mail security products, not managed services, bring this expertise to the table. If your e-mail security provider cannot provide encryption capabilities, you don’t really have e-mail security.

Lastly, managed services cannot provide intrusion prevention for e-mail systems. Properly architected in-house offerings act as a single, protected gateway to defend against threats and intrusions targeted at the e-mail system, utilizing an e-mail firewall and intrusion-prevention capabilities to protect against attacks.If your e-mail security provider cannot protect your company from attacks, including denial-of-service and buffer overflows, you don’t have e-mail security.

While some organizations may outsource anti-spam and anti-virus protection, no organization can outsource its e-mail security.

Judge is CTO for CipherTrust, a global e-mail security company in Atlanta. He can be reached at pqjudge@ciphertrust.com.