Messaging Security and the Need for Consolidation

In what seems to be a short time period, messaging has taken a leap from being a critical communications channel for business to providing a legal record of how companies conduct business. Today, e-mail and instant messaging in the enterprise are both a necessity and a liability. It’s no surprise, then, that companies need to rethink commonly deployed messaging security strategies that are driven by individual best-of-breed solutions. In a nutshell, this approach falls short of addressing today’s enterprise messaging security demands.

Driven by the need to protect themselves from exponentially increasing and unwanted messaging threats such as viruses, spam, denial-of-service, phishing, and pharming, smart companies sought out best-of-breed solutions, often from multiple vendors, to safeguard their operations. While this best-of-breed solutions approach might solve one problem, it creates others, such as driving up costs, increasing management complexity, and demanding greater corporate resources.

Furthermore, a best-of-breed approach to messaging security is too single-minded, addressing security but not risk. Information risk management, on the other hand, offers a cradle-to-grave strategy for not only securing the enterprise against unwanted messaging threats, but also providing tools for retaining and discovering valuable messaging content.

Offering integrated best-of-breed antispam, antivirus, and compliance technologies that protect against threats from inbound and outbound e-mail and instant messaging, products such as Symantec’s Mail Security 8300 Series represents the next wave in enterprise messaging security. The all-in-one application protects data, mitigates risks, and facilitates legal compliance. The integrated solution also helps organizations get a handle on security management costs.

The Plot Thickens
E-mail and, more recently, instant messaging, have clearly earned a spot among the mission-critical business applications commonly deployed at almost every organization. Industry figures on messaging reveal that 75 percent of a company’s intellectual property is contained in e-mail; 75 percent of all corporate litigation involves e-mail discovery; 70 percent of all corporate e-mail is spam; and, 85 percent of organizations report instant messaging use.

Today, messaging information is an enterprise asset that is ubiquitous. Enterprise messaging systems drive large volumes of user content and enterprise file systems contain diverse content from a wide variety of sources. However, the long battle to squash malicious e-mail from entering the organization wages on and continues to drive IT administrators to often select and deploy not just one, but multiple e-mail security solutions, i.e. antivirus, antispam and IM filtering, to protect against insidious external threats.

At the same time, organizations are concerned about data leakage or keeping business critical information, such as customer records, financial information, and employee data from mistakenly leaving the organization. Data loss prevention, or keeping the important things in, adds another layer of security protection and often an additional round of best-of-breed solutions.

The truth of the matter is that point products can be very good at the targeted function they’re designed to address. But, at the end of the day, managing a diverse set of security solutions is tedious, expensive, and potentially ineffective. In-house attempts to integrate diverse solution sets only add to the IT resource drain.

IT managers know that tightly integrated solutions are often far superior in meeting organizational and IT needs, offering tighter workflow, enhanced functionality, centralized management and better ROI. And, given the option, many IT shops prefer to purchase integrated product sets. "An integrated solution offers improvement in monitoring, managing, and reporting," says Matt Hartwell-Herrero, group product manager, Symantec messaging security.

In a recent research report, Enterprise Strategy Group asked messaging security decision makers what problem they would solve if they were given additional budget for messaging security. Responses illustrated the demand for end-to-end auditing, archiving, policy controls, and content inspection to be included in messaging security solutions. ESG commented that it believed that these are critical capabilities for enterprise information security programs to meet compliance requirements and to reduce undetected leakage of confidential information.

A New Age
Finding point solutions to address individual messaging security threats was considered to be a business best practice for many years. However, the broader requirements of information risk management, or external threat protection, data loss protection, archiving/retention and electronic discovery, is creating demand for a new more robust and integrated solution.

The messaging security scenario common at many organizations today entails multiple solutions to safeguard the email gateway, IM gateway and Web gateway. Behind this set of hardware and software are various groupware servers, i.e., e-mail server, IM server, and portal server. Finally, networked to the groupware servers is the company’s archive.

In contrast, Symantec’s Mail Security 8300 series protects against both inbound and outbound e-mail and IM-borne threats in a single, integrated appliance. The new messaging security scenario includes the SMS 8300 appliance on the front end, SMS for Groupware (for Exchange or Domino) networked to Enterprise Vault on the backend for messaging archive, compliance, and e-discovery.

Not only does this integrated end-to-end information management architecture provide superior antivirus, antispam, and content filtering technology, e-mail and IM archiving and an e-discovery interface, companies benefit from vendor consolidation, centralized management and integrated workflow.

Messaging technology expert Richi Jennings, president of Richi Jeninngs Associates, reports that today, there's little technical or business reasons to purchase messaging security as a collection of point products. This strategy may have been useful yesterday but it isn’t today. The infrastructure, notes Jennings, needs to be designed to be secure as a whole.

Symantec, says Jennings, offers not only a best-of-breed messaging security products but an integrated strategy that is built on the vendor’s position as a market leader. Among key acquisitions made by Symantec are Brightmail, TurnTide, IMLogic, and Veritas.

Clearly, Symantec’s solution for information risk management exemplifies how the whole can be better than the sum of its parts while also lowering total cost of ownership.