Joe Fisher, Senior Vice President of Product & Solutions Marketing at Axway (www.axway.com), says:

Why is email security important for the enterprise?
Protecting the enterprise’s most valuable collaboration tool—email—is profoundly important, as most business processes flow through it. Even processes that start from an automated system (e.g., a claims document kicked out from an ERP system) are part of a collaborative workflow, and that workflow always beats a path to email inboxes. Inbound email must be kept extremely clean so that your knowledge workers can do their jobs without being burdened by spam, phishing attacks, viruses, and denial-of-service attacks. At the same time, it is imperative that outbound email—especially highly sensitive email from organizations subject to regulatory requirements—is secured before it leaves your four walls. When you protect your email system, you protect your workflow, you comply with regulatory mandates, and you protect your ability to effectively do business.

What are the biggest issues?
The balance of tactics and strategies (i.e., putting a fire out today, yet building something that’s fireproof for tomorrow) is a very important issue to consider, and a considerable challenge, too. Think about what fits your security profile. Deploying things in the cloud, whether private or public; changing the behavior of your end users who have access to sensitive information—these are challenges that need to be considered as you implement a new system. Another thing to consider: the dynamics and profile of your traffic. A decade ago, the average message size was ten kilobytes; today, it’s seventy-five kilobytes. You need to ask yourself, “Is this system we’re putting in place addressing the profile holistically? Is it considering the DNA of our email that moves in and out?” Finally, you should consider discovery. Most public organizations retain emails for five to ten years for discovery and litigation purposes. You need to be thinking about how you’re going to archive and retain these emails.

Organizations need to think about building a secure community, a group of customers and partners that they can collaborate with and trust. Organizations should enroll these people as trusted partners in their email security ecosystem. Enrolling organizations as trusted partners actually works twofold. One, you can expedite secure channels. Two, you can reduce the issue of false positives on the inbound side. So, if you’re getting a message from a trusted business partner, you can mitigate the issue of having that message fall into a spam filter. Since you trust this organization, you’ll always accept their messages. This reduces the issue of false positives as well. Make sure that you’ve got the right operational visibility as well as strategic visibility. Make sure that you’ve got the right policy flexibility. And make sure that the enterprise can build a secure community that you can collaborate with.