How to Fight Spam Strategically - 'ZIFFPAGE TITLEROI From Assessing Risk ' (
Page 4 of 4 )
Holistically">
Measure the value of your antispam efforts to be sure that you wont be second-guessed
on the cost involved.
How much is spam costing your company? Poll users for their spam-management
time estimates, then multiply by the average wage of your employees. Dont forget
to include the time spent by your mail administrator, and for spam-related help
desk calls.
Next, determine what your companys standard volume of unwanted e-mail looks
like. "That gives you a baseline so that now you can say to upper-level management,
Heres where we were, and heres where we got to," after putting the antispam
plan into action, says Kyoceras Shields. Make sure you know the cost of processing
and storing messages at your current volume levels.
Symantec CTO Rob Clyde also suggests looking at how many IT projects have been
delayed or postponed because of security concerns such as spam and viruses.
Systems that monitor e-mail content can help avoid "hostile workplace" and related
lawsuits, says Kurt Williams, vice president and CIO of Summit Electric Supply
Corp. Inc., so factor the avoidance of such risk into your equations.
But the best ROI will come from looking at Internet risk management holistically,
including spam, viruses and security breaches such as distributed denial of
service campaigns. "On the network service side, spam doesnt feel a whole lot
different than DDoS attacks," says CSX Technologys Luman. She should know:
She says her company fends off 3.5 million such attacks every month.
Of course, letting through, say, a single nasty virus has vastly greater implications
than letting through one spam message. Still, the lines begin to blur when spam
reaches overwhelming volumes, and when marketers apparently use spam and virus
characteristics to send still more spam, as with the SoBig worm. "The way in
which companies think about e-mail has to fundamentally change," urges Gary
Steele, CEO of vendor Proofpoint Inc.
Once in place, however, users are generally positive about antispam efforts.
"Our system has already paid for itself in the eight months that Ive had it,"
says Darryl Killingsworth, CIO for defense contractor Manufacturing Technology
Inc., based in Fort Walton Beach, Fla. "Its very rare in the IT arena where
you get praise from your end users for what you do." And its especially gratifying
when the right messages continue to get through. "As far as we know, we have
not had a false positive," says Baptist Health Cares Boggess of the IronMail
server protection from CipherTrust. "Everything people needed to get, we have
received."
Just dont think the spam problem will go away tomorrow. "Its actually technology
itself thats driving the opportunity for more attacks, and more widespread
attacks," says Symantecs Clyde. "It has in it the seeds of tomorrows problems.
As we continue to have more connectivity, the problems are going to increase.
Thats just a fact of life." New technologies such as message-oriented Web services,
for example, will only increase the security risk if they arent built carefully.
But antispam measures also will continue to improve, though nobody is suggesting
that spam can be completely stopped. Instead, the CIOs goal should be to reduce
the amount reaching users desktops to a reasonable level, making it as manageable
as possible. "Theres no silver bullet in spam, and I dont think anybody should
be thinking there is," says Arlington Countys Jordan. "Theres no cure."
Ask Your Hr Department:
How much time are users spending on spam?
Ask Your Finance Department:
Can we calculate the cost of a single lost e-mail message?
Ask Your CTO:
Where are we potentially creating new insecurities in our messaging infrastructure?
