E-Mail Security or Content Security?
E-Mail Security or Content Security? In an era of data breaches and insider leaks, a conversation about e-mail security is about more than just spam and malware-it is also about DLP (data leak prevention). In fact, the focus of enterprises has shifted more toward overall content security, said John Thielens, vice president of technology at Tumbleweed Communications.DLP products offer a more comprehensive approach, with their content monitoring, data classification and policy enforcement capabilities. The DLP market saw a number of acquisitions last year, and the technology is making its way into the enterprise market. However, many companies have been slow to deploy the technology, which helps to prevent the loss of sensitive data by stopping, for example, an e-mail including a Social Security number from crossing the mail gateway. Click here for 10 things you should know about spam. In the report released last November "Extending Intellectual Property Protection Beyond the Firewall," analysts from Enterprise Strategy Group found that only 17 percent of the 109 respondents were using network-based DLP appliances at their organizations. The ability to block classified data before it leaks out via e-mail can be a key element in e-mail security. But before investing in DLP, companies should first understand what their sensitive data is and what their business needs are, according to analysts. The risk of focusing too much on a block-and-allow approach is that employees-ultimately the last line of defense in security-will simply circumvent whatever protections are put in place, Thielens said. "Think of the content management problem as a bubble in a long balloon animal. If you squeeze the controls around that bubble, the air just moves to the left, to the right," he said. "If you lock down e-mail, people start using files and Web and instant messaging. If you take this blocking mentality, you're always in catch-up mode. "Instead, think about enablement, and tell people, -We're going to put some defensive controls that block the wrong ways of doing things in place, but we're also going to give you ways where you know how to do business with your content.'"
"To [solve content security problems] today, you need to buy products from six or seven different vendors-a Web filter, an e-mail filter, a content analysis suite, a file transfer product, an endpoint protection suite," Thielens said.