Subscribe
About

Good archiving boosts e-mail security

E-mail is the weakest link in the security chain for most companies, says Marius Nicholson, MD of Naxian.

He says that with billions of e-mails being sent every year, it's the single most important channel through which sensitive information can leak out of an organisation.

"It's also a convenient way for fraudsters and renegades to manage their affairs. Keeping an accurate, easily accessible archive of all the e-mail passing through your servers is a critical security measure," he says.

According to Nicholson, backing everything up on tapes or disks and storing them securely is not enough. "If e-mail data ever does need to be retrieved from old backup tapes, for example, it can take technicians days or even weeks of work to mirror the tapes, recreate the environment and then sift through huge volumes of e-mail to find what you need."

An e-mail archive, he says, should provide a secure store containing all e-mail messages that pass through servers, together with their attachments. "The archive should include metadata to make it easily searchable: not just about who sent an e-mail and when, but also when it was received and who searched for or looked at it in the archive since," he explains.

An e-mail archiving solution that collects everything as it passes through servers also provides the opportunity to add additional layers of security, such as encryption, he says. "E-mail is relatively easy to intercept once it leaves your server environment, so sensitive data should be encrypted as it leaves your e-mail gateway."

Furthermore, he says e-mail is such a convenient form of communication that we have come to rely on it for most of our business communication. "Can you afford to lose e-mail? Can you afford to spend days searching for an old message that's suddenly become important again? Are you 100% confident that nobody in your organisation is using their e-mail account to conduct fraud or other illegal activity?

"If your answer to any of these questions is no, it's time to consider adding a secure e-mail archive to your suite of security measures."

Share