Printer Friendly

Electronic dilemma: the email explosion poses tricky challenges to CEOs.

Philip J. Kaplan, the dot-com generation's Michael Moore, is one person you don't want reading your email.

Kaplan, author of the best-selling book F'd Companies, runs a Web site that posts emails about layoffs, outsourcing moves and other gossip tidbits that weren't supposed to travel beyond the corporate walls. During the dot-com implosion, layoff victims and disgruntled employees forwarded hundreds of emails to Kaplan to post. Today, his site contains an even broader mix of confidential memos from across all industries.

In the digital age, it's difficult to stop the free flow of information among employees, consultants, competitors and rumor hunters. Aware of the risks, more than 40 percent of large companies now employ staff to monitor outbound messages, and 75 percent say it will be either "important" or "very important" to reduce the financial and legal risks associated with outbound mail over the next 12 months, according to Forrester Research in Framingham, Mass.

Still, at most companies manually monitoring every outbound (or inbound) message isn't a viable option. The average corporate inbox processes more than 10 megabytes of email per day, according to the Radicati Group, a research firm in Palo Alto, Calif. That figure is expected to top 42 megabytes per day in 2005, due to the growing wave of spam and multimedia attachments. Overall, email volume is growing 35 to 40 percent annually, estimates Osterman Research of Black Diamond, Wash.

Making matters worse, Uncle Sam insists that businesses somehow tackle the issue--quickly. Under various government mandates such as the Gramm-Leach-Bliley Act, Sarbanes-Oxley and the Heath Insurance Portability and Accountability Act, companies must ensure the privacy of their digital communications and also retain business-oriented messages for designated periods of time, typically three years or more. Companies that don't properly manage their digital assets can wind up paying steep fines.

As a result, CEOs need a secure messaging system that both protects information and makes it easily auditable and retrievable. Moreover, the email security solution needs to be easy to use, offering functions such as strong end-to-end encryption, mutual authentication and robust auditing features. One of the key technical issues is whether to embrace Secure/Multipurpose Internet Mail Extensions, an email security standard that requires a corporate email server to issue a "digital certificate" to each user. Users must have a "private key" to open messages.


At least one company has found a secure email solution, based on our company's product. UST, a $1.6 billion tobacco, wine and spirits company based in Greenwich, Conn., needed a single, secure messaging system that extended internally to all employees and externally to partners, customers and business associates.

Rather than forcing UST to scrap its existing email infrastructure, our secure email gateway and client software were layered onto existing messaging systems. "We wanted internal users to be able to use their own standard email system," says Paul Lourd, director of information technology at UST. "And we needed security to be transparent to users, with no action or extra steps required."

Of course, not everyone is going to buy Sigaba's product, but I think there are some principles that should shape the technology architecture. Standards-based security should separate encryption or "key" services from authentication services, and policy management should automate auditing and reporting for end-to-end messaging security. The architecture should also enable messaging workflow and content filtering (for spam, viruses, etc.).

Moreover, these emerging systems should be added to an organization's existing messaging system; they shouldn't force it to be ripped out. And all systems should be simple for users, requiring no extra steps to get access to their email.

Over the next few years, analysts expect customers to flock to federated authentication because it can establish "networks of trust" between businesses, customers, partners and other third parties. Looking ahead, federated authentication--based on standards such as the Liberty Alliance--will make it easier and easier to establish such networks of trust. Ultimately, the free flow of information will be protected from the hidden costs.

Robert Cook is chairman and chief executive officer of Sigaba, a privately held company in San Mateo, Calif.
COPYRIGHT 2004 Chief Executive Publishing
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2004, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:CHIEF CONCERN
Author:Cook, Robert
Publication:Chief Executive (U.S.)
Geographic Code:1USA
Date:Nov 1, 2004
Previous Article:Dethroning national champions: Europe must allow more cross-border integration.
Next Article:Outsource, but train those who remain: CEOs need educational programs that work.

Related Articles
Managing email hell: a surge in legal demands for long-forgotten emails is playing right into the hands of Zantaz CEO Steve King. (Technology).
Send in the spooks: safecracking gumshoes from the CIA and the FBI are finding second careers--helping CEOs protect their businesses. (Management).
The best defense: going on offense.
We have the skills, they have the need!
IRAQ - Oct 5 - Allawi Sounds Note Of Gravity On War.
CEO mood swings.
87 percent of UK claim to have good understanding of spyware.

Terms of use | Privacy policy | Copyright © 2021 Farlex, Inc. | Feedback | For webmasters