Management
Secure Messaging PrimerMESSAGING SECURITY PRIMER
Important Security Issues and ConsiderationsWhen an enterprise fails to secure messages, whether sent via email or instant messaging, it runs the risk of intellectual property theft, damage to its brand, loss of customers and - if government privacy regulations are violated - fines and imprisonment.
Corporate technology and security executives who invest in secure messaging solutions must address several important issues, including adherence to open industry standards, flexibility, simplicity, compliance, policy management and auditability. Corporate IT managers have a tough mandate: provide the highest level of security and comply with company and regulatory policies, yet stay within strict budgetary guidelines. However, security technology can’t hinder business communications and processes - it must remain flexible to grow.
Organizations must reduce the security risk involved in all types of electronic messaging. Email, instant messages, online transactions: any of these may contain valuable information such as that found in invoices, payments and balance sheets. Key considerations are making sure the secure messages can always reach the intended recipients, that a secure messaging solution doesn’t create additional management burdens, and that the solution is easy for everyone involved.
Since any secure messaging solution will need to fit cleanly within the enterprise, issues of scalability, simplicity, interoperability and ease of implementation, integration, ease of administration and management, and TCO come to the fore.
Secure messaging solutions should:
- Centralize policy management to allow for optimal message control (recall, disable or shred messages, verify receipt, etc.)
- Integrate easily and work with existing email applications and all leading authentication mechanisms
- Encrypt messages according to regulatory requirements as well as business and government policies and processes
- Provide maximum flexibility to accommodate any communications medium (email, IM, documents), delivery preference (push, pull, offline read) and more
- Require just one additional step for end-users - identity authentication prior to reading a secured message
- Provide in-depth reports for audits that include details such as when messages were delivered, opened and read
- Adhere to accepted and next-generation standards, including federated identity-based messaging
- Be simple to maintain and expand as you grow
- Keep it simple for users - don’t make them learn new behavior or add steps to their normal business practices.
- Make it simple for the IT department: fast and easy to deploy and integrate, yet easy on the budget.
- Make sure the technology is based on a solid but flexible security architecture that comes with options to support various business processes.
- Look for solutions that are built on industry standards.
- Certify that the solution is sufficiently scalable but doesn’t require heavy administration.
- Ensure that the technology works seamlessly with existing systems and third-party authentication mechanisms.
- Look for a solution with centralized management control for setting and enforcing policies.
- Consider the solution’s business value. Low TCO, rapid ROI, protection of the corporate brand and maintaining the trust of customers and partners are critical.
- End-to-end encryption from organization to organization and/or person to person
- Mutual authentication (authentication of both sender and recipient)
- Anti-virus and anti-spam capabilities
- Message management for digital archives, content filtering and workflow
Secure messaging is not just good business - it’s a necessity.