The Department of Veterans' Affairs (DVA) is killing two birds with a single stone as it moves to tackle spam and address strict new data protection requirements.

By taking a strategic approach to its message security systems the department has found a spam solution that also lets it conform to the federal government's new ASCI33 requirements in relation to inter-departmental and public messaging.

Forrester research recently found rates of inbound e-mail spam rose 400 percent in the last year. DVA CIO Bob Hay says with spam on the increase, DVA's first priority was the prevention of incoming threats such as spam and viruses, even though the business driver was a solution that could balance risk and resources.

"We have a lot of spam e-mail and it is targeted: it's not spread equally within the organisation but seems to attract itself to certain users," Hay says. "I don't know whether there is any particular logic to it, but some people get a lot, and some people get little or none at all, and there's no obvious linkage as to what activities they've been doing and how much spam e-mail they attract. We had a filter in place but it was losing its effectiveness."

But since DVA was also faced with strict new data protection requirements, it needed a solution that could provide the right level of protection without a significant management overhead.

"The need to balance security with business impact with cost was the key challenge," Hay says.

"As a federal department we have to conform to the regulations and guidelines in relation to the messaging/e-mail security policies of the government. Some of these are very unique to the government sector; particularly the stringent rules around e-mail protective markings for inter departmental and public communication."

The department needed a solution that addressed both inbound and outbound messaging, as well as a solution that demonstrated its data protection management and compliance to government e-mail protective marking policies, so Hay contacted his IBM Services partner to propose an integrated solution.

In choosing Proofpoint, a US message security company with offices in Sydney, DVA have deployed a national data protection service.

"With over 3500 e-mail users across the country, using a mixture of thin clients, PCs and laptops, we chose Proofpoint as we needed to demonstrate that our data protection covered message security across all localities and client types.

"The solution made our lives easier," Hay says. "And it was very fortunate this product that we're introducing to deal with spam also had this capability, so it was readily able to be adapted to apply the appropriate guidelines into the filtering of classified e-mails.

"We would have had to put in place another solution if this one didn't work, and I guess we were just comfortable with this one being easily adapted so we didn't have to look very much further. It happened to be a spin-off from something that we will putting in place anyway.

The challenge faced by DVA combined the technical need for data protection, the specialized government protective marking requirements and the business needs for sophisticated reporting while minimizing administration resources.