E-mail is mission-critical to your business - and its worst security nightmare
When the Spam Act took effect in Australia in April 2004, Australian IT security professionals were sceptical and feared it would have little impact on the huge volumes of unwanted email that clogs inboxes. A few years down the track and it is antispam technology that is failing enterprises, not the legislation.
Since the start of the Spam Act 2003, the Australian Communications and Media Authority (ACMA) has dealt with nearly 5000 formal complaints, issued hundreds of warnings, more than a dozen fines and successfully prosecuted a Perth company in the Federal Court. More importantly, it has kept spammers off Australian shores. Fines under the Act top $220,000 per day or $1.1 million for repeat offences.
From the very beginning, IT security professionals knew legislation alone would not be a silver bullet. The solution would have to combine legislation, public education, industry codes of practice and technology. But according to recent research from Frost & Sullivan, technology is failing. Despite rapid advances in antispam solutions, the spammers are quicker. It is the speed with which the bad guys are moving to take control of inboxes that has pushed spam back up the priority list for enterprises.
As long as sending unwanted email remains a profitable proposition for spammers, they will continue to find ways around filters with techniques that are becoming more advanced. It is this resurgence that has left enterprises cynical about product offerings and the so-called solutions being offered by vendors. According to AusCert general manager Graham Ingram, 60 percent of malware goes undetected by today's antivirus products.
So it is little wonder that in the Frost & Sullivan research, Australian enterprises rated spam as their number one concern, well ahead of viruses, worms, spyware and hack attacks. The research covered 296 respondents and more than half were from organizations with revenues of more than $51 million.
"Out of all the threat management technologies, antispam solutions had the lowest satisfaction rating," according to the report's author, James Turner. "This is a clear sign the market has unmet expectations. Spam had the highest security incident rate of 77 percent and respondents said their employees complained about spam." He says spam is also seen as a problematic area due to the strong obligation some organizations have to retain email for compliance reasons.
Turner says the top factors in order of importance for security offerings are quality, timeliness of support/updates, followed by cost. "A complete revision of email architecture is required to help restore faith in an area of communication that could be so much better than it is," he says. "It is most definitely an issue for business and it is a long way from being fixed."
It is this dissatisfaction that is driving enterprises to seek managed services offerings.
Kicking Spam Out
Clayton Utz CIO Garry Clarke has outsourced to MessageLabs even though his in-house techies were initially reluctant to hand the job over to a provider. Previously, Clarke had two and a half people managing the spam problem and there were still plenty of complaints from users. "The perception from the techies is that a managed service provider can't do as well as we can, but now the techies are doing more high-value tasks such as email and bandwidth management. They are fine-tuning instead of just keeping the lid on a problem," Clarke says.
Advertising group Euro RSCG Worldwide has also outsourced, inking a deal that covers 1300 email users across 16 Asia-Pacific region offices. The company's CIO, Ivan Glaser, says before using a hosted offering, the entire region was operating under different rules with each office IT manager employing a different approach to spam.
"Now we have a universal approach that is easily managed and frees our IT staff from tasks such as identifying false positives," he says. "Email represents the lifeblood of any professional services organization so we need the best results."
Glaser says the previous in-house antispam system eliminated most of the spam, but what was left still irritated staff. Today, Glaser said spam levels have dropped to about 0.01 percent or about one email every two weeks for the average user. He said another bonus is that internally there is no need to maintain any infrastructure.