Messaging security is starting to resemble the world of video games. And that's a good thing.

In the 1980s, and for much of the 1990s, video games were 'side scrollers'. You moved Super Mario left and right across a scrolling digital landscape. Occasionally, you'd leap high or jump low to dodge threats and get on with your business.

Messaging security was similar. You needed to protect messages as they moved in and out of your business and up and down your client's organization hierarchy. Not too tricky.

Times have changed. Today's video games offer impressive 3D environments. In a typical combat game, your character faces attacks from all directions. Basically, you need to protect yourself from every digital threat imaginable-from every angle in every direction. The same is now true in the complex world of messaging security. Organiza­tions now need multi-directional, multi-protocol, multi-layer security. Or, as I like to call it, 3D protection for messaging security.

To put it in more basic terms: If you hire a guard to watch who is going into your organization, that same guard also has to look at who's exiting your organi­zation as well. The guard has to watch inbound traffic to protect against intruders. Distributed Denial of Service (DDoS) attacks, e-mail bombs and other threats that can bring down entire e-mail infrastructure.

The guard must also protect against two types of outbound threats: The first is the risk of regulatory-related information slipping out of the company. Here, you have to protect customer's financial data to comply with Sarbanes-Oxley, Health Insurance Portability and Accountability Act and other regulations.

Paul A Henry

The second outbound risk involves the own intellectual property. Naturally, no company wants a list of its customers, R&D practices or source code information finding its way onto the Web.

Unfortunately, many security products have yet to leap onto the 3D landscape. They're stuck in 2D environments. Most legacy gear performs one thing-perhaps blocking spam or zapping viruses. The products simply don't offer 3D protection for messaging and communi­cations. Still, there's no reason to call it quits. Savvy solution providers can keep their clients in the game by studying the 3D threat landscape, and embracing a comprehensive solution that offers complete messaging security.

For the sake of simplicity, I've organized the total 3D security solution into three components. Think of them as three steps to success in today's hostile IT security environment.

Step 1: Multi-direction protection
The first of our three dimensions is multi-directional security. Here, you're going to need a security solution that offers inbound protection from intruders, spam, phishing, viruses and worms.

But that's not all. Multi-directional security must also deliver outbound protection, ensuring that e-mail and other types of messages comply with corporate policies and compli­ance mandates like Sarbanes-Oxley and HIPAA.

Alas, some companies discover the need for multi-directional security after the damage has already been done. We've frequently read about pharmaceutical companies that accidentally shared patient information over e-mail. And a handful of global 2,000 busi­nesses have accidentally shared their financial results over e-mail before the news was disclosed to financial markets. That's a huge violation that can hurt an organization's brand, business and customer relations Small, privately held companies also suffer when they fail to master multi-directional security. Much like their larger cousins, small businesses need security solutions that stop confidential information or intellectual property-perhaps the R&D, investment plans or other IP-from leaking out onto the web.

Here again, lots of solution providers sell point products that scan e-mails for questionable incoming and outgoing content. But what you need to offer is a multi-directional solution that safeguards all of the applica­tions. I call that multi-protocol protection, and it's the second dimension of our 3D matrix for messaging security.

Step 2: Multi-protocol protection
Admittedly, most of the security industry remains focused on e-mail security. At first glance, that makes good business sense.

During 2006, roughly
90 percent or more of Internet e-mail traffic was spam, according to Gartner Inc. It makes perfect sense to mitigate that threat. But you can't stop there.

You also need to determine how you will help organizations that will permit employees to use web-based e-mail, instant messaging, peer-to-peer (P2P) file sharing services, and voice-over-IP applications like Skype. This is because it's becoming increasingly difficult for busi­nesses to outright ban such applications.

Naturally, when you want to secure a house, you don't just lock the front door. You also lock your side doors and back doors. In the digital world, e-mail is often your front door-but don't forget about newer doors like instant messaging, web mail and Skype.

Whether a company embra­ces or bans these applica­tions, you need a multi-protocol solution that accounts for them. You'll need to offer a solution that either blocks IM or effectively scans IM traffic to determine whether the message content is approved for sharing.

Of course, the risks only climb higher with P2P and VoIP solutions. Consumer P2P systems can allow employees to quickly decentralize informa­tion, sharing throughout the company, and potentially, with company outsiders.

Here again, many solution providers promote point solutions. One may effectively target e-mail. Another may manage or monitor instant messaging. Avoid the tempta­tion to tackle each application with a separate security solution. Otherwise, you could wind up with a dozen different security appliances, each focused on a different component of protocol security. The wiser move is to opt for a true all-in-one solution that delivers multi-protocol security.

Step 3: Multi-layer protection
You've tackled multi-dimen­sional and multi-layer security. So far, so good. But your journey towards true 3D protection isn't complete. Your final step requires a multi-layered approach to security.

Here again, be careful. Some security companies dabble in desktop security. Others will safeguard the portal or gateway. But what you really need is a multi-layered security system that protects the network edge, gateway, PCs and portal systems.

Don't be lulled into feeling safe because a new operating system upgrade has a built-in firewall. Don't settle for only a gateway solution or a network edge solution. Instead, really investigate the market for multi-layered security.

You now know each component within a 3D protection system for messaging security. Now for the really tricky part of the evaluation process. In addition to finding multi-directional, multi-protocol and multi-layered solutions, you need to make sure that all three solutions work with one another.

The author is VP-Technology Evangelism, Secure Computing Corporation

Page(s)   1