By Chris Miller
Wednesday, 16 November 2005 00:19 EST

Email is no longer simply a business communications tool. It is now the business communications tool, one of the most critical enterprise applications, and the primary method organizations use to collaborate. As a result of its popularity, email also serves as a repository for most business transactions, as well as strategy to intellectual property.

As a result, businesses are seeing a growth in the volume of email sent and received every day. Unfortunately, they are also observing an increase in the frequency, speed, number, and complexity of email-based attacks on the corporate information infrastructure. Viruses, mass-mailer worms, spam, and phishing attacks all leverage email to reach unexpecting users.

As message stores expand to accommodate the ballooning volume of email and as email threats continue to increase, organizations must ensure that email remains sustainable as a system or service—without impacting usability.

In other words, email must be both secure and available.

Security and Availability

But what does it mean to secure email and ensure its availability? Making email secure means that malicious code—whether viruses, worms, or Trojan horses that target local desktops—is stopped at the earliest point of entry in order to prevent more widespread infections that could impede user productivity, jeopardize sensitive information, or bring systems down. Also, it means minimizing the business risks caused by the wrong or inappropriate content reaching internal users or making it outside the corporate walls.

Email security requires that email systems and users are protected against attack, disruptions, and threats. Data must also be kept private and free of malicious or inappropriate content as it travels in and out of the organization via email. And the network itself must be protected against exposure to malicious code that circulates through email and impacts internal servers and end user systems.

Ensuring email availability means that email systems themselves are always available, and that email information is readily accessible to users and other authorized individuals, especially as it relates to regulatory compliance and legal discovery. Migrating older, yet still useful, data from expensive messages stores to cheaper archives and storage devices poses an added challenge to availability, as users still demand immediate access and IT requires high degrees of ease and automation to achieve this.

To that end, achieving email security and availability requires a variety of technologies to form and end-to-end solution that manages email information from cradle to grave, while freeing it from the burden of unwanted, even malicious, content.

Elements of Email Security

Email security is comprised of three key elements: perimeter volume reduction, SMTP gateway protection, and mail server (groupware) protection.

Ideally, spam volume should be reduced before it hits the messaging infrastructure, before it taxes IT resources and the network environment. Spam becomes economical because it uses or “stealing” unauthorized network resources, thus transferring the costs to the receiver. Stopping it before it hits the network means that the spammer is less successful and potentially their resources get tied up, making spamming no longer cost-effective. The newest solutions today employ a combined approach of dynamic sender reputation analysis with traffic-shaping technologies that make it difficult for spammers to send large volumes of spam to the destination email gateways. This approach serves two purposes: 1) it significantly slows the volumes that can be sent to your gateway and 2) it acts as a deterrent against future spam to your gateway, because emails must be queued and processed on the spammers resources, thus impacting the economics of spam.

SMTP gateway protection is a second line of defense. It’s designed to analyze both inbound and outbound Internet email content for viruses, worms, spam, phishing and other inappropriate content, including oversized attachments or confidential content that should not leave the network. Ideally, at this stage, remaining spam not identified at the perimeter can be accurately detected, and deleted or quarantined. Also, known mass-mailer worm emails can be deleted entirely, as they do not carry legitimate business content. Attachment filtering can also be used to thwarts mass-mailer worms by deleting potentially harmful attachments, or even messages themselves when a non-acceptable attachment type is found in the email, such as .scr or .pif attachments.

With these tools in place, harmful Internet email-borne content does not reach the message system or store, thus alleviating the volume pressures placed on the messaging environment. Also, threats are stopped at the earliest point of entry, thus protecting users and the network itself from attack and disruption. In addition, significantly fewer unwanted messages entering the messages store translates into minimized storage requirements for the email archive, as well as for backup and recovery.

Finally, the third line of defense is for the mail server itself, eliminating unwanted, internally-sent content, or messages entering the message store which are later deemed inappropriate, as well as for cleaning out remnants of early stage mass-mailer attacks, thus preventing re-infection of the network. Content inspections should occur as email is sent to and accessed from the message store as well as on a scheduled or on-demand basis. Messages stores should also be periodically scanned to eliminate any malicious content that might not have been detected by earlier definitions.

Archiving for Availability

As businesses have become more reliant on email and email systems have, in turn, been challenged to accommodate increasingly large volumes of email, it has become clear that email systems were not designed to store such large amounts of data. What’s more, external regulations, internal policies, and preparation for legal discovery requests are driving many companies to retain even more email than before.

But storing email can be costly. It can also lower availability and performance of the email environment as messaging servers are stretched to near capacity and lengthy backup windows are required to deal with large amounts of email data.

In response, many organizations choose to implement email quotas on users. Yet, this creates additional challenges as users must store excess messages in separate files, which are typically kept on network file servers and, therefore, use the same storage and backup resources. Moreover, these files are often susceptible to corruption, putting them at risk of the same availability and performance problems as email servers.

Message archiving solutions allow organizations to eliminate quotes on end user mailboxes while controlling storage usage on primary messaging servers. These solutions automatically migrate messages and attachments based upon policy, proactively and automatically expiring or deleting messages or migrating to another tier of storage. In addition, they can further reduce the volume of information by compressing information and implementing single-instance storage. At the same time, users can seamlessly access messages and attachments from the archive, and messages are indexed so that they can be searched quickly and easily as needed. Moreover, archiving solutions help organizations meet today’s stringent requirements for message storage.

A Resilient Foundation

Finally, to maintain the security and availability of email, organizations must build their email infrastructure on a resilient foundation. Such an environment is robust, resistant to failure, and can recover quickly when failure occurs.

Key to addressing availability is ensuring data protection through a proven backup and recovery solution—one that consolidates all operations while providing management, alerting, reporting, and troubleshooting capabilities and supports both tape and disk storage and associated advances in snapshot-based protection, off-site media management, and automated disaster recovery.

Email security and availability concerns will likely continue to drive organizations to employ a wider variety of integrated technologies to ensure the integrity and viability of business email. By leveraging protection tools along with availability tools such as email archiving, backup and recovery, clustering and storage virtualization tools, enterprises can maintain a secure and accessible messaging environment that enhances productivity, meets regulatory and business demands, and keeps email up and running.