Messaging Pipeline | Hope is Not Enough When It Comes To Compliance
Free Newsletter GlossaryContact UsAbout Us
One To One Collaboration Servers & Security Business

March 08, 2006

Hope is Not Enough When It Comes To Compliance

Courtesy of

Page 1 of 2

There is no "how-to" book that tells businesses exactly what they have to do to achieve compliant status whether we’re talking about Sarbanes-Oxley, HIPAA, GLBA, or a myriad of other regulations.

Regulatory language is largely ambiguous, using terminology such as "reasonable assurance" to define steps for compliance, leaving businesses somewhat confused regarding what is expected of them. As the CEO of a leading e-mail security company, I’ve had the opportunity to talk with hundreds of businesses about compliance measures they have put in place or plan to implement, and I continue to be shocked by what I hear. "Hope" seems to be the operative word these days when it comes to the current state of meeting regulatory compliance – everyone is hoping it’s the other guy that gets nailed first.

E-mail Must Be Considered In Risk Assessment

The lack of clarity regarding what constitutes official compliant status is clearly driving some of the "hope" attitude since most seem to think they are compliant according to the vague guidance of the law. After all, businesses are tasking IT staff with insuring compliance and beginning to devote IT security budgets toward enforcing compliance measures – both regulatory and corporate policy measures.

At the same time, the general consensus of industry experts is that businesses must establish reasonable steps to illustrate they are compliant. However, as is often the case, "reasonable" steps unfortunately does not always include e-mail monitoring - which can have a devastating effect on a business if email is not included as part of a compliance strategy.

The current regulatory environment mandates improved protection of corporate data and provides a solid foundation for the management of sensitive data including e-mail. Business must choose a platform that provides them the flexibility needed to be compliant with the rules and regulations relevant to their company, as well as enforcement of internal corporate governance. It is imperative that companies immediately take action, using a pragmatic approach to compliance. E-mail monitoring and remediation must be included in any risk assessment.

According to the Enterprise Strategy Group, more than 70 percent of a company's critical information can be found in its messaging system. Considering that e-mail is the number one vehicle for business communication and the exchange of information, businesses must employ outbound e-mail security solutions to monitor and enforce their corporate governance processes.

According to the 2005 annual CSI/FBI Computer Crime and Security Survey, 80 percent of respondents reported security incidents involving insider abuse in 2004. The exposure of sensitive corporate data can cripple a company financially and competitively. There is a huge risk to companies who ignore e-mail, not only by potentially failing to comply with regulations, but also by leaking sensitive information outside of the organization that could be used for ill-intent.

Unfortunately, less than 15 percent of corporations have deployed an automated solution to enforce messaging policies, according to Osterman Research.

Because the risks associated with outbound e-mail may pose a greater threat to a company's long-term growth, businesses cannot afford to overlook outbound e-mail monitoring and enforcement in their quest to reach compliant status. IDC forecasts worldwide revenue for the outbound content compliance market to grow from $254 million in 2004 to $1.9 billion in 2009, representing a 49 percent annual growth rate. While businesses are planning significant investment here in the next several years, today is the time for immediate action.

E-mail This Story
Print This Story

Page 2: Managing Risk: Simple Steps To E-mail Compliance

Page 1 | 2

Get the latest Messaging news, product info, and trends every week.

Related Content

  Right-click and choose Copy to extract RSS Feed URL  Messaging Pipeline's Main RSS Feed
  Right-click and choose Copy to extract RSS Feed URL  Messaging Pipeline's Blog RSS Feed

Editorial and vendor perspectives

Editor's Picks
The Six Flavors Of Windows Vista
Microsoft plans to release a full six-pack of Vista versions, one for every taste. Which Vista will be right for you?

Hope is Not Enough When It Comes To Compliance

Three Ways To Authenticate E-Mail And Stop Spam

Wikis In The Workplace

Review: Google Desktop 3

Vendors are now talking about how collaboration can be improved by integrating video with messaging applications. They're even talking about adding live TV to mobile phones. How far do you go before it becomes a bandwidth and business productivity drain?
Video is a great idea
Video is fine but there needs to be size limits
It's never used for anything really productive
I draw the line at live TV

In search of messaging products? Check out our brand new Product Finder for a directory of groupware and collaboration tools, security products, archiving solutions, and more.


Digital Warehouse buys, sells, & rents used Cisco networking hardware such as routers & switches, as well as Juniper, Extreme & Foundry at 50-80% off list price. One year warrantee and fast delivery.

Stop spam on your terms with CanIt-PRO, the most flexible and customizable anti-spam solution available for the mail server. Offers per-user or per-group controls and is available as software or hardware appliance.

Use your Intranet to manage Software Licenses, plan for Windows XP/2000 upgrades, do Security Audits and more. Click to try and ask for our white paper - PC Management for the Internet Age.

Analysts at the Tolly Group put a leading Branch Office IT services solution to the test, measuring performance, security and data reliability. Download the results, detailed in this free report, now.

Whether you need temporary or permanent access to remote PCs, LogMeIn has your solution: LogMeIn IT Reach for automatic maintenance of remote and mobile systems, and LogMeIn Rescue for instant, web-based remote access without pre-installing software.

Sponsored Links:      
 |   |   |   |   |   | 
 |   |   |   | 
 |   |   |   |   | 
Messaging Pipeline  |   |   |   | 
 |   |   |   |   | 
© 2006 | MESSAGING PIPELINE All rights reserved. | |