E-Mail Filtering Greets the Workplace
November 3, 2000
(Tech Web - CMP via COMTEX) As electronic mail becomes an essential part of daily communications, companies are stepping up measures to police it as it comes in and goes out of the enterprise.
Especially as employers realize they can be held legally responsible for every message sent from their corporate server.
"E-mail is like the telephone," said Jon Adams, a systems engineer for Primera Blue Cross, Mountlake Terrace, Wash. "Using it for some personal business is acceptable. But there needs to be some controls."
Walter Boos, president of Content Technologies Inc., Bellevue, Wash., manufacturer of MIMEsweeper, compared the e-mail address to the corporate letterhead. He said a company is responsible for everything sent out under its name, even in e-mail, as if it appeared on corporate stationary.
But employees may not comprehend the similarity. Someone who would consider the use of letterhead improper to send a letter to their mother will have no such qualms doing so through e-mail.
Boos recommended a three-step process: Establish an e-mail policy that clearly states what is appropriate behavior and what is not. Educate the work force as to the fine points. Then enforce the policy, which includes installing filtering software.
But there are risks involved. To jump directly to step No. 3 without proper preparation could make employees feel spied on.
"We ran the test of the software without telling anyone," said Konan Houphoue, system engineer specializing in Internet messaging for CNA Insurance, Chicago. "Many of them complained, but were OK with it once we explained it to them."
CNA uses InterScan eManager from Trend Micro (stock: TMIC). On his test, Houphoue filtered for strict obscenities, which themselves may not constitute unacceptability. But the configurable programs can flag harassment terms, sexual or racial slurs, company secrets, or proprietary information.
Houphoue was unapologetic about filtering out the F-word altogether. "There is some language that is not appropriate for use in a corporation," he said.
"Some filters look for different content. Primera, for instance, uses MIMEsweeper to prevent the transmission of a patient's social security number across the network," he said.
Charlie Smith, lead engineer for the Department of Energy, Germantown, Md., uses MMS from Tumbleweed Inc. (stock: TWED) primarily to block unwanted mail like lotto messages and elf bowling. The outgoing filters, while used, are not as essential.
"We want to protect our infrastructure so it is available to our users for business purposes," said Smith. "It is not up to us to handle mail that is not work related."
According to Boos, Content's main competition comes from the antivirus vendors. Many corporations, after installing antivirus software, see no need for content filtering. Which he believes is a mistake.
"When they talk about security, companies think of antivirus and firewall software," Boos said. "But an antivirus program can't do filtering. Too many companies don't think this is a serious issue."
This leads to another common purchase decision: Is the corporation more comfortable buying from a single vendor, or from several different ones?
Content, which doesn't manufacture an antivirus solution, hooks directly into whatever is already installed. But Trend Micro, known for its antivirus programs, has recently entered the content screening category and is betting that its current customers will add its own content screening technology.
"We were already scanning code, so it wasn't all that different to scan content," said Trend's communications director Susan Orbuch.
Even so, they aren't mutually exclusive. Adams said content scanning flags VBS scripts that an antivirus program may miss. And he has configured the program to catch .exe files, which are not the normal purview of corporate e-mail.
Ardent privacy advocates decry e-mail filtering, but Adams suspects people will get used to the limits once they are defined.
"Some people think this is an invasion of privacy," he said. "But most of them, once a message from a friend has been flagged will get it and call their friends up and say 'don't send me this stuff any more.'"
Tech Web - CMP via COMTEX