|
It's the content, Stupid!
by John Boyd
Alas, it's a sad
fact that Industry Eye is better known for the self-parodying quips against e-mail
that appear at the end of some columns than for the main content. So with this
column, I will kill two birds with one page by covering content as the topic ...
while also bashing e-mail.
Along with sweethearts
and sports fans, devotees of e-mail overlook the inherent weaknesses of their
attachment, while taking pleasure in patronizing those less enchanted with the
technology.
They slime conventional
mail as "snail mail." Yet should they omit a mere period in an electronic address
- something a snailman wouldn't notice - the message doesn't even begin its journey.
Or, worse, if it does launch, it goes floating around cyberspace for a week's
holiday, and returns to say, "Hi, there! Remember me?" Then by the time the power(less)
user sorts out the problem, another thousand e-mails are stacked up clamoring
to be answered.
I could go on feverishly
about such things as the contagious diseases e-mail spread through a multitude
of viruses, but that would be sick. Instead, I'll focus on a generally overlooked,
yet potentially catastrophic, danger more corporate users of e-mail ought to be
concerned about: content.
To those readers
already smugly shaking their heads because they happen to be sitting behind super
firewalls: Be careful! You are most likely to be in for a severe roasting if you
remain complacent. That's because firewalls are not even remotely flameproof when
it comes to controlling most content, and besides, some 70 percent of threats
to network security arise internally, rather than from outside.
This was the warning
delivered by Chris Heslop, marketing manager for Content Technologies, a UK-based
software company making a name for itself in content security. Speaking at the
Information Security Conference in Tokyo this July, Heslop described various ways
an increasing number of companies are falling prey to the misuse of content, albeit
be it often unintentional by employees.
E-mail lists have
become a popular way for individuals in a dispersed group to communicate with
each other: Send out a message to a common address, and it automatically goes
to everyone on the list. Yet it takes but one forgetful employee in "Reply to
All" mode to respond to an issue or query with confidential information, and bingo,
everyone on the list is privy.
"For organizations
in the legal, finance or health care sector, this can constitute a breach of guidelines
on client or patient confidentiality," notes Heslop. "Similar breaches can occur
through errors in e-mail addressing."
As the number of
such incidents multiply, there's a trend in the US and Europe to make companies
liable for the content of their employees' e-mail, particularly so if there is
no e-mail policy in place with a mechanism to enforce it. One effect is that corporations
in the US and the UK now have the right to scan all employee e-mail, while in
Japan, corporations tend to first work out an agreement with their unions.
Incoming e-mail,
points out Heslop, can also be a problem. Spam, or junk mail, is generally regarded
as just an irritant, the way it nibbles away at an employee's time and disk space.
But this seemingly innocuous method of infiltration can also be used to bombard
a company, threatening its network's stability. This happened to the Karolinska
medical institute in Sweden, when animal rights groups continually swamped it
with unsolicited e-mail, until the network collapsed under the onslaught.
Internet content
is another area for concern. If an employee downloads games or porno, for instance,
it's just one person wasting the company's time. But if he then distributes material
that's offensive to colleagues, the company could become the target of, say, a
sexual harassment suit, as major corporations like Citibank, Smith-Barney, and
Nissan are finding out.
As people in the
content security business like to point out, firewalls are not hot on content.
Rather, a firewall is like the passport official at an airport who guards against
who comes in - like hackers. On the other hand, content security software such
as Content Technology's MIMEsweeper products is more the customs official guarding
against what can come in and go out, as well as controlling the movement of internal
information.
Content security,
then, is all about protecting against the unauthorized or unintended movement
of information that could cause a breach of confidentiality or corporate integrity.
Fundamentally, it is not so much a technical issue, as much as it is a business
concern. Most of all it is a people problem - particularly e-mail lovers adorned
with rose-tinted glasses.
SPECTACLE-WEARING
e-mail lovers of the world unite! protest by sending john some tasty spam via
boyd@gol.com.
Back
to the Table of Contents
Comments
or suggestions?
Contact cjmaster@cjmag.co.jp
|
