As we near the end of 2012, it seems like the perfect time to rehash one of the big themes that has pre-occupied enterprises over the past 12 months — content security. Forrester's Wave Report takes it one step further — taking an in-depth look at the area of security that enterprises really need to take note of.
Email Content Security Wave
The report entitled "The Forrester Wave: Email Content Security, Q4 2012", alludes to the fact that email continues to be the favored collaboration tool on the market — despite advances in social media. Enterprises need to secure that content as it moves from one account to another.
In order to do this, as in all other areas of information management, enterprises are turning to vendors that adhere to a number of criteria outlined by the enterprise, which take into account business needs and IT concerns.
But do they work? Clearly that depends on what vendor the enterprise has decided to go with. As a starting point, Forrester has taken a list of 9 vendors and 18 user companies and evaluated them against 47 criteria. These companies include: Barracuda Networks, Cisco, McAfee, Proofpoint, Sophos, Symantec, Trend Micro, Trustwave and Websense.
There were a number of different ways of making it into the Wave — which we will take a brief look at later. Out of those nine companies six have been identified as leaders, with the other three providing competitive offerings.
Symantec, Cisco, Proofpoint, Trend Micro, Websense, and McAfee lead the pack with Barracuda Networks, Sophos, and Trustwave in the ‘competitive’ space.
Email Security Trends
Before taking a brief look — there are number considerations that enterprises must keep in mind before choosing an email content security vendor.
In this respect, Forrester warns that these are not the only vendors in the market and that enterprises really need to look at all the vendors out there before making a selection. This Wave, it says, is only a starting point.
With that in mind, businesses need to approach security by looking at the role email plays in the business environment. No matter what vertical, or enterprise, and no matter how much workers are using social media to collaborate, email is wired into the heart of the enterprise business processes.
However, despite its importance, enterprises invest relatively little in email security — just 7% of security budget. This is a false economy. Email must be safeguarded because:
- The threat landscape is constantly changing: In the past spam and signature-based malware were the biggest threats. Now enterprises have to deal with attacks via spear phishing campaigns.
- Punitive fines: The content contained in emails is often covered by regulations concerning the safety of personal data. The fines for breaching HIPAA provisions can rise to US$ 1.5 million for a breach of regulations. And this is only the start.
Shifting Email Security Landscape
In response to the changing landscape, vendors are developing their offerings to include:
- Analytics: Many vendors are offering analytics that determine if a message is malicious or not. Many solutions contain delay queues that hold the delivery of potentially malicious emails until they are passed. Suspicious URLs are also inspected before they arrive to the recipient.
- Enhancing and simplifying encryption: Many companies that are transmitting what Forrester describes as ‘toxic’ data are looking for encryption technologies. Vendors responding to this, have simplified the sender and recipient key exchange
- Building more-robust data loss prevention (DLP): Loss prevention technologies are still not widespread — even in the public sector. However, advanced DLP engines, enforcement controls and policy support are readily available.
The delivery model for email security, as in other IT areas, is also shifting as the cloud takes hold. There are a number of factors driving the delivery change including:
- SaaS email security: Email content security is one of the most developed SaaS technologies for security professionals. In the next year, 55% of surveyed companies will have adopted SaaS solutions. DLP projects are still very much on-premise technologies.
- Hosted email: Many enterprises are actively looking at hosted email in the Google Apps and Microsoft Office 365 suites. On-premises appliances will continue to be attenuated with many companies also looking for the more robust email security offerings hosted providers can offer.
- Virtual Infrastructure: Virtual email security offerings are growing in popularity as they look to scale resources according to needs, enabling IT to respond to needs without having to go through procurement processes.
The evaluation criteria that Forrester used to compile this wave include: