“CEOs need a secure messaging system that both protects information and makes it easily auditable and retrievable,” Chief Executive magazine tells its readers in the November issue. Moreover, it says, “the e-mail security solution needs to be easy to use, offering functions such as strong end-to-end encryption, mutual authentication and robust auditing features.”
The column, called Electronic Dilemma, mentions the dangers of unregulated e-mail use, mentioning the website called F***ed Company (and its follow-on book), which shares e-mails about layoffs and other bits of info that weren’t meant to travel beyond corporate walls, as well as the more mundane spam and virus writers and phishers that abuse e-mail.
The column is written by the CEO of a vendor company who mentions a particular organization that solved its particular e-mail security and regulatory issues with his company’s solution. But he also raises some general questions about addressing the problem. One is whether or not to embrace Secure/Multipurpose Internet Mail Extensions, a standard that requires a corporate e-mail server to issue a digital certificate to each user, and requires users to have a private key to open messages. He also says, “Standards-based security should separate encryption or ‘key’ services from authentication services, and policy management should automate auditing and reporting for end-to-end messaging security. The architecture should also enable messaging workflow and content filtering (for spam, viruses, etc.).”