Strategic Security: Developing a Secure E-Mail Strategy: Page 2 of 8

Nearly half of 149 IT decision-makers for North American small companies surveyed by Forrester Research said they plan to spend capital in 2006 to secure e-mail. They'll focus their capital on securing e-mail at the gateway, concentrating on spam, viruses and regulatory compliance. This trend is likely to continue and will probably increase in the coming years as companies realize the importance of e-mail security to their overall security strategy.

So which combination of encryption and protection is right for you? There's no single answer. It's safe to say, however, that a blind drive to meet bare-minimum compliance standards is a poor method for choosing an encryption-security solution--such a strategy could leave your organization compliant but still insecure.

Encryption Options

A variety of technologies have emerged in the encryption field. Boundary, or gateway, products attempt to encrypt e-mail before it leaves the corporate network. This method seems to have the most traction given its ease of implementation compared with that of other technologies. Staging-server encryption captures and stores secure e-mail locally on the network for remote users to retrieve over secure Web portals. Finally, end-to-end encryption offers the most secure scenario, encrypting the message immediately after the user clicks the Send button (see "Encryption Models," right).

Encryption Models Click to enlarge in another window