Enterprises at risk from lack of messaging policies

Firms risk malicious threats without messaging policies for email, instant messaging and VoIP

Many firms are potentially at risk from malicious threats because they have no clear messaging policies for the use and management of email, instant messaging and voice over IP (VoIP), according to a new survey of users and IT chiefs by security specialist Symantec.

Although over half of respondents rated messaging tools as critical to the daily operation of their business, and 92 percent said a significant amount of business was conducted via email, 54 percent said they have no specific policies in place or said that appropriate use is left to the employee's discretion.

"There is now a huge dependency on the messaging infrastructure, but firms need to take a holistic view, not just looking at email or concentrating on point problems like spam," argued Symantec's Fredrik Sjostedt. "They also need to look at storage management and integration of [all components] so that you can set policies which will apply to the whole infrastructure."

Nissim Bar-El, chief executive of information security consultancy Comsec Consulting, agreed that many UK firms are struggling to manage messaging infrastructure because of a lack of policies. He added that "any organisation which starts with technology not policies will never be successful" in securely managing their infrastructure.

"Three years ago security officers could clearly define the boundaries of the network, but now security management has become a huge challenge" added Comsec's Roy Harari. "There are technology solutions to respond to that but they should begin first by identifying where the new perimeter is."

Symantec also launched a new marketing push, labelled Enterprise Messaging Management, featuring a full range of integrated products and services to manage, secure and archive IM, VoIP and email from end-to-end.