Spurred by a string of high-profile security breaches over the past year, content security has become the hottest growth area in the IT security field right now. The IDC expects global content security revenues to rise from $66 million in 1999 to $1 billion by 2004 as companies scramble to secure their content.
And don`t think for a moment that information security is limited to e-commerce, says Andrew Ochse, Product Manager at Nanoteq, Comparex Holdings` managed security services arm. It extends to all Internet activities - including e-mail and Web browsing - and as more companies provide Internet access to their employees, content security has moved from being just an IT problem to a major business issue.
"Content security addresses a vital need in practically every organisation connected to the Internet," said Ochse. "Viruses, pornography, oversized files or banned file types, spam and malicious code are innocently downloaded - and the results can bring down entire networks, launch harassment lawsuits and severely impact on productivity."
Ochse says Nanoteq`s experience supports statistics suggesting that company insiders are responsible for the majority of damage.
"If employees continue to have unlimited access to information without a comprehensive content security initiative in place, one can only guess at how much intellectual capital is flowing out of the business undetected."
The repercussions of weak content security can be devastating. IDC`s estimates suggest that viruses alone have caused worldwide damage in the region of $11 billion due to lost employee productivity, downtime and data loss.
To ensure a secure and productive e-business environment, Ochse says the first step is to implement a comprehensive content security policy in the early stages of business policy formulation.
"Content security is not just about installing anti-virus software and walking away. It picks up where anti-virus leaves off, and goes way beyond the actual technology solutions," said Ochse.
"A good content security policy covers all e-mail correspondence, Internet usage and sets employees` expectations of privacy. Important: involve employees early in the process, and get their buy-in. By educating employees and raising awareness of security issues, employees better understand the benefits of a content security program."
Ochse says many vendors will happily sell a content security package that performs the key checks - e-mail scanning and monitoring, Web content, downloadable applications execution - and even install public-key infrastructure (PKI) to lock down key data and track internal usage.
However, most companies can solve 70% of their content security problems, and dramatically slash their IT expenditure, by what Ochse calls good old-fashioned housekeeping.
"Many companies are running an absolute jungle of different operating systems, desktops and mainframes within a single infrastructure. In this kind of system, users run absolutely riot, causing damage that one can`t even start to imagine.
"The magic word is: standardise. One version of backbone system, one version of databases, one set of network switches, one desktop environment. Suddenly one doesn`t need a huge team of experts to look after various environments - and if one still have security problems, PKI and other security solutions are far cheaper and easier to implement on a standard platform."
The return on investment (ROI) from implementing a content security plan is immense, both economically and from a human resource perspective, says Ochse.
Businesses win through higher productivity, improved network integrity and better relationships with partners and suppliers - which, at the end of the day, means more profits.
"You also get knowledgeable employees who are aware of the potential pitfalls of the Internet, which is the best security of all," says Ochse.
Share