FDAnews
www.fdanews.com/articles/77875-business-practice-regulations-should-drive-encryption-strategy

Business Practice, Regulations Should Drive Encryption Strategy

March 28, 2006

Effective email encryption programs will help mitigate computer system and erecord risk, says Andres Kohn, vice president at Proofpoint.

“Email is great, but it can be a sieve for intellectual property (IP) and other” edata to leave your company, Kohn told attendees at a Feb. 22 webinar. But controlling email with encryption presents some knotty challenges, he acknowledged. Among those: huge inbound and outbound message storing requirements, usability, and finding a tool that does not slow down message delivery.

Getting a handle on email communications is mandatory for most companies anyway, Kohn said. In addition to state and federal requirements, companies must protect private customer data. “It’s just good business practice to protect customer data” because it also represents an important component of your company’s IP, he said.

But even a good encryption program should be viewed only as part of a broader messaging security program, Kohn stressed. Defining and managing internal corporate policies is a critical and ongoing challenge.

That’s one reason it is so important to have an email encryption tool with strong auditing and reporting capabilities, Kohn said. Having that capability helps companies see how their systems are actually being used each day and spot current or potential problem areas. For example, a good reporting system might help a company realize that one of its policies is out of date, or that a problem has a root cause requiring an immediate computer patch fix.

Proofpoint’s new email encryption tool offers more than 50 customizable user reports, Kohn said. They can be published on the system for easy viewing and sent directly to a compliance manager who is monitoring violations. “It is important to understand how your system is being utilized,” he said.

Proofpoint offers a free 30-day risk assessment audit of your email system. The tool is deployed live, and immediately begins scanning and monitoring all email traffic to determine whether confidential information is getting out or otherwise violating state or federal regulations, Kohn said. — Michael Causey