The Evolution of Messaging Security
By Stephanie Jordan
Today, messaging security looks very different than it did a few years ago. In the past, the focus was on the inbound plague of spam. Soon viruses began to become more malicious and more prevalent. "This was the point where most companies realized it was no longer an option to invest in securing and guarding their infrastructure-but a necessity," recalls Paul Judge, CTO for Secure Computing (formerly CipherTrust). "The interesting aspect to this phase of the problem was a very clear return on investment (ROI). If you did nothing, your network came down. If you invested a few dollars, you saved lots of dollars. This was a rare point in time for the security world-where the ROI was rather straightforward. Most companies invested in something to help them solve their inbound spam problem."
Judge notes that, toward the end of 2004, organizations began to be more comfortable with their spam defenses. But then regulations became the leading concern. "Some verticals had HIPAA (Health Insurance Portability and Accountability Act) deadlines. Many had SOX (Sarbanes-Oxley) deadlines. Companies took the same energy and teams that addressed the inbound volume problem and focused on how to comply with regulations. For many, this was their next priority."
But not every organization had regulations to manage. For those companies, that energy was directed to their other messaging channels. "There was another set of the world that thought, 'email seems okay now, but what about all these other channels? What I just did for email, I should probably implement for instant messaging (IM), and for webmail'," says Judge. These became the two primary paths that organizations started down either focusing on regulatory compliance, or seeing what other messaging mediums needed securing.