My name is Anne Bonapart, president and CEO of MailFrontier. TodayI want to talk to you about compliance, a business challenge and indeedForrester has identified compliance as the number one priority for IT leadersfor the next year. That s probably because of the alphabet soup that isattacking them from a regulation standpoint. You ve got GLBA, HIPPA, CaliforniaSB 1386, VISA CISP, NASD 300 and the list goes on. It s pretty overwhelming.Really, what it all boils down to is protecting non-public information. And asyou read these regulations, it s really all about taking reasonable andappropriate steps and that s a way to begin to sort of stop the paralysis ifyou think about this whole issue of compliance and make sure that as anorganization, you re thinking about what is reasonable, what is appropriate forus as an organization.
The reality is that good corporate governance would have youprotect your digital assets anyway. Seventy percent of your digital assets areconnected to e-mail systems and those are at risk unless measures are taken. Iwish it was one simple step. Unfortunately, there are many elements to definingan effective compliance policy. The first is figuring what your policies are tostart with, what regulations do we want to enforce. Then it is figuring out theprocess, how do we protect confidential information, how do we manageinformation, what are all the steps. The third is people, of course, key ineducating both about the policies and the processes and then technology isreally used as an enforcement enablement. It s really one element in a wholesystem. So a key challenge is how to take the first step, how to begin tomanage this process and protect your e-mail and begin to get compliant.
First of all, when you think about e-mail flowing from the mailserver both inbound from the Internet as well as outbound from yourorganization, you really need to have a view into those e-mails and understandwhat s going on. Whether you ve got offensive, dangerous information coming in,whether you ve got private, offensive language going out. It really boils downto two simple steps. First, identification, does this e-mail violate anypolicies? Pretty straightforward question and it can be answered by looking atboth the content of the e-mail as well as the route. The sender and thereceiver, are they authorized to send this information?
Of course, the next step is action remediation. If we need to takea step, what should it be and how do we easily take that step to keep e-mailflowing because it is such a critical business communication tool. That couldbe to stop an e-mail, to review it. It could be to archive it, it could be toencrypt it. All these are actions that go on in the course of the work flow ofa business and what you need is one system which enables you to protect thevalue of business communication going back and forth through e-mail, get overthe paralysis that compliance conversations often result in and take that firststep.
