E-mail 'biggest' security risk, Microsoft says

An organization's security has a lot to do with its e-mail system

An organization's security has a lot to do with its e-mail system, a top security official at Microsoft suggested.

"Messaging is fraught with a lot of challenges," said J.G. Chirapurath, Microsoft's senior director for identity and security, in a phone interview. "It comes down to the integrity of the information and who is seeing it. It's all about secure messaging because when you examine the world we live in, e-mail really is the biggest attack vector, as well as the biggest leak vector."

Microsoft's big news on Monday was the release of Exchange 2010. However, the company simultaneously released a security solution for the new e-mail server called Forefront Protection 2010 for Exchange. Forefront is Microsoft's general brand for a family of enterprise software security products.

Microsoft officials have been saying that Forefront Protection 2010 for Exchange offers faster malware detection rates, even while it uses multiple antimalware engines simultaneously. In addition, they claim that spam protection is at 99 percent, with about one spam message per 250,000 getting through.

Microsoft's literature suggests that the solution can provide protection anywhere through "identity aware security." IT pros can adjust security levels based on access assignments and system parameters. In addition, the product's management system can help identify critical process owners and implement security measures accordingly.

The focus on enterprise-level security for Exchange has a lot to do with the threat landscape, which has been changing.

"The attacks on the OS are devolving, and [attacks] now happen at the application or workload layers," Chirapurath explained. "So the old paradigms of security and old ways of security need to evolve. Deep integration with Exchange is important, and this is integrated with a platform."

And when it comes to e-mail, everyone is subject to attacks – even Microsoft security officials.

"I carry a laptop and compute within Microsoft where I know I'm protected," Chirapurath said. "But a lot of the time, I also go sit in a coffee shop and view confidential information; use someone else's network. I open attachments from outside. I use mobile devices, and I'm not necessarily immune."

Given such scenarios, Chirapurath said, it's important to have a "business-ready security" strategy in place.

About the Author

Jabulani Leffall is a journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Fri, Dec 4, 2009

Biggest' security risk, it's not Email! It is Microsoft!!

Fri, Nov 13, 2009 T.R. Texas

I still find it amazing that the people who should know better are normally at the upper echelons of an organization, and they are the ones who blindly violate basic security rules because they only think they know better.

Fri, Nov 13, 2009 Ski

Excellent security practices; viewing confidential information in a public place.

Thu, Nov 12, 2009

If M$ is so good at blocking spam (249999/250000) according to this article, then they sure must not apply this technology to their Hotmail service.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group