Re: Screening Outgoing Mail for Content

["Chris Crozier" <chris () cirrus co za>]

It seems to me that the argument against screening content based on relative
ease of defeating it is like saying that since locks can be picked don't
bother locking anything. The aim has to be reduction of risk, not
eliminating it (since that is impossible anyway). Locks work reasonably well
because most people can't pick them, not because they are un-pickable.

While it is true that just about all companies will let you walk to of the
door without searching your shopping bags or briefcases, there is a
difference with email in that there is no physical evidence. There is a risk
of being caught with a diskette full of confidential data or a bunch of
photocopies which could be used as evidence in a prosecution. Email usually
whisks off data without a trace.

So whilst there are always ways of exporting "illicit" data, that doesn't
mean one should make it any easier or safer than it needs to be.

Apart from the confidentiality/industrial espionage aspect, my informal
observation in large corporates is that some 70%+ of email by numbers (more
by volume) is junk: either spam or trivia like jokes and screen-savers. This
can take up a very large chunk of a corporation's internet bandwidth, but
that is insignificant as a cost against the time wasted by all recipients
reading the stuff or loading the latest Hollywood screen-saver. Libertarian
ideologies are al very well, but many larger companies have systems in place
to monitor unreasonable phone usage, so why not email?

I believe there is a place for content screening but it shouldn't be sold as
the total solution.

Chris Crozier
Cirrus Technologies (www.cirrus.co.za)
Tel.: +27 11 463 5557
Mobile: +27 83 377 7289
Fax: +27 11 463 5671