[ISN] Big companies employing snoopers for staff email
isn at c4i.org
Fri Jul 23 10:34:55 EDT 2004
Forwarded from: matthew patton <pattonme at yahoo.com>
--- InfoSec News <isn at c4i.org> wrote:
> By Jo Best
> July 19 2004
> Large companies are now so concerned about the contents of the
> electronic communications leaving their offices that they're
> employing staff to read employees' outgoing emails.
> According to research from Forrester Consulting, 44 per cent of
> large corporations in the US now pay someone to monitor and snoop on
> what's in the company's outgoing mail, with 48 per cent actually
> regularly auditing email content.
Yet information can readily leak through floppies, cdrom's, ftp,
https, or the 'simple' act of outsourcing laptop and desktop support.
If monitoring email were so critical to preventing information
disclosure, where and how do we categorize tens of billion dollar
international companies in say financials or pharacuticals that don't
protect against connection hopping, use telnet and X11 in the clear,
build production and DMZ unix hosts with full development (compilers,
you name it) distributions, send their laptops off to the likes of
Dell with all corporate product, sales, and other proprietary data
still on them and likewise grant these same 3rd parties significant
network access to replicate message stores, add the laptop computer to
the corporate Active Directory domain, load cryptographic identities
and so forth?
I'm all for balancing business needs against network security but does
this strike anyone else as just a little bit unbalanced?
More information about the ISN