SECURITY CLINIC: Privacy versus efficiency
- 23 August, 2000 12:37
While its predecessor the paperless office was an urban myth, the electronic workplace is a reality. Technology that used to be the exclusive domain of academics and high-tech firms is now mission-critical in even the smallest of businesses. PCs are the most obvious incarnation of this phenomenon. Networks, e-mail and the Internet soon followed.
The advent of e-business, and the consequent focus on e-mail and the Internet as mission-critical tools has truly changed the concept of the office environment to one of technical reliance. The increased pervasiveness of e-mail and the Internet, and its integration into all aspects of an organisation, also means the nature of the information and transactions on these media is becoming more sensitive.
Yet just as scepticism about the paperless office preceded it, the electronic workplace has been plagued by debate about its effectiveness and usefulness.
Supporters advocate ease of use and time and cost efficiencies as advantages. Simultaneously, detractors list security, inefficiency and management risks as negatives.
Anecdotal evidence so far supports the latter, with approximately 80 per cent of all e-mails personal and inappropriate. Adding fuel to the fire are privacy and ownership debates surrounding employers scanning and tracking e-mails and Internet use.
These e-mail and Internet usage trends have serious ramifications. Illegal and inappropriate content that is disseminated through these channels raise the spectre of legal liability, such as sexual harassment or racial vilification claims.
Copyright infringement and breaches of confidentiality are also distinct possibilities in the current electronic office environment, even if the circumstances are accidental. According to IDC, protection of intellectual property is one of the main drivers for the development of content security policies in the Asia-Pacific region.
The inappropriate use of e-mail and the Internet also raises significant productivity concerns, with bandwidth and storage often overrun by personal, inappropriate and even illegal e-mails and downloadable applications. In all of these instances, loss of reputation, and even more basically, financial impact, are possible outcomes, whether through legal costs or lost customer revenue.
This is not to say that e-mail and the Internet should be abandoned as lost causes. The situation is simply a reflection of business tools outpacing business policy and methodology. The two will soon align. In fact, with the proliferation of technology, risk and infrastructure management are becoming higher priorities for businesses that have only recently discovered content security is about much more than merely stopping viruses or blocking Web sites.
Companies are taking note of the business and technology issues surrounding new workplace tools and are beginning to implement policies and technology enablers that more appropriately manage these new tools. Analyst IDC predicts that with the continued education, the content security market will grow from $US66 million in 1999, to $US952 million in 2004, with the Asia-Pacific experiencing the highest growth.
According to IDC, content security is defined as the capability to recognise and manage the increasingly complex objects (such as attachments, .exe files, malicious code, pornography and spam) transferred over e-mail and the Web, and the ability of an organisation to apply flexible and adaptable security policies to those objects. The content security market is divided into e-mail and Web scanning products and Malicious Mobile Code (MMC) products. IDC predicts the former sector will grow from $US52 million in 1999 to $873 million by 2004. The MMC market has a projected growth of $US14 million to $79 million in the same period.
The content security market is still in its infancy, though growing rapidly, and the channel is playing a large role in educating their customers about the risks and obligations of e-mail and the Internet.
The next step for the channel is facilitating customers' implementation of security policies and technology. The three-e strategy' ensures organisations establish a policy that suits the way they do business, educate the workforce about the policy and the reasons for its existence, and enforce the policy. Under this system, the emotion surrounding such issues as privacy dissipates. Employees are made aware that legally an employer owns, and has access, to all e-mails generated and received in the workplace. Consequently they have the right to act in response to any information discovered in these forums.
Additionally, employers have an obligation to ensure they uphold the law, provide a safe environment for employees and look after a company's bottom line. Ignoring the risks inherent in e-mail and Internet usage means forfeiting these obligations.
Alan Schaverien is managing director, Asia Pacific, of content security software developer Content Technologies. Reach him at email@example.com