Bob Woods likes to keep his staff lean.
As global IT director at Ampacet Corp., a large chemical manufacturer in
Tarrytown, N.Y., Woods has a staff of eight IT professionals who serve
800 employees worldwide. Normally these numbers work, but when MyDoom and
other high-profile viruses took down his messaging system early last
year, that delicate balance was destroyed.
Woods was forced to outtask the security of his messaging system rather
than tax his own IT team to keep up with the threats. Outtasking allows
him to offload one duty, instead of outsourcing his entire message
system.
”We deem our messaging system to be mission-critical — it’s the
prominent source of communication between our user community and our
customers,” Woods says. “[Virus outbreaks caused] not only a loss of
productivity for users, but a lot of lost productivity for IT staff to
react to situations. In some instances, we spent days trying to eradicate
the worms.”
Woods says the worm annihilation process was draining for his team.
”Not only did we have to patch the server and scan for viruses, we had
to go to the tape media to restore files, then go to each desktop, patch
there and identify the corrupt data,” explains Woods. ”We operate lean
and efficiently. I didn’t want to say to management that we needed
resources to solve this issue.”
The Ampacet team looked for a suitable in-house solution. ”We searched
the marketplace for add-on functionality, such as network appliances, but
the investment was too great,” he says. ”We would have to maintain them
ourselves and the training and management were just too expensive.”
So Woods chose a different path — outtasking. While the company
maintains control of its Exchange 5.5 servers, it contracts with Equant,
a service provider based in New York City, for spam blocking, anti-virus
and content filtering. The cost is a flate rate of $2.05 per user/per
month. Woods initially started with a pilot project of 100 users, but has
since expanded the service to the entire company — even remote workers.
Equant uses FrontBridge Technologies software to intercept inbound e-mail
for customers and scans it for various threats. Alan Simpkins, practice
head for IT services at Equant in New York, says off-loading messaging
security lowers an enterprise’s total risk profile.
”If you never get that e-mail in your network, then the likelihood of
having problems elsewhere is lessened,” he says. ”There’s no ‘click on
this link’ to worry about.”
Security experts agree that outtasking from companies like Equant,
Postini and MessageLabs creates another level of complexity for IT
workers in an already-complex network — but sometimes it’s a necessary
evil.
”Filtering spam and viruses tends to be a game of one-upmanship,” says
Andreas Antonopoulos, senior vice president at Nemertes Research in New
York. ”As soon as you have a slight advantage, a new generation of spam
and viruses comes out. Your only other choice is to spend money on
software and licenses and appliances to do this.”
He adds that message security requires constant attention from an IT
staff, especially in this era of compliance and regulatory constraints.
”Its not like an e-mail server where you’re simply adding and
changing users,” adds Antonopoulos. ”With security, you have to make
sure that signatures are up to date and your anti-virus is up to date.”
The biggest problem for IT staff surrounding message security is handling
false positives. ”Something may leak through occasionally — an
executive didn’t get his e-mail because it’s in the spam filter,” says
Antonopoulos. ”With the high volume of e-mail at most companies today,
they don’t have the resources to deal with these false positives.”
But some experts warn that outtasking could give companies a false sense
of security.
”The drawback to these managed services is that if the mail has been
delivered through to your server before a fix has been issued for a
virus, you could find yourself vulnerable to attacks,” says Paul Stamp,
an analyst at Forrester Research in Cambridge, Mass. ”You still need
your IT department at the ready when viruses hit.”
Woods agrees. He says even with the service, his team has been diligent
about keeping on their toes and heightening user awareness about viruses.
Stamp says he sees an additional opportunity for message security
outtasking.
”So far, these services have mostly been devoted to incoming mail but I
can see them starting to look at outgoing, as well,” he says.
”Companies in high-compliance areas like finance and health care could
use these services for intelligent scanning of their mail to make sure
that confidential information is not leaving the network.”