On any given day, email users across the world receive hundreds of spam and junk mails that eat into precious bandwidth and make for difficult management. While many enterprises go for spam filters and blocking of unsolicited emails, the problem continues as spam definitions keep changing and newer threat scenarios keep emerging. Says Amuleek Bijral, country manager, RSA, “Security threats manifest in various forms-viruses, worms, trojans, network hacks, data loss, improper access control, phishing, social engineering, etc. Some of these threats are easy to tackle, while some others are getting increasingly difficult to address.”

The magnanimity of the problem becomes quite evident as a 2006 study by the Radicati Group estimated that spam constituted 70% of the total worldwide messaging traffic, and this figure is expected to increase to 79% by 2010. The total number of messages circulating worldwide is projected to be 442 bn, with 351 bn as spam.

“Spam volumes are growing faster than expected due to the success of image-based spam in bypassing anti-spam filters and of email sender identity spoofing in getting higher response rates,” says Mark Levitt, program vice president for IDC's Collaborative Computing and Enterprise Workplace Research. IDC estimates that the size of business email volumes sent annually worldwide in 2007 was close to five exabytes, nearly doubling the amount over the past two years.

Says Niraj Kaushik, country manager, Trend Micro, India and Saarc, “Spam has rapidly changed from a mere nuisance to a major security threat and financial drain for organizations worldwide, as they attempt to stem the flood of unsolicited bulk email while ensuring that legitimate correspondence is delivered correctly. Earlier, spam was relatively easy to block through the use of blacklists or basic content filtering techniques. But now, spamming methods have advanced to a point that these technologies are no longer sufficient or cost-effective.”

Security Concerns
The financial costs associated with spam are large and growing by every passing day. Spam leads to loss of employee productivity due to time spent managing their inboxes and junk email folders, requiring employees to delete spam and block senders. What makes things unmanageable for businesses is that a large volume of spam enters the company's networks, thereby choking mail servers and occupying expensive space in email quarantines and storage archives.

Deliberating on the threat spam poses, Niraj Kaushik, country manager, Trend Micro, India and Saarc, says: “The inundation of spam results in reduced bandwidth, slower email delivery, and higher storage costs. To make matters worse, spam is often a mechanism used to carry viruses, malware, and numerous other security threats that can compromise sensitive information, damage the network, and increase cost in terms of network downtimes and repairs to infected systems. Finally, there is the challenge of successfully blocking spam while at the same time avoiding the accidental deletion of valuable business emails.”

Organizations are struggling to manage spam, which is considered one of the major security threats, because of the absence of a comprehensive security strategy. When we speak of spam, it directly impacts the end-point security. In the whole security chain, end-points play a critical role in safeguarding enterprise data. Says Vishal Dhupar, MD, Symantec India: “The need for a well-managed infrastructure, specifically around endpoint security, is a key component of a security strategy. Proper security precautions must be put in place to protect the growing number of endpoints-from servers and PCs to laptops and mobile phones-regularly accessed and utilized by today's highly mobile workforce.”

As the threat landscape has evolved beyond viruses and worms, customers now require a more comprehensive endpoint solution that combines anti-virus, anti-spyware, firewall, intrusion prevention, and device and application control in a way that is more easily manageable. Experts say that given these dynamics, it is not surprising that security strategies have evolved within organizations to become more strategic, more expensive, and more complex.

Security is no longer just an IT function, but touches every aspect of the business. A September 2007 publication by Goldman Sachs states that the top three drivers of enterprise security spend were IT policy compliance, data loss prevention, and endpoint protection. These are significant challenges in themselves and are highly interrelated, as they touch every aspect of the business.

Gone are the days of hacking for “fifteen minutes of fame”. Today, hacking is a professional crime for financial benefits. Reflecting on this, Bhaskar Bakthavatsalu, country manager, Sales, Check Point Software Technologies India and Saarc, says: “The increase of worldwide Internet usage and the 'always-on' connections have actually opened more corridors for security threats. Hackers constantly uncover and exploit network vulnerabilities and don't wait for upgrades. There is always a lag between the availability and installation, and the new protections that the upgrades offer. This is precisely what hackers exploit.”

What's the Solution?
The fundamental issue that enterprises face today is that of unplanned expansion and the so-called good enough fragmented security solution. “Siloed” between departments and absence of a central control is an increasing concern. This has resulted in many chinks in the security infrastructure and is being exploited by unscrupulous elements for financial gains.

To overcome security challenges like spam, a comprehensive security policy is needed which is proactive rather than reactive. Says Bakthavatsalu: “It is vital to ensure that the security strategy is seen as a business enabler not a disabler. It is important to understand that even the smallest of business changes may possibly throw open a wide array of security vulnerabilities for the organization.”

“The increase of worldwide Internet usage and the 'always-on' con-nections has actually opened more corridors for security threats” Bhaskar Bakthavatsalu, country sales manager, Check Point Software Technologies, India and Saarc	“The best approach to pre-venting the major-ity of today's spam from entering an organization is to block it at the perimeter, before it even enters the gateway” Niraj Kaushik, country manager, Trend Micro, India and SAARC	“Security threats manifest in various forms. Some of these threats are easy to tackle while some are getting increasingly difficult to address” Amuleek Bijral, country manager, RSA

When we talk about a proactive security, what it means is that a security strategy in its ambit must encompass all the threat scenarios and should function in a complementary way. Says Rahul Gupta, MD, Xserve India: “Security has to be multi-layered with unified threat management with firewall, intrusion preventions, anti-virus, and content filtering.” Clearly, the panacea lies in an effective strategy, and hence a strategy that is information centric and focuses on the risks involved would be very effective in addressing various threats that any organization faces today. For effective implementation of this strategy, it also needs to be repeatable.

Says Bakthavatsalu: “For any enterprise, it is pertinent to have synergetic value between its business and security strategies. To avoid discord between these strategies, the head of information security needs to keep up with different strategies of the organization and its various departments. Any major changes to the security strategy need to have a top down approach with support from all key stakeholders and needs to be communicated across the enterprise.”

The impact of spam is multi-dimensional. It cannot be treated in isolation and it needs to be enmeshed with the security policy. Based on the threat perception and the levels of protection, enterprises need to go in for solutions that best work for them. A lot of user education also goes in creating a spam free enterprise.

Shrikanth G
shrikanthg@cybermedia.co.in