Secure Content Management: Rebuilding the Foundation of  Enterprise Security

Brian E. Burke

July 2003

IDC OPINION

Secure Content Management (SCM) is increasingly moving away from a focus on a single type of protection, such as antivirus software, toward a focus on broad protection against a wide range of emerging threats to enterprise content. Although antivirus software remains the foundation of enterprise security, emerging content security threats are forcing organizations to approach content security with multiple layers of protection. Concerns about spam, employee productivity, legal liability, and regulatory compliance are driving the need to scan email, instant messaging (IM), and Web traffic for inappropriate content, misuse of intellectual property, and unsolicited email. To make these tasks viable in large enterprises, customers require a unified way to manage multiple secure content technologies, including antivirus, spam protection, messaging security, and Web filtering.

This paper maps Computer Associates’ eSCM solution against organizations’ needs for Secure Content Management solutions. It seeks to address emerging risks associated with widespread misuse of the Web, IM, peer-to-peer (P2P) networks, and email applications. The paper details the following challenges associated with protecting organizations from an evolving array of threats to secure content. Management of multiple content risks must be balanced against the expense of increased IT management overhead. With IT staffing always a limited resource, enterprises look to make management of security products as simple as possible. By integrating the products at the client, consolidating IT administration with a single user interface and a common console, and delegating some management tasks to users, new SCM products reduce the strain on IT departments and help reduce overhead.

New viruses continue to employ blended threat techniques, exploiting multiple weaknesses and attacking through multiple methods (e.g., email, file transfers, and Web browsers). This forces organizations to purchase additional layers of antivirus and content security products that must be deployed across the enterprise to be effective.

Legal liability risks around employee file sharing (e.g., downloading copyrighted music and full-length movies) on corporate hard drives is drawing the attention of top-level executives. The Recording Industry Association of America (RIAA), the Motion Picture Association of America (MPAA), and other groups recently warned CEOs of Fortune 1000 companies that their corporations will be held liable for breaking copyright laws if employees use company networks to download, store, or distribute music or movies illegally.

Spam is no longer just a nuisance; it is quickly becoming both a potential legal liability and a major productivity drain for corporate IT departments and corporate users alike. More than 40% of the respondents to IDC’s email retention survey, which recently surveyed 557 North American organizations, indicated that the number of spam emails received during an average day has risen 50.100% compared with the number they had received 12 months earlier. Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com 2 #3772 ©2003 IDC

IM has entered the corporate world and has brought with it another layer of security concerns. Corporations that permit employees to run unsecured IM applications are putting enterprise systems at risk of virus infection, legal liability, and violation of privacy regulations. Moreover, IM applications can provide attack points for hackers seeking to gain entry into corporate systems by tunneling through firewalls.

Corporate concerns with compliance with privacy regulations (e.g., Health Insurance Portability and Accountability Act of 1996 [HIPAA], Gramm-Leach- Bliley Act [GLBA], and Securities and Exchange Commission [SEC]) continue to fuel the explosive growth of content filtering and messaging security. As the use of email and IM increases, the need for solutions to secure, monitor, archive, and retrieve communications has become imperative for healthcare and financial services firms. Other industries, while not always as tightly regulated, are facing a growing array of new regulations in the United States and in other nations.

METHODOLOGY

IDC developed this White Paper using a combination of existing market forecasts and direct, in-depth primary research. To gain insights into the challenges facing enterprises and to learn more about how the CA eSCM solution helps address these challenges, IDC reviewed in-depth interviews it had conducted with IT executives at companies in several industry sectors. These organizations operate in healthcare, financial services, public services, manufacturing, and hospitality. In addition, IDC met with the CA team to review its goals and tactics. This report reflects all of these research perspectives.

THE CA SOLUTION: eTRUST SECURE  CONTENT MANAGEMENT

CORPORATE OVERVIEW

Computer Associates International Inc. (CA), one of the world’s largest software companies, delivers software and services that enable organizations to manage their IT environments. Focus areas include network and systems management, storage and security management, portal and business intelligence, and application life cycle management. Founded in 1976, CA is headquartered in Islandia, New York, and operates in more than 100 countries. CA’s core strength lies in its expertise in systems, network, and security management as well as its long history in the antivirus market. CA’s eTrust Secure Content Management builds upon the preventative capabilities of antivirus software and integrates with eTrust Security Command Center for security management.

eTrust Secure Content Management

eTrust Secure Content Management is built on the foundation of CA’s antivirus business and addresses the evolution of the threat environment that requires a more comprehensive view and a larger set of solutions (see Figure 1). eTrust Secure Content Management utilizes an adaptive approach that is built around:

! Antivirus. CA offers antivirus double protection by using two separate virus scanning engines built into the product, designed to catch more threats than a single scan engine. This allows for a much higher degree of accuracy in detecting both known and unknown threats.

! Email and content security. CA uses keyword identification to safeguard against the transmission of proprietary information via email. The keyword filter can also be used to enforce compliance with privacy regulations (e.g., HIPAA, GLBA, and SEC) by scanning messages for words or phrases that may contain private information. In addition, the filter can minimize legal liability risks by blocking offensive emails from leaving or entering the organization.

! Spam filtering. With CA’s spam filter, individual users are able to define what they consider to be spam. This allows for a much higher degree of accuracy in blocking spam and reduces the chance of false positives by allowing the user to define what he or she considers spam. This type of self-administration helps offload spam management tasks from overburdened IT departments to users.

! Web security. CA’s Web security can help organization increase employee productivity, reduce legal liability, and maximize corporate resources by preventing misuse of Web surfing by corporate users. By using a comprehensive filter of URLs, CA can prevent users from visiting inappropriate Web sites, downloading music and video files, and other types of non-business-related Web activities.

! Malicious code. CA offers proactive identification to block malicious code from entering the organization. With an ever-escalating number of employees accessing the Internet to perform their everyday business activities, virus writers are increasingly targeting Java and ActiveX code in Web sites as another means of distribution. CA’s malicious code detection provides an added layer of security that addresses the growing mobile code threats.

FIGURE 1

SECURE CONTENT MANAGEMENT COMPONENTS

Source: IDC, 2003

CHALLENGES/OPPORTUNITIES

With eTrust Secure Content Management, CA is making a bold move in tackling the complex challenges inherent in content security. The customers IDC spoke with agree and are eager to gain more centralized control with Secure Content Management. They want centralized control over intellectual property and confidential data, such as product plans and discount schedules, whether the information is warehoused in the corporate database or on an employee’s mobile device. Corporate IT departments want corporate-wide enforcement of data usage policies so that unauthorized or inadvertent releases of confidential information are reduced or eliminated. We believe that CA’s strength in management products (network, systems, and security) brings integrated administration to the SCM space at a critical time when the challenges of securing content are threatening to overwhelm many IT departments. eSCM is a valuable solution for many customers that need a unified environment to reduce the complexity of purchasing, installing, and managing this challenging environment.

To meet future customer demands, CA’s eSCM solution must be not only complete but also non-intrusive. Customers believe that by combining content management and security they can address the business aspects of the problem and improve end-point security compliance with a largely user-transparent implementation. In this respect, IDC believes CA must develop a unified management console for the eTrust Secure Content Management solution. Moreover, customers will expect tight integration between Secure Content Management and remote access solutions, especially clientless or SSL VPN. An integrated Secure Content Management solution would check the security of the client before allowing access to the VPN. IT managers realize that "trusted" users gaining access through fully authenticated VPN connections represent a potential new source of worms, Trojans, and other malicious code.

While these concerns may look like daunting challenges for CA’s eTrust Secure Content Management, we believe that most of the essential capabilities are currently under development by CA. We fully expect that CA’s solutions in this area will meet or exceed most customers’ expectations.

CONCLUSION

Management is essential to helping secure content and users’ end-point systems. It also addresses the lose-lose situation that many IT organizations face as they see the rising onslaught of new content-oriented threats. Strong management can make it easier for IT departments to secure content against emerging new threats while not interfering with ongoing business.

A unified approach is needed to deal with this situation. Antivirus software works well to block viruses. However, the increased complexity of threats, including hybrid viruses and spam, requires a new security approach. Content security is much more complex, focusing on "what" information is being sent to "which" Web site/email address. A strong policy engine that is centrally managed and efficiently distributed to remote sites and users is essential to returning control to the IT organization. CA’s eSCM solution provides the framework for an enterprise-wide integrated solution. It builds the company’s antivirus foundation and addresses evolving threat environment. Moreover, Computer Associates’ core strength is in systems, network, and security management. This alliance of deep IT management knowledge with secure content control is a robust combination of business priorities with intelligent security management. In eSCM, CA leverages its management expertise to provide a valuable, integrated, enterprise-wide SCM solution that customers should investigate. Overall, IDC believes CA’s eSCM is well positioned to serve the broad base of market demand for an integrated content security solution.