E-Mail 'Biggest' Security Risk, Microsoft Says

  • By Jabulani Leffall
  • 11/12/09

An organization's security has a lot to do with its e-mail system, a top security manager at Microsoft suggested.

"Messaging is fraught with a lot of challenges," said J.G. Chirapurath, Microsoft's senior director for identity and security, in a phone interview. "It comes down to the integrity of the information and who is seeing it. It's all about secure messaging because when you examine the world we live in, e-mail really is the biggest attack vector, as well as the biggest leak vector."

Microsoft's big news Monday was the release of Exchange 2010. However, the company simultaneously released a security solution for the new e-mail server called Forefront Protection 2010 for Exchange. Forefront is Microsoft's general brand for a family of enterprise software security products.

Microsoft representatives have been saying that Forefront Protection 2010 for Exchange offers faster malware detection rates, even while it uses multiple antimalware engines simultaneously. In addition, they claim that spam protection is at 99 percent, with about one spam message per 250,000 getting through.

Microsoft's literature suggests that the solution can provide protection anywhere through "identity aware security." IT pros can adjust security levels based on access assignments and system parameters. In addition, the product's management system can help identify critical process owners and implement security measures accordingly.

The focus on enterprise-level security for Exchange has a lot to do with the threat landscape, which has been changing.

"The attacks on the OS are devolving, and [attacks] now happen at the application or workload layers," Chirapurath explained. "So the old paradigms of security and old ways of security need to evolve. Deep integration with Exchange is important, and this is integrated with a platform."

And when it comes to e-mail, everyone is subject to attacks--even Microsoft employees.

"I carry a laptop and compute within Microsoft where I know I'm protected," Chirapurath said. "But a lot of the time, I also go sit in a coffee shop and view confidential information; use someone else's network. I open attachments from outside. I use mobile devices and I'm not necessarily immune."

Given such scenarios, Chirapurath said, it's important to have a "business-ready security" strategy in place.

About the Author

Jabulani Leffall is a business consultant and an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others. He consulted for Deloitte & Touche LLP and was a business and world affairs commentator on ABC and CNN.

Featured

  • open laptop with data streams

    OpenAI Launches AI-Powered Web Browser

    OpenAI has unveiled ChatGPT Atlas, a standalone browser that places ChatGPT at the heart of everyday web activity. This release represents a major expansion of the company's efforts to reshape how users search, browse, and complete tasks online.

  • woman using network-connected printer

    The Hidden Cyber Risk in Schools

    Printers may not be glamorous, but they are an often-overlooked attack vector that should be part of every district's cybersecurity strategy.

  • tutor and student working together at a laptop

    You've Paid for Tutoring. Here's How to Make Sure It Works.

    As districts and states nationwide invest in tutoring, it remains one of the best tools in our educational toolkit, yielding positive impacts on student learning at scale. But to maximize return on investment, both financially and academically, we must focus on improving implementation.

  • mathematical formulas

    McGraw Hill Launches AI-Powered ALEKS for Calculus

    McGraw Hill has added ALEKS for Calculus to its lineup of ALEKS digital learning products, bringing AI-powered personalized learning support to the calculus classroom.