Re: [ISN] Big companies employing snoopers for staff email

From: InfoSec News (isn@private)
Date: Fri Jul 23 2004 - 07:34:55 PDT

Forwarded from: matthew patton <pattonme@private>

--- InfoSec News <isn@private> wrote:
> By Jo Best 
> July 19 2004 
> Large companies are now so concerned about the contents of the
> electronic communications leaving their offices that they're
> employing staff to read employees' outgoing emails.
> According to research from Forrester Consulting, 44 per cent of
> large corporations in the US now pay someone to monitor and snoop on
> what's in the company's outgoing mail, with 48 per cent actually
> regularly auditing email content.

Yet information can readily leak through floppies, cdrom's, ftp,
https, or the 'simple' act of outsourcing laptop and desktop support.
If monitoring email were so critical to preventing information
disclosure, where and how do we categorize tens of billion dollar
international companies in say financials or pharacuticals that don't
protect against connection hopping, use telnet and X11 in the clear,
build production and DMZ unix hosts with full development (compilers,
you name it) distributions, send their laptops off to the likes of
Dell with all corporate product, sales, and other proprietary data
still on them and likewise grant these same 3rd parties significant
network access to replicate message stores, add the laptop computer to
the corporate Active Directory domain, load cryptographic identities
and so forth?

I'm all for balancing business needs against network security but does
this strike anyone else as just a little bit unbalanced?

Help InfoSec News with a donation:

This archive was generated by hypermail 2.1.3 : Fri Jul 23 2004 - 09:52:21 PDT