MessageGate Identifies Regulatory Perfect Storm

MessageGate, Inc., a leader in enterprise email controls for corporate risk management, recently released market insights that reveal the need for tighter control of corporate email profiles due to increased compliance enforcement in heavily regulated industries such as financial services, utilities and healthcare. Growing regulation combined with information privacy concerns, e-discovery and constant collaboration with external constituents creates what MessageGate terms the "Regulatory Perfect Storm."

"In light of the current financial crisis and ongoing legislation involving Electronically Stored Information (ESI), organizations should be prepared for increased regulation and governance," said Brian Babineau, Senior Analyst with Enterprise Strategy Group (ESG). "To improve disclosures and safeguard against potential regulatory violations within enterprise email traffic, companies need to integrate IT, compliance, HR and legal departments into a cohesive team to implement an ongoing proactive strategic approach to regulatory risk management."

According to research collected during MessageGate Activity Profile (MAP) customer audits, current regulations including SEC Rule 17a-4, SOX, FERC and HIPAA, in addition to amendments to the Federal Rules of Civil Procedure (FRCP) pose an increased risk of violation to organizations lacking the necessary policy controls. With regulatory and e-discovery deadlines in full effect, organizations of all sizes are pressed to implement a proactive approach based on cost-effective email retention and archiving policies that can be consistently enforced.

"Simply reporting email behavior is no longer sufficient. Organizations must implement strict and consistent email controls in order to meet compliance mandates head-on," said Norbert Orth, president and CEO for MessageGate. "By actively managing the risk of future violations through email controls that incorporate active security policies in real-time, companies can effectively build a shelter against the storm through a preventative stance on email risk management."

The following steps help organizations address the Regulatory Perfect Storm by creating a true culture of compliance without additional expense in time or business interruption:

• Manage intentional and unintentional employee misuse: While neither SOX nor the SEC's implementing regulations impose specific requirements for email security, or IT security in general, the frameworks commonly used for assessing internal controls are still applicable to email. The instant and casual nature of email poses a risk for all organizations. To secure casual conversations and avoid routine routing of inappropriate emails to compliance departments, consider email controls as a low-cost insurance and a critical component to preventing information from unauthorized use, disclosure or modification.
• Practice smart archiving: Many companies try to retain all emails, but the huge and growing volume of email impacts storage budgets and resources. With SEC Rule 17a-4, securities firms must retain their electronic documents, including email, for five years and ensure that it is readily retrievable and reviewable in a short turnaround time. When email is requested by a regulatory body, the retrieval time is immediate, usually within the next 24 hours. By applying real-time analysis through consistent email archiving controls before messages enter the archive, companies can avoid costly e-discovery litigation fines.
• Create email controls and policies that can intercept at-risk emails: Under HIPAA, Companies must maintain administrative, technical and physical safeguards to prevent intentional or unintentional disclosure of Protected Health Information (PHI). In order to maintain complete audit trails for any data leaving the company, look for a flexible policy engine that enables proactive management of information flow while mitigating insider threats, all in real-time.
• Audit and profile email usage in real time: To safeguard against any potential email risks, build custom policies that look for specific criteria in email attachments, including file formats and usage patterns. For example, FRCP requires the speedy recovery of electronically stored information which is only possible with rapid search and retrieval capabilities, as well as the ability to audit operations. IT should have the ability to review emails and implement actions based on group affiliation, policies, as well as email and attachment content and context in real-time within the live email stream.
• Provide real-time blocking and re-routing of outbound emails: Companies need a solution that can stop the risk of incident at ingestion of the email and provides IT with the ability to review and monitor emails within the live email stream through a network implementation. For utilities companies to meet FERC requirements, a proactive email risk management approach is required in order to block and prevent restricted information contained within email from ever reaching restricted individuals based on group designations, or the parameters of content in the message or attachment.

MessageGate facilitates enterprise email risk management through email controls that incorporate active security and archive policies. The company promotes proper email use through activity profiles, archive categorization, policy enforcement and user education.

About MessageGate
With a simple and practical approach, MessageGate provides software and services for enterprise email controls to leading companies worldwide. From product to architecture, MessageGate makes a company's experience with email management both simple and secure. Helping companies cope with threats, improve archival and retrieval activities, and ensure proper usage across a variety of industries, MessageGate's offerings include MessageGate® Activity Profile (MAP), MessageGate® Policy Enforcement, MessageGate® Archive Categorization, and MessageGate® Email Filtering. For more information, visit www.messagegate.com.

SOURCE: MessageGate, Inc.