An effective information security program also needs specific policies and procedures in place to assist with managing information risks on an ongoing basis. Once these policies and procedures have been defined, technology should provide automated implementation, enablement and enforcement of them.

Obviously, no single email security component can be used to secure all information; a solid information security infrastructure must consist of a combination of several technologies:

• Firewalls and intrusion prevention systems accept or deny traffic into and out of networks.
• Encryption ensures data integrity and confidentiality during transport across Internet.
• Content filtering monitors conversations traveling into and out of network, scanning for terms that could indicate a violation of regulatory or corporate policy.
• Attachment filtering provides inspection of files sent within email messages to ensure that no confidential data is transmitted without proper safeguards in place.

IronMail: The Compliance Appliance The award-winning IronMail email security appliance from CipherTrust is widely recognized as benchmark by which all others are measured. IronMail’s Compliance Control allows organizations to set customize policies to easily and automatically manage non-compliant messages as soon as they are detected. Because Compliance Control is policy-driven, most functions are automated, with exceptions handled directly by a decision-maker such as compliance officer, rather than by an intermediary such as a network administrator interpreting rules made by another party. In addition, powerful reporting and monitoring tools give executives and administrators access to real-time information pertaining to non-compliant email messages.

To learn more about IronMail’s Compliance Control and how it can help your organization comply with stringent GLBA legislation, download CipherTrust’s free whitepaper, "IronMail Compliance Control: Contributing to Corporate Regulatory Compliance".

An effective email security solution must address all aspects of controlling access to electronically stored company financial information. This includes access during transport as well as access to static information resident at company or on a remote site or machine. Given wide functionality of email, as well as broad spectrum of threats that face email systems, ensuring appropriate information access control for all of these points requires:

• A capable policy enforcement mechanism to set rules in accordance with each company’s systems of internal controls;
• Encryption capabilities to ensure privacy and confidentiality through secure and authenticated transport and delivery of email messages;
• Secure remote access to enable remote access for authorized users while preventing access from unauthorized users;
• Anti-spam and anti-phishing technology to prevent malicious code from entering a machine and to prevent private information from being provided to unauthorized parties

For years, corporations addressed their various email security needs through a mixture of third-party software “solutions” designed to address specific areas of vulnerability. Today, however, this approach is ineffective. New amorphous threats adapt to even latest security technology, helping hackers and spammers stay a step ahead of most stand-alone protective measures. System administrators remain in a reactionary mode, waiting for next attack and hoping their mixed bag of security software is up to test. The new challenges posed to email security demand a new approach that protects enterprises from all types of malicious attacks. Enter CipherTrust’s IronMail.

IronMail and Sarbanes-Oxley IronMail has been created to protect organizations from both known and unknown email security attacks. IronMail offers automatic or manual updates to protect against both known and newly discovered email security threats and vulnerabilities, and comprehensive messaging security provided by IronMail assists organizations in key areas of maintaining effective internal controls. Specific financial information threats and vulnerabilities protected by IronMail include:

• Viruses, worms, and other malicious code
• Internal users and external hackers attacking email systems
• System failures from malicious attacks that can lead to subsequent legal liabilities
• Unintentional or malicious information access or exposure

IronMail provides a comprehensive solution to Sarbanes-Oxley information integrity requirements as they relate to protecting corporate financial information that is transmitted and stored via email. Everything from message privacy/encryption to email firewall and intrusion protection to content filtering is included in IronMail solution.

Take Next Step Learn more about how IronMail helps organizations ensure Sarbanes-Oxley compliance by visiting www.ciphertrust.com or requesting CipherTrust’s free whitepaper, “Contributing to Sarbanes-Oxley Compliance with IronMail”.