We issued a press release today (see, "Bank of China New York Deploys Proofpoint to Solve Spam, Data Loss Prevention and Email Encryption Challenges in Days") about Proofpoint customer Bank of China New York Branch's use of Proofpoint for anti-spam, anti-virus and email encryption.

Bank of China New York (http://www.bocusa.com), the US branch of the world's fifth largest bank, uses Proofpoint to block incoming spam and viruses, prevent exposure of private information and encrypt sensitive outbound emails to achieve compliance with data privacy regulations including the Gramm-Leach-Bliley Act (GLBA).

Last week, I was at Proofpoint's East Coast "Inner Circle" customer event and I had a chance to sit down with Kostas Georgakopoulos, Director of Information Security at Bank of China's US branch and talk with him about how the bank is using Proofpoint. You can view the resulting video embedded in this post.

Writer Penny Crosman at Bank Systems & Technology also spoke with Kostas last week and her article, Bank of China Steps Up Email Securityis also out today. In the article, Kostas says:

"Like other financial institutions, we're targeted by spammers and people who send us spearing attacks... Our concern is to protect the integrity of our data, our customers' confidential information, and the availability of our systems... We needed something that would scale, that would provide additional capabilities, for example to help us meet regulatory concerns such as Gramm Leach Bliley."

If your organization faces similar data protection and regulatory compliance challenges, you'll probably be interested in the Proofpoint whitepaper, Protecting Enterprise Data with Proofpoint Encryption, which you can register to download here:

http://www.proofpoint.com/emailencryption

I shot quite a few more Proofpoint customer videos at last week's event (and hope to this week at our West Coast "Inner Circle" meeting), so stay tuned for more.

As you might already know, Proofpoint exhibited last week at the RSA Conference 2010 in San Francisco. As part of our exhibit (see photo at left), we conducted an electronic survey about email trends that more than 120 booth visitors kindly took the time to fill out.

Today we announced the results of that survey (see "Proofpoint Reports Findings of Email Security Trends Survey Conducted at RSA Conference 2010" for the full release).

Among the findings:

48% of respondents said their organizations had been the target a "spear phishing" attack. That is, they were targeted by a phishing email designed specifically to compromise their own email users.

59% of respondents said that their organizations have deployed an email encryption solution. An additional 19% intend to deploy such a solution in the future (most in the next 12 months).

43% of respondents said that effectiveness and accuracy is the most important factor when selecting an email security solution, while 20% said that "ease of administration" was the most important factor. 16% cited cost, 11% cited available deployment method (e.g., SaaS vs. appliance) and 6% cited vendor brand/reputation as the most important decision factor when selecting an email security solution.

Survey respondents were also asked about their top email annoyances. It's probably no surprise that spam and phishing emails that get through the organization's spam filter were the top two annoyances (39% and 27%, respectively). But certain types of legitimate email were most annoying for some of our survey respondents:

• 15% find legitimate email newsletters/marketing emails that are sent too frequently their top email annoyance.
• 10% find legitimate emails from coworkers or business contacts "that I just don't have time to answer" as most annoying. (Personally, I would fall into this camp!)
• 7% find social media notifications and other types of legitimate, but non-essential, emails as most annoying.

You can read our complete press release on the survey here.

RSA 2010 was a great show for us with a lot of customers and more than 1000 interested attendees who dropped by the booth. Thanks to everyone who took the time to stop by our booth! As promised, I do have a few video interviews coming soon to the blog. Stay tuned...

According to a new article out today at Inc. Magazine (see, "Would You Suspend an Employee Over a Status Update?"), an associate professor of sociology at Est Stroudsburg University (Pennsylvania) has been put on indefinite paid leave for posting Facebook status updates that the university is investigating as potentially threatening.

The posts in question from January and February of this year - which reportedly read "Does anyone know where I can find a very discrete hitman?" and "Had a good day today. DIDN'T want to kill even one student. Now Friday was a different story." - set off alarm bells for university officials. Inc. reports that the university does not have a social media monitoring policy, but a spokesperson said, "Given the climate of security concerns in academia, the university has an obligation to take all threats seriously and act accordingly."

As is common in article of this type these days, the Inc. story quotes Proofpoint's statistics about social media monitoring and related risks (download a copy of our complete DLP statistics here), saying:

Type "Facebook" and "fired" into any search engine and you'll get an ever-growing list of people who've stuck a foot into the wide-open mouth that is Facebook – and it's cost them dearly. A 2009 study by Proofpoint, an Internet security firm, found that 17 percent of companies report having issues with employees' use of social media, and 8 percent have actually dismissed someone for their behavior on those sites. In the previous year's study, just 4 percent were fired for their social media sins.

A giant thank you to all of the Proofpoint Email Security Blog readers who took the time to vote in SC Magazine's blog awards! We've been named "Best Corporate Security Blog" in the SC Magazine Awards 2010!

Been too busy at the RSA Conference to do much blogging yet this week, but look for a few new videos we taped at the show that we'll be posting over the next couple of days.

And if you're at RSA Conference 2010, please take a moment to visit the Proofpoint booth (#1132) and take our email security survey!

Today, in an announcement issued from our booth at RSA (#1132), Proofpoint introduced the latest update to our SaaS email security and data loss prevention platform, Proofpoint 6.1.

New features in Proofpoint 6.1 include support for mutli-protocol (HTTP, HTTPS) data loss prevention, a new data loss prevention dashboard (pictured at left - click for a larger image), encryption enhancements including an Outlook plug-in for the Proofpoint Encryption solution and a variety of other security and performance enhancements.

You can check out the full press release, which has a lot more detail, here:

Press Release:

Proofpoint Updates its Next-Generation Email Security and Privacy Platform
with Powerful Data Loss Prevention and Encryption Enhancements,
Available for SaaS or Appliance Deployment

The cavalcade of press coverage coming out of this year's RSA Conference is just starting to appear. One of the things that happened today was a meeting of the Cloud Security Alliance and InformationWeek's George Hulme has a great summary of two interesting initiatives coming out of that meeting.

In his article, "RSA: Toward a Trusted Cloud," Hulme describes the new Trusted Cloud Initiative and CloudAudit.

Hulme says, "I see both the Trusted Cloud Initiative and CloudAudit as an inflection point in the cloud security discussion. The industry is now moving beyond vague discussions and arguments surrounding the many security and regulatory compliance problems that arise from cloud computing – to taking concrete steps to address them."

The whole article is worth a read if you're interested in security issues around cloud computing and SaaS.