Proofpoint: Security, Compliance and the Cloud

Proofpoint exhibited recently at the 2010 Infosecurity Europe show, held in London, and as we did at the 2010 RSA conference, we conducted an electronic survey about email trends that 140 attendees (81% of them with IT, security or messaging titles and the balance with analyst/legal/compliance or non-IT titles) took the time to fill out.

Among the findings:

43% of respondents said they are "very concerned" about inadvertent leakage of private or personal information from their organizations via email. Fully half said they are "somewhat concerned" about this issue. Just 7% claim that they are "not concerned" about these sorts of data leaks.

That concern is well justified since nearly two-thirds (64%) of respondents said that their organizations are subject to data protection regulations that require certain types of email to be encrypted or handled with particular care, because the contain private or confidential email. Only 25% said their organizations were not subject to such data protection regulations.

In this short video, several attendees discuss the various regulations (such as the UK's Data Protection Act, PCI-DSS, etc.) that apply to their company's use of email:
 

The trend toward increasing the security around private data is something we've reported on quite frequently here in the blog and the growing awareness of data loss issues is reflected in some of our other survey findings. For example, 94% of respondents who have a corporate laptop said that it was password protected and more than half (58%) said that their corporate laptop used full disk encryption.

In addition, nearly half of respondents (49%) said their organization had already deployed an email encryption solution. Another 21% said that their organization intends to deploy an email encryption solution in the future.

On the topic of inbound email security, 40% of respondents said their organizations had been the target a "spear phishing" attack in the past 12 months. That is, they were targeted by a phishing email designed specifically to compromise their own email users. (Our survey from RSA, where most respondents were US-based, found that nearly half of respondents believed their organizations had been the target of spear phishing attack in the last 12 months.)

35% of respondents said that effectiveness and accuracy is the most important factor when selecting an email security solution, while 26% cited cost. 20% said that "ease of administration" was the most important factor. 8% cited available deployment method (e.g., SaaS vs. appliance) and 4% cited vendor brand/reputation as the most important decision factor when selecting an email security solution.

Survey respondents were also asked about their top email annoyances. It's probably no surprise that spam and phishing emails that get through the organization's spam filter were the top two annoyances (48% and 21%, respectively). But certain types of legitimate email were most annoying for some of our survey respondents:

• 17% find legitimate email newsletters/marketing emails that are sent too frequently their top email annoyance.
• 9% find legitimate emails from coworkers or business contacts "that I just don't have time to answer" as most annoying. (As I mentioned in my post on RSA survey findings, I still fall into this camp!)
• Just 2% find social media notifications and other types of legitimate, but non-essential, emails as most annoying.

In the following video, attendees on the Infosecurity Europe show floor discuss their top email annoyances: