Today we released the latest edition of our Outbound Email and Data Loss Prevention in Today's Enterprise report, now in its seventh year. As always, this report contains a huge number of interesting findings. Check out the video preview, above, for just a few of the top findings. This year, IT decision makers from 261 large US enterprises (all with 1000 or more employees) responded to our survey, conducted with the help of Osterman Research.
You can find more highlighted findings about how large enterprises manage data loss risks in our press release. Better yet, download the complete report, by visiting http://www.proofpoint.com/outbound.
I'll be blogging more about this throughout the week, but here are just a few of the most interesting findings:
Proofpoint found that, despite a growing awareness of data loss risks, large enterprises continue to be impacted by data loss at a surprising rate:
36% of respondents said their organization was impacted by the exposure of sensitive or embarrassing information in the past 12 months.
31% of respondents said their organization was impacted by the improper exposure or theft of customer information in the past 12 months.
29% of respondents said their organization was impacted by the improper exposure or theft of intellectual property in the past 12 months.
Enterprise concerns and data loss events from social media continued to rise in the past 12 months:
Social Networking Sites (such as Facebook and LinkedIn): 20% of companies investigated the exposure of confidential, sensitive or private information via a post to a social networking site. 7% of companies terminated an employee for social networking policy violations. Twenty percent disciplined an employee for such violations. 53% are highly concerned about the risk of information leakage via social networking sites. 53% explicitly prohibit the use of Facebook, while 31% explicitly prohibit use of LinkedIn.
Blog and Message Board Postings: 25% of companies investigated the exposure of confidential, sensitive or private information via a blog or message board posting. 11% of companies terminated an employee for blog or message board posting policy violations. 54% are highly concerned about the risk of information leakage via blogs and message boards.
SMS and Web-Based Short Messaging Services (such as Twitter): 17% of companies investigated the exposure of confidential, sensitive or private information via one of these services. 51% are highly concerned about the risk of information leakage. 49% explicitly prohibit the use of Twitter.
Media Sharing Sites (e.g., YouTube, Vimeo): 18% of companies investigated the exposure of confidential, sensitive or private information via shared video or audio m5edia. 9% of companies terminated an employee for media sharing/posting policy violations. 21 disciplined an employee for such violations. 52% are highly concerned about the risk of information leakage. 53% explicitly prohibit the use of media-sharing sites.
Financial services firm National Financial Partners has been a long-time user of Proofpoint's SaaS email archiving solution and, more recently, also deployed Proofpoint's SaaS solutions for inbound and outbound email security.
Dán Salomon, NFP's Senior Vice President of Technology, kindly took the time to speak with me about how his organization uses Proofpoint's SaaS solutions and why he feels that performing email archiving and email security functions "in the cloud" is more secure than taking an on-premesis approach. Beyond the cost advantages of SaaS, Dán explains the other business drivers for adopting Software-as-a-Service in this video (recorded on location at Proofpoint's 2010 "Inner Circle" customer event in New York).
My thanks to Dán and NFP for his willingness to discuss his approach and for allowing us to share this interview here!
As part of our launch this week of a major update to Proofpoint Enterprise Archive, our SaaS email archiving solution, Proofpoint has licensed a great new report from analyst firm Gartner. According to this report:
"Organizations are drowning in e-mail and often find it difficult to get the problem under control. Very few companies have a comprehensive and well-enforced e-mail retention program which determines what messages are kept and for how long.
A message retention program, however, is becoming a business necessity as organizations struggle to comply with external regulatory requirements, internal records management needs, demands for e-mail discovery to support litigation efforts and demands from users for preservation of legitimate business messages."
We're excited to announce a new update to Proofpoint Enterprise Archive, our SaaS email archiving solution today, along with several new email archiving resources.
Pictured at left is our updated datasheet about Proofpoint Enterprise Archive, which has been enhanced with information about the latest features. (You can click the image to snag a PDF copy.)
The new version adds full support for Microsoft Exchange Server 2010, including support for Outlook Web Access, access to stubbed attachments and advanced search capabilities.
It also supports organizations that are migrating from earlier versions of Exchange—or that have complex email environments—because it's compatible with environments that use multiple Microsoft Exchange server versions including 2003, 2007 and 2010.
One of the primary benefits of Proofpoint Enterprise Archive is that it helps reduce legal discovery risks and costs. By providing a secure, searchable repository of all email messages, Proofpoint's email archiving solution makes it easy to perform early case assessments, instantly preserve data in active legal holds and enforce email retention policies.
“eDiscovery is critical to our firm, as attorneys must be able to store and search email records quickly during the legal hold stage at the beginning of the litigation process,” says Proofpoint customer Steven Heller, director of technology for law firm Graubard Miller (for more on the benefits Steven and his firm have realized, see this previous blog post). “We continue to trust Proofpoint for our archiving needs and are thrilled with its ability to generate search results in near-real time. New legal hold features will empower our team to track and identify key information faster and easier than ever before.”
The new release includes a variety of enhancements to help streamline the eDiscovery process:
Proofpoint Enterprise Archive’s active legal hold capabilities allow attorneys and staff to instantly preserve data in legal holds, in contrast to inefficient, manual, methods that are difficult to track and audit and increase legal risks of data spoliation.
Enhanced eDiscovery capabilities make it easier for legal teams to search data in near real-time to prepare for HR, regulatory or litigation issues. Proofpoint Enterprise Archive now supports data export to EDRM XML, a standard format used in the legal industry to simplify the movement of archived data to other legal analysis tools. New search capabilities also benefit end-users who can more easily perform complex searches of their own archived email.
Proofpoint Enterprise Archive includes compliance and supervision features for industry-specific rules and regulations such as FINRA, GLBA and HIPAA, as well as SEC policies for email storage. For organizations with supervisory compliance requirements (such as compliance with FINRA rules) Proofpoint Enterprise Archive now makes it easier to handle larger groups of supervised users, perform supervision searches and randomly sample data for auditing purposes. An enhanced supervision workflow allows records managers and compliance officers to more easily manage multiple supervision queues.
You can learn more about the solution in our complete press release... And see my next blog post for the link to a new Gartner report on email archiving strategies...
In a press release issued today, Proofpoint recapped quarterly results from Q2 2010, announcing 7 years (28 consecutive quarters) of increasing quarterly revenue. As we've seen in previous quarters, data privacy and regulatory compliance concerns were an important driver for new business once again.
Proofpoint CEO Gary Steele said that, “There are four key issues driving enterprise IT security spend right now—an increasingly sophisticated spam and malware threat landscape, urgency around protecting consumer and data privacy, pressure to address electronic discovery issues and a realization that SaaS can greatly reduce security and compliance costs. Proofpoint’s solutions are ideally suited to meeting these needs.”
Regular readers of this blog will recognize that the trend toward more strict data protection regulations and increasing eDiscovery needs isn't particularly new. However, one very interesting new trend reported in Proofpoint's latest release is that the Federal market for SaaS solutions is definitely heating up.
One new deal mentioned in the press release is the adoption of Proofpoint's SaaS email archiving solution by a large US Federal agency for an initial 6000 mailboxes with plans to eventually roll the solution out to archive email for more than 70,000 of the agency's employees.
Commenting on the deal, Steele says, “To date, Federal agencies have been extremely cautious about adoption of SaaS solutions and this deployment of Proofpoint Archive will be among the first and largest SaaS deployment—of any kind—in the Federal market. The selection of Proofpoint is a strong validation of the unique security, reliability and scalability features of our SaaS architecture and applications.”
There's been quite a bit of news coverage recently about Federal adoption of cloud computing-based solutions—for example, the ongoing battle between Google and Microsoft to provide email hosting services for 15,000 employees at the GSA (see, "Google cloud-computing applications get certification for federal government use," in Sunday's Washington Post for just one example).
"Over the years, Proofpoint has gained strong momentum in the public sector, protecting more than one million government email inboxes including many federal civilian agencies, department of defense organizations such as the US Coast Guard, and the intelligence community. By achieving important information assurance certifications such as NIAP’s Common Criteria EAL2+ and NIST FIPS 140-2, Proofpoint is trusted to protect mission-critical applications and mitigate risk through its email security, archiving and data loss prevention solutions. "
Of course, it's not just the Federal government market that's moving to SaaS: Enterprises in the private sector continue to move to SaaS. As just one example, Proofpoint's release notes that the number of messages under management by its SaaS email archiving solution doubled in the past 12 months and that this trend is accelerating.
For more on the trends that drove Proofpoint's revenues to record levels once again, see the full press release:
A couple of recent video interviews featuring Proofpoint execs hit the web recently:
Proofpoint CEO Gary Steele talks with SC Magazine reporter Angela Moscaritolo about recent merger and acquisition activity in the IT security space. Gary talks about the need for security vendors to make their solutions available as SaaS – and the difficulty of building such functionality “from scratch” – as one of the key drivers. You can watch the full video here:
Proofpoint's director of channel marketing, Dave Crilley, discusses the value propositions for IT security solutions "in the cloud" and addresses some of the issues that the reseller channel faces in selling SaaS solutions in this interview with ChannelWeb's senior security editor, Stefanie Hoffman. You can watch the full video here:
[Updated July 6, 2010: Complete multi-part interview is now online.]
Proofpoint CEO Gary Steele (pictured at left) recently spoke with entrepreneurship blogger and Forbes writer, Sramana Mitra at length about his background, Proofpoint's business and trends around email security, SaaS and other topics related to the enterprise markets that Proofpoint serves.
The first part of Mitra's multi-part interview is now posted at sramanamitra.com. In segment one of "Rolling Up Email Security SaaS," Gary talks about his early background, education and how he made the leap from the engineering world to high-tech marketing to CEO and how he came to join Proofpoint in its pre-funding days.
Read the interview here: "Rolling Up Email Security SaaS, Part 1," Gary Steele in conversation with Sramana Mitra. Even though I know Gary pretty well, I learned a few things about him by reading this and look forward to the rest of the series.
Update 7/6/2010: The rest of this series is now online at Sramana Mitra's site. I've put direct links to all six parts below, along with short notes about the topics covered:
The corporate business division of Swisscom, the leading telecommunications provider in Switzerland, announced today that it has entered the cloud computing / Computing-as-a-Service market with a new family of on-demand IT offerings that include cloud-based computing, storage and email archiving features powered by leading SaaS vendors, including Proofpoint.
Swisscom's Cloud Services (see http://www.swisscom.com/cloud for more information) allow companies to build up their computing and storage capacity at any time, without having to make investments in IT infrastructure or specialized staff. The three main components of Cloud Services are:
Computing-as-a-Service (CaaS), provided in collaboration with Verizon.
Secure Storage, which offers on-demand storage powered by Nirvanix.
Quoted in Proofpoint's press release about the new partnership, Roger Wüthrich-Hasenböhl, head of marketing and sales for Swisscom Corporate Business, said that they chose to partner with Proofpoint because of the security, performance and TCO benefits delivered by Proofpoint ARCHIVE.
“Today’s enterprises are looking to cut costs and improve efficiency without sacrificing quality or security and Swisscom’s customers expect the highest levels of service quality, availability and stability. As a high-security, high-performance, low total-cost-of-ownership solution, Proofpoint’s email archiving product was the perfect fit for our portfolio of cloud-based services,” he says.
In it's own announcement, Swisscom Corporate Business highlighted the litigation/regulatory audit readiness, and security benefits of Proofpoint's solution, noting that it offers, "unlimited scalability and mail data are stored such that they are unalterable and therefore audit-compliant."
Swisscom is the newest channel partner for the Proofpoint ARCHIVE solution, which is also sold through Microsoft Online Services and other Proofpoint channel partners. Proofpoint's CMO, Peter Galvin, noted that Proofpoint's SaaS email archiving, email security and data loss prevention solutions are, "an ideal value-added offering for service providers and ISPs looking to broaden their cloud-based service portfolios."
OEMs and resellers interested in including Proofpoint solutions as part of their own cloud-based initiatives should contact partners@proofpoint.com for more information.
To learn more about the cost and security benefits of moving email archiving to the cloud, download the Osterman Research whitepaper, Email Archiving: Realizing the Cost Savings and Other Benefits from Saas by visiting:
Just a quick note about an interesting (seemingly relatively new) blog at CIOCOO.com, covering SaaS, cloud computing, security issues and incidents and other topics of potential interest to CIOs and COOs (and, presumably other titles including CISOs).
Became aware of it because of an interesting post, "SaaS - What is it?" in which Proofpoint's email archiving service (Proofpoint ARCHIVE) is mentioned as an example of a SaaS solution (along with well known SaaS solutions such as gmail and Salesforce.com).
The post itself has a good summary of some of the key benefits of using SaaS solutions as well as some things to be aware of before using SaaS solutions.
Not sure who's behind this particular blog, but it looks like it could become a pretty interesting resource. I'll let you know when/if I find out more about this one. In the meantime, you can read the complete text of the post I'm referring to at:
As I mention in the comments on that post, Proofpoint distributes a couple of Osterman Research whitepapers that talk about cost savings and other benefits associated with SaaS for email security and email archiving. (Those papers can be downloaded here: http://www.proofpoint.com/tco.)
Speaking with the UK's Infosecurity magazine at the Infosecurity Europe 2010 conference this week, Proofpoint CMO Peter Galvin noted that more companies are moving security and other IT services to the SaaS (Software-as-a-Service) model to achieve cost savings. Quoted in "Companies Adopt SaaS for Cost Saving," Peter notes:
“In financially difficult times, customers want more for less, which explains the movement to SaaS. Even those cynical about the capabilities and performance of SaaS become a lot more comfortable with the idea when they see the cost savings they could make when moving to Software as a Service.”
Supporting that trend, Peter notes that more than half of Proofpoint's new business has gone to the SaaS model in recent times. While the article notes that companies moving to SaaS are "striving for 30% cost saving," that estimate is actually fairly conservative as the savings from moving functions like email security and email archiving to the cloud can actually be substantially higher. (For a more detailed analysis, see the Osterman Research reports Proofpoint makes available at http://www.proofpoint.com/tco.)
Peter also touched on the trend toward increasing demand for DLP and regulatory compliance solutions, noting that:
“Customer drive starts with security, but very quickly moves into compliance and data protection. The protection and privacy of data is being taken more seriously now new fines for non-compliance have been introduced."
The article concludes with a mention of Proofpoint's inclusion in Gartner's updated "Magic Quadrant for Secure E-mail Gateways." That document (which you can read courtesy of Proofpoint here: http://www.proofpoint.com/magicquadrant) also provides some good information on the trend toward SaaS solutions for email security as well as the need for enhanced data protection features including email encryption.
It sounds like the Infosecurity Europe show was an extremely busy one for the Proofpoint team and I'll be sharing more about that (including some new survey results from Infosec) in the coming days.
