Stop That Email!

What if you could ensure that no one in your company would ever send problem email? A growing number of companies are looking to do just that with software that sifts email, IM, and Blackberry missives before they create legal or regulatory exposure.

"Those Foley emails should never have seen the light of day!" quips Michael Rothschild, senior director of product marketing at one firm, Orchestria, that offers such software.

Indeed, if Orchestria had been installed on House of Representatives laptops, perhaps those emails wouldn't have gotten out. Orchestria's product, called the Active Policy Management platform, comes with modules designed to find email that contains obscene or inappropriate words or references. If anyone sends out a sexually oriented message, they get a popup message alerting them to fix it. If they persist, the email can be blocked.

Orchestria's software deals with a lot more than dirty words, though. It also nabs emails with a variety of red flags denoting violation of confidentiality rules and official regulations like HIPAA, Sarbanes-Oxley, the Gramm-Leach-Bliley Act, and others.

For example, if a financial analyst forwards a report to a client without the proper disclaimer at the end of the message, it's a no-go. Likewise, the software can peer into attachments and find phrases like "preliminary results" or "for internal use only" that indicate the message is questionable.

How well does it work? Orchestria's Rothschild says that after a typical installation, a company usually finds that one-tenth of a percent to 1 percent of its messages have been in violation. "Most users in an organization are not trying to violate rules," he notes. "They simply make mistakes."

Sometimes, though, the mistakes can be spectacular. In several instances, Rothchild reports that "proof of concept" demonstrations for prospective customers resulted in an employee being fired on the spot for writing something outrageous.

There's a growing roster of companies that vet email and manage it in various ways, including CA, Entrust, Fortiva, Intellireach, and NetIQ, to name just a few. But among vendors of compliance-specific policy engines that can be used to front-end a range of archiving systems, Orchestria is one of a handful to reach prominence. Others include Vontu and Patron Systems, whose software also detects potentially explosive email and messages and either allows senders to "remediate" them or takes action like blocking messages from being sent.

According to one Vontu customer, the software actually protects the firm from "leakage" of confidential product specs and other proprietary information. "We wanted to take a proactive approach to defending our competitive advantage by protecting our intellectual property," said Igor Makarenko, information security officer at mobile email service provider Visto Corp., in a prepared statement this past May. Makarenko maintained that Vontu software caught the "unauthorized transmission of product specifications and other business-critical information."

Each of the vendors tailors its software policies to fit specific vertical markets, such as financial services, healthcare, and government. Orchestria, for instance, does some work to customize the package for each buyer. There is a GUI with which ITers can set their own parameters and policies on how messages should be handled and archived.

Software from these vendors is also integrated with a range of archiving gear, allowing messages to be stored for specified periods and in specific locations once they're vetted. Orchestria has integrated its software with archiving products from AXS-One, CA, EMC, IBM, Symantec, and Zantaz. (See Orchestria, Zantaz Integrate.) Orchestria also has an exclusive arrangement to work with messaging systems from Bloomberg. Patron Systems integrates with EMC's Centera.

None of these companies is large just yet. Both Vontu and Orchestria claim to have less than 20 customers, and Patron Systems, which claims slightly more, has just 50 or so employees.

While the segment is a landscape of startups, it's likely things will pick up momentum. "We expect compliance and policy management solutions to be protecting 110 million mailboxes worldwide by year end 2006, up 78 percent from 2005," writes Masha Khmartseva, principal analyst of the Radicati Group, in a recent report. By 2010, the firm expects to see 517 mailboxes protected worldwide.

According to the Radicati report, the worldwide market for compliance and policy management solutions will be "over $505 million by the end of 2006, up 38 percent from 2005." By 2010, the annual revenues will reach $1.7 billion.

On the downside, it's likely a policy-based email vetter won't come cheap. For Orchestria's wares, typical prices start at $25 per seat and go up from there. Besides the up-front customization, costs include server software running under Linus, Unix, or Windows, with agent software that loads onto remote PCs and laptops from a central server. Maintenance fees are additional.

Still, for some companies at least, it may be worth it to avoid an HP-style "leakage," a Foley kerfuffle, or an outright lawsuit.

— Mary Jander, Site Editor, Byte and Switch