Proofpoint Tackles Email Attachments - 20 May 2008

I have to admit that I'm an addict. I have uncontrollable cravings. I've lost days of time. They say admitting the addiction is the first step on the road to recovery, but I don't have any intention of reforming. I'm addicted to playing a game, though it's not Xbox or PlayStation for me. I play Sid Meier's Civilization on my home computer; perhaps some of you have heard of it. It's a good old simulation game wherein you guide your civilization from the earliest settlement through 6,000 years of history and developing technology, using trade, diplomacy, and military means to pound the other civilizations into pulp and be the first to launch a colonizing space ship.

So why am I bringing this up? Well, I was reminded of this game during a recent conversation with Proofpoint, providers of email security and data loss prevention solutions; we were discussing the increasing size and volume of email file attachments. See, in Civilization, you begin by developing basic technologies, such as pottery and bronze working, and doing so takes many rounds of play and perhaps hundreds of years of game time. But in the later stages of the game, you can develop computers, lasers, and integrated defense systems, and doing so takes only a few years or rounds of game play. In other words, the more technologies you develop, the quicker you can develop more technologies.

I guess that's not a revolutionary concept; it's very true to life in our own world. And it was thinking about what's happened (and is still happening) with email attachments that called this concept to my mind. As Rami Habal, senior product manager for Proofpoint, said, "What's going on today is just this massive explosion of digital information. People are sending more attachments, they're sending larger and larger attachments, and basically the Exchange servers are out there crying for help." People have digital cameras in their phones so they can send you up-to-the-minute snapshots of what they're doing. Both in business and personal use these days, people regularly send PDFs and PowerPoint files, graphics and video files—with file sizes that are sometimes prohibited by email service providers or local administrators. And remember: Every send duplicates the file itself, which can ultimately become a storage problem as well as a bandwidth problem. Proofpoint estimates that attachments account for 80–90 percent of mail stores.

A long-standing alternative to sending file attachments through email is FTP. Although FTP provides file transfer of large files without involving the mail system, it has an image problem. As Habal said, compared to SMTP (which is the standard for corporate email), FTP "is like the ugly quiet cousin that no one wants to talk to." Everyone in your corporate environment is used to email; FTP programs look like something that shouldn't see light of day outside the IT warren. End users are afraid of it, and it can be a headache to provision and manage—at least, if you're trying to use FTP with proper user passwords established. Another criticism of FTP is that it's inherently unsecure; transfers can be sniffed or hijacked because data is sent unencrypted.

If you're a messaging system administrator and the increasing size and volume of email attachments is bogging down your organization, Proofpoint wants you to know they feel your pain. They've listened to customer complaints about this problem, and as a result the company is now offering Proofpoint Secure File Transfer (PSFT). As Habal described it, "What we wanted to do was deliver something that offers the ad hoc ease of use of email but that gave you basically the capability of FTP without the usability challenges."

PSFT works through a Web interface or a Microsoft Office Outlook plug-in that identifies messages with attachments. If an attachment is too large, it's stripped from the message and sent to the Proofpoint Secure File Transfer appliance. The recipient receives an email message with a secure link to the file. The recipient can then download the file, which bypasses the email system and never gets stored on the mail server. You can set the size of files to block, which can vary depending on users or groups, as well as options for recipient authentication, download notification to the sender, and file expiration from the appliance.

PSFT is a module that can be added to any Proofpoint deployment. Proofpoint solutions give you broad control of how you choose to deploy: as software, as appliance, as virtual appliance, and as a hosted service. And there's mix-and-match capability, too—you can use some features in a virtual appliance, for instance, while for others you choose the hosted service. Proofpoint isn't planning to offer PSFT as software, however, and the on-demand service won't be available until later this year. According to Andrew Lochart, vice president of product marketing for Proofpoint, "Software has become a diminishingly small part of our business. Customers really seem to prefer the three alternatives." With the virtual appliance option, I'm not surprised; I find it interesting, though, that the hardware appliance and hosted service are also coming before the traditional software approach.

Let me know what sort of headaches your messaging system is giving you. Is it file attachments and storage concerns? Compliance or policy enforcement? Security? Virus and spam defense? What's your preferred method of solution deployment? Are you using a hosted service, a virtual appliance, or are you sticking with tested, on-premise software? Which is your favorite civilization to play in Civilization, and why? Feel free to send me an email message—no attachments, please!—or post a comment below to let me know what you think. Meanwhile, in my latest Civilization game, I've got some uppity Aztecs that won't trade me their extra oil; I guess it's time to go to war again. (Now, where have I heard that scenario before . . . ?)

Here are some other articles about email security that might interest you:

"Messaging Security"
"OWA Security Risks Often Overlooked"
"Tor Experiment Proves You Should Use SSL for Email"
"Email Security and S/MIME"

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.