Exchange-Email-Security-Blog.jpeg

Most IT organizations have to deal with remote workers, employees who travel or telecommute, temporary contractors and agents or staff who are simply being productive at home. For all these people, email remains the bedrock of corporate communication. Without it they simply wouldn’t get their jobs done.

So for organizations that use Microsoft Exchange Server, deploying Outlook Web for these users is the logical choice. But, Outlook Web (OWA) has a long-standing reputation as the black sheep of the IT security flock, existing on the edge of the secure corporate network and exposing it to potential threats. This exposure often deters companies from publishing Exchange to the web or has them disabling Outlook Web after a security and/or compliance audit exposes any of these three potential threats:

Session Control – When an Outlook Web user walks away from their computer without logging out and closing the Web browser, the user’s Outlook Web session remains active and exposed. Also, because OWA is entirely browser based, it is very easy for a user to simply go off to another website leaving full access to their email with just a “back button” or history click!

Attachment Security – Email attachment security with OWA is a top concern among IT professionals. Often highly sensitive information is sent via corporate email, and unfortunately when a user opens an attachment, a copy is automatically created outside of the organization’s control. While most users aren’t even aware that this is happening, for IT it adds to the list of potential data losses including users saving documents, printing or copying them … more often than not by mistake!

Outside Intrusion – Contrary to what we see in the movies, most hackers resort to more mundane methods of breaking into computer systems, such as brute-force attacks. Hence, it’s critical for messaging administrators and security personnel to monitor all logon related events to detect outside threats. Especially when considering the nature of access to corporate webmail where the login page and URL are publicly accessible on the internet!

There are several options available for addressing OWA security vulnerabilities, including disabling access altogether, using Virtual Private Networks (VPN), or 2-factor authentication security products. However, these products secure infrastructure and perimeter and do not specifically address the webmail application itself.

Investing resources on securing access points only to have the security circumvented when users simply work with a web browser is a serious issue. Besides, most employees on the move simply want the ability to quickly check their inbox, reply to a few messages and move on – without additional, complicated access procedures. And, when it comes to webmail, perimeter and network access products contribute to the creation of a false sense of security. Certainly, most users incorrectly expect that they will be automatically logged off, sessions will be closed, documents are secure and no trace of their visit is left behind.

Messageware seeks to put Outlook Web security back into the hands of IT administrators and the Application itself. Our Exchange Server security products follow a preventative approach to Outlook Web security ensuring that confidential corporate information never leaves your Exchange Server.

Messageware AttachView, TimeGuard, NavGuard and OWA Guard address the specific threats that cause most companies to consider disabling Outlook Web

Before you rule out Outlook Web deployment, talk to us about our easy-to-deploy, cost-effective solutions for securing Outlook Web and Microsoft Exchange Server. If you’re interested in testing any of our products in your environment, we’ll help you with a free product trial, just click here.