Re: How can you trust a company you don't know?

["Steve" <securityfocus () delahunty com>]

I think that we might be a bit off topic, Nicholas' original request was
about looking into an email list/newsletter management firm, not totally
outsourcing their corporate email.  I believe that Nicholas' firm would
still control the content and their marketing department would have direct
say over that.

STEVE

----- Original Message ----- 
From: "Rob McComber" <rob () digitalgenesis ca>
To: "Nicholas Diotte" <xphox () xphox net>; <security-basics () securityfocus com>
Sent: Tuesday, October 21, 2003 8:20 PM
Subject: RE: How can you trust a company you don't know?


In support of Dave Hartnell, I'd also like to add that when you allow a
third-party to provide a service like emailing, you lose control of what is
fast becoming a critical element of your company's archives. With email
records being used in court with increasing frequency, maintaining the
integrity of your own records is paramount.

Even if your internal mail remains your own, your ability to control email
that is sent as a legal representation of your company is compromised.

Going back to C-I-A,
Confidentiality - with a third-party, you just don't have it. Even if the
email is intended for the public, you lose certain controls.

Integrity - if they're a good company, this may be maintained. It may not be
as well. If they send something out in error, it's very difficult to place
responsibility, and even if you can, your company will be responsible to
your customers.

Availability - this is particularly dangerous. Can you be sure that access
to your email will be available only to your authorized representatives?
Will it always be available? If a court demands records, can you trust that
another company will have maintained them? And even more disturbing, can you
trust that your third-party provider won't make records of your email
traffic available to someone else? This may not be maliscious...if they're
told by the courts to submit your records, they may buckle far sooner than
your own legal section.

In the end, no matter how well you know the company, Dave is right. Your
corporate image is carried to your customers through marketing emails. You
can't trust someone else with something that valuable.

Rob McComber
Technical Trainer

rob_@_digitalgenesis.ca


---------------------------------------------------------------------------
Visual & Easy-to-use are not words that you think of when talking about
network analyzers. Are you sick of the three window text decodes? Download
ClearSight Network's Analyzer and see a new network analysis tool that
makes the complex - easy
http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_031021
----------------------------------------------------------------------------


---------------------------------------------------------------------------
Visual & Easy-to-use are not words that you think of when talking about 
network analyzers. Are you sick of the three window text decodes? Download ClearSight Network's Analyzer and see a new 
network analysis tool that 
makes the complex - easy
http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_031021
----------------------------------------------------------------------------