Security Basics mailing list archives
Re: How can you trust a company you don't know?
From: "Steve" <securityfocus () delahunty com>
Date: Wed, 22 Oct 2003 20:07:32 -0400
I think that we might be a bit off topic, Nicholas' original request was about looking into an email list/newsletter management firm, not totally outsourcing their corporate email. I believe that Nicholas' firm would still control the content and their marketing department would have direct say over that. STEVE ----- Original Message ----- From: "Rob McComber" <rob () digitalgenesis ca> To: "Nicholas Diotte" <xphox () xphox net>; <security-basics () securityfocus com> Sent: Tuesday, October 21, 2003 8:20 PM Subject: RE: How can you trust a company you don't know? In support of Dave Hartnell, I'd also like to add that when you allow a third-party to provide a service like emailing, you lose control of what is fast becoming a critical element of your company's archives. With email records being used in court with increasing frequency, maintaining the integrity of your own records is paramount. Even if your internal mail remains your own, your ability to control email that is sent as a legal representation of your company is compromised. Going back to C-I-A, Confidentiality - with a third-party, you just don't have it. Even if the email is intended for the public, you lose certain controls. Integrity - if they're a good company, this may be maintained. It may not be as well. If they send something out in error, it's very difficult to place responsibility, and even if you can, your company will be responsible to your customers. Availability - this is particularly dangerous. Can you be sure that access to your email will be available only to your authorized representatives? Will it always be available? If a court demands records, can you trust that another company will have maintained them? And even more disturbing, can you trust that your third-party provider won't make records of your email traffic available to someone else? This may not be maliscious...if they're told by the courts to submit your records, they may buckle far sooner than your own legal section. In the end, no matter how well you know the company, Dave is right. Your corporate image is carried to your customers through marketing emails. You can't trust someone else with something that valuable. Rob McComber Technical Trainer rob_@_digitalgenesis.ca --------------------------------------------------------------------------- Visual & Easy-to-use are not words that you think of when talking about network analyzers. Are you sick of the three window text decodes? Download ClearSight Network's Analyzer and see a new network analysis tool that makes the complex - easy http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_031021 ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Visual & Easy-to-use are not words that you think of when talking about network analyzers. Are you sick of the three window text decodes? Download ClearSight Network's Analyzer and see a new network analysis tool that makes the complex - easy http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_031021 ----------------------------------------------------------------------------
Current thread:
- How can you trust a company you don't know? Nicholas Diotte (Oct 21)
- The answer is, "you cant" Dave Hartnell (Oct 21)
- RE: The answer is, "you cant" Mike Molloy (Oct 22)
- RE: The answer is, "you cant" Xphox (Oct 22)
- RE: The answer is, "you cant" Mike Molloy (Oct 22)
- Re: How can you trust a company you don't know? Steve (Oct 21)
- Re: How can you trust a company you don't know? Steve (Oct 22)
- RE: How can you trust a company you don't know? Rob McComber (Oct 22)
- Re: How can you trust a company you don't know? Steve (Oct 23)
- <Possible follow-ups>
- Re: How can you trust a company you don't know? SMiller (Oct 21)
- The answer is, "you cant" Dave Hartnell (Oct 21)