Bringing Home a Flexible Solution for Email Encryption, Spam Detection.
Land Registry, known formally as Her Majesty's (HM) Land Registry, was created in 1862. The U.K. government department reports to the Department for Business, Innovation and Skills and is responsible for publicly recording interests in registered land in England and Wales. Like many government agencies, Land Registry downsized during the recession, reducing head count from 8000 personnel to around 5000 employees across a number of local offices. Budgetary concerns also were top of mind when the agency wanted to upgrade its email security. It sought a reputable but cost-effective solution flexible enough to meet the needs of a smaller workforce, but still highly efficient in satisfying compliance demands and able to apply encryption automatically. After evaluating several solutions and weighing the recommendation of another U.K. public sector agency, Land Registry chose Cisco IronPort™ Email Security.
• Cisco® IronPort Email Security's automatic encryption of email through administrator-configured policies helps satisfy regulatory compliance requirements, including European directives.
• Fewer than one in 1 million false-positive rate keeps messages out of quarantine.
• All-inclusive service, with hardware, software, and support bundled together, provides simplicity.
After downsizing its workforce, Land Registry needed to provide email security to fewer employees; however, at the same time, email compliance concerns were only increasing. Phishing emails, in particular, had plagued Land Registry, even though it experienced low spam volumes in comparison to other organizations.
The managed email security service provided by another vendor that Land Registry had relied on for nearly a decade, while adequate in protecting against email viruses, was not keeping up with the fast-changing threat landscape, or able to process emails with large attachments efficiently. Although it considered upgrading its existing service, Land Registry quickly realized this investment would not be cost-effective. "A like-for-like upgrade of the current solution would have been expensive. It also would have provided an infrastructure capable of handling far greater email volumes than our reduced staff would ever likely require," says Neil Glasson.
As for email encryption capabilities, Glasson says the complexity of managing the technology tends to discourage its widespread use because of its impact on business processes. He adds, "Nobody wants security to get in the way of productivity." This is why it was important for Land Registry to identify a user-friendly approach for automatically applying encryption when needed based on content, "as this offers the best compromise between security and convenience," Glasson says.
Land Registry began its implementation of Cisco IronPort Email Security in 2010. For a time during the implementation process, Land Registry was able to run reports on both its old and new solutions, which allowed for real-time performance comparisons. The results: "Cisco came back with sub-second responses to our requests," says Glasson.
As for spam, 15.4 percent of emails (more than 15,000 daily) are now detected and quarantined. And analysis shows that of the 50 or so messages received daily that are defined as spam but make it through filters, 85 percent are material in which Land Registry personnel have enrolled as part of their jobs, such as newsletters and conference information.
Cisco IronPort Email Security's automatic encryption capabilities remove the burden on individual users of knowing when to encrypt emails. "They don't have to worry about it," says Glasson. "The solution applies encryption based on our policies and compliance requirements. It's been very easy for us to use and update," he says. Glasson adds that the solution's content-aware data loss prevention (DLP) capabilities for email were also appealing to Land Registry, and probably will be integrated eventually. "We don't worry too much about DLP because much of the information we deal with can be accessed by the public," says Glasson. "But with all the recent downsizing we've experienced, and our use of outsourcing arrangements, we do recognize that there is a higher risk that confidential material could leave the organization."
Cisco IronPort Email Security's spam detection abilities were endorsed by another Cisco customer, a U.K. police department, which Glasson says was one of the deciding factors in choosing the solution. "They deal with far more spam than we do," he says. "Eighty-five percent of the police department's email is spam, and after the first six months of using the Cisco's solution, no messages were being sent back. Speaking candidly with someone else in the public sector about how the solution works: that sold us. And the Cisco rep didn't insist on being on the call. He just gave me the phone number and said, `Have a word with this customer. He'll be honest with you.'"