The Summit TV Intellectual Property Show takes a look at emails and the threat they may pose to information security in organisations with James Blake from Mimecast.

Transcript

The Summit TV Intellectual Property Show takes a look at emails and the threat they may pose to information security in organisations with James Blake from Mimecast.

Stephan Lamprecht: Welcome to the Intellectual Property Show. According to a survey of 125 information technology managers in the UK 94% of companies currently have no measures in place to stop confidential information from leaving their organisation via email. I am joined in the Summit TV studio by Dr James Blake from Mimecast to talk about this. James, essentially emails started off very much as a productivity tool for communication - it was a good thing - but suddenly we’re sitting with a lot of spam and frustration where you can’t get work done because there’s too many emails to look at. What is Mimecast’s business? How do you address these issues?

Dr James Blake: That’s exactly the business Mimecast is in. Email is a double-edged sword as you’ve mentioned already - it’s a key productivity tool that’s embedded in almost every single work flow there is within an organisation - but there’s a whole host of different threats that have grown up over the years since its first use…

Stephan Lamprecht: What is the biggest threat at the moment?

Dr James Blake: I think the biggest threat at the moment is loss of intellectual property. That is key purely because industry isn’t very well equipped to deal with it at the moment - the actual solutions you need to put in place to deal with that are quite difficult to put in place - but there’s also the old threats of spam, phishing, and viruses chugging away in the background.

Stephan Lamprecht: Let’s take it one step at a time. You mentioned loss of intellectual property via email - so email has become a way of communicating, giving instructions, recording discussions - so if I want to go afterwards and say what did we actually agree to a lot of that is captured in email...

Dr James Blake: That’s absolutely true. If you look at the facts - especially in UK law - anything written in an email is actually classed as a contract. If there is an email between two parties that are legally able to form a contract anything contained within an email can form a contract - or a deviation for an existing contract - so imagine if you’ve got a contractual relationship with a business partner and you make a joke in an email that could later if the situation changes come back and haunt you.

Stephan Lamprecht: So that could be a huge loss to an organisation - if everything that you’ve recorded, all your contracts with your clients - if suddenly that had to be lost, and if there is a dispute and you want to go back to it and you can’t find it. That’s a huge challenge.

Dr James Blake: I think there are two particular issues that you’ve brought up. One is what if we misplace that data - data about the informal contractual agreements that you’ve come up with that aren’t recorded on paper anywhere but were formed via email. The other end of it is let’s say we get into a civil dispute - how do I defend my position if the person that was my business partner, or was my customer - suddenly turns to civil litigation so there are two strong causes for keeping emails. Also, there’s a lot of intellectual property embedded within emails - email is the process where an awful lot of work gets done. You tend to find the document that eventually gets committed to a document management system as the finished article - what you’ve lost is all those track changes and all the changes over time that really represent the whole process…

Stephan Lamprecht: If I engage with a service provider and give them instructions - say for example we’re developing a new product, or a new business. That development process is basically capturing a conversation - you give input and I give input, and we derive a solution - the only place we can find a recording of that and in a lot of instances would be email…

Dr James Blake: For sure. What you’re losing by only keeping the finished document is the work that’s gone into that document. Just to give you an instance one of the largest management consultancies in the UK stores their emails with us, and they treat that email store as an intellectual property business intelligence database. So what happens is when they’re working for a similar they’re able to cut out 80% of their work because they can go back and look at the track changes - and all the changes in the conversational emails - before the final contact was finalised and they’re able to reuse it.

Stephan Lamprecht: You mentioned the issue of civil litigation. It’s nice to have the internet - because the world is becoming a smaller place - but exactly because of that you would find yourself engaging with people that might not be in the same legal jurisdiction. How do I deal with that? I am in South Africa and I send you an email in London and now we have a dispute - what happens?

Dr James Blake: The interesting thing is it depends on what the contractual arrangements were - so for instance if your original contract was formed under UK law, and for instance in the contract a clause says any litigation will happen under a UK court - then any email you’ve sent will form a deviation for that contract regardless of what the law says within South Africa. Likewise, if the contract is under South African law whatever the contract law relating to South Africa - would cover that legislation. The most important thing is if you’re dealing with US companies - because that’s a heavily regulated market, and you can find yourself exposed to all sorts of government and other forms of legislation as well by dealing with a US company.

Stephan Lamprecht: I can imagine the more people you have in a company the bigger the problem becomes - so if I’m in a company and I like using Outlook, and someone else likes using Gmail for example - how do I manage that? What can I do to be on top of that?

Dr James Blake: It’s impossible. In that circumstance when you’re using a completely fragmented email infrastructure there is no way. We use the term governance - it’s a horrible term because it covers so much, but basically governance approves that policies and procedures at your organisation are stuck to - but you can’t enforce a policy when you’re trying to use six or seven different platforms. We find that when people are using webmail and when they’re just trying to manage the risks of their business using several different products within their own infrastructure. The key thing to do is to think about your email policy, and what your contractual obligations are - and then work from there on how you deliver email and all of the services around email.

Stephan Lamprecht: Creating awareness within the company - to create a disclaimer at the bottom of an email and so forth - how do you see that working for people?

Dr James Blake: One of the important things about disclaimers is you might need to change your disclaimer for the territories where you’re sending emails to cope with the law in those particular territories - so having a system which can change the disclaimer dynamically depending on where the email is going, maybe also the type of organisation it’s going to whether that’s a partner, a customer, and maybe even changing it for an attachment - so when a particular attachment is attached to an email you change the disclaimer to say “the attached document is not to be disclosed to anyone outside your organisation.” Having the flexibility to do that is very important in the solution.

Stephan Lamprecht: Mimecast as a company has a strong South African link?

Dr James Blake: Yes. The two founders of our company - even though they are now resident in the United Kingdom - are both South African. Peter Bauer and Neil Murray came over pretty much at the turn of the millennium to try their hand at British business and they’ve done extremely well so far.