E-mail security typically has focused on incoming traffic, but regulatory compliance requires that businesses also control information leaving and traveling within their networks.
For VARs, integrators and service providers, this more comprehensive approach to e-mail protection translates into new profit opportunities in a fast-growing market, said John Young, president of e-mail security vendor Nemx Software Corp., Ottawa.
Nemx just issued an updated release of its year-old solution, SecurExchange, which monitors and analyzes e-mail content to prevent the transmission of information to users who are not authorized to have it.
The technology, developed specifically for Microsoft Exchange servers, has the capability to block inappropriate e-mail content, quarantine it and route it to someone with the authority to review and determine whether to release it.
SecurExchange helps companies comply with federal regulations such as the Sarbanes-Oxley Act and Gramm-Leach-Bliley acts, which address access to financial information, and the Health Insurance Profitability and Accounting Act, which deals with confidential patient information.
It also provides a tool for companies to electronically enforce policies on inappropriate, discriminatory or offensive language.
By focusing on outbound messages and e-mail within the network, Nemx technology represents a new approach that focuses on prevention, as opposed to the detection capabilities of existing anti-spam, anti-virus and anti-spyware tools, Young said.
“The current wave of e-mail management is focused on outbound content control,” he said. “But we see that as only the tip of the iceberg.”
For full compliance, Young said, companies also must invest in technology that prevents data from reaching unauthorized users within their networks.
Through encryption and real-time content analysis, SecurExchange filters and blocks information from unauthorized eyes, he said.
To get its technology into corporate networks, Nemx is calling on channel partners to sell and service the product.
Channel companies are better equipped to maintain long-term service and maintenance relationships with customers than the vendor can provide, he said.
VARs and integrators seeking new high-margin opportunities are the company’s recruitment targets.
“With a product like this, there’s always up-sell and there’s always those additional services,” Young said.
Nemx partner M&S Technologies, Dallas, is getting profit margins of more than 30 percent from selling and servicing the product, said M&S account manager Stoney Reynolds.
Research firm Gartner Dataquest predicts the market for secure e-mail boundary products such as SecurExchange is expanding at an 80 percent compound annual growth rate, from $14 million in 2003 to $249 million in 2008.
Secure e-mail boundary software is starting to replace detection software such as spam filters, which Gartner Dataquest says will decline by about 21 percent in the same time period.
Jumping on the prevention bandwagon allows VARs and integrators currently focused on detection to “future-proof” their business, Young said.
To create excitement among partners, Nemx has engaged in lead-generating activities, done mass mailings and sent out white papers.
The company also gives partners literature on scenarios for which SecurExchange would address customer needs, said Channel Director Kirk Zynger.
Nemx is doing 75 percent of new business through the channel and eventually expects that number to grow to 100 percent. Young said the company also intends to move legacy accounts to partners.
While the company is pushing aggressively into the channel, executives say they don’t have a specific number in mind for how many partners Nemx needs.
“We want to be positioned such that we’re covering the entire market but we’re not saturating the market,” said Zynger.
M&S Technologies has been a Nemx partner for about a month. The company was looking for technology that does real-time scans of e-mail content, and SecurExchange became the obvious choice, said Reynolds.
The company already has deployed the technology at one customer that needed to control outbound and inbound e-mail.
“They really wanted to make sure there’s no proprietary information going out of their Exchange server and nothing malicious coming in,” Reynolds said.
Getting customers to understand the need to control outbound information, especially for regulatory compliance, still requires some education, he said.
But once they understand the benefits, he said he expects more customers to want the Nemx technology.