Monday, February 4, 2008

Ten years of corporate email progress

I am off to Australia later this week, in preparation of a series of seminars that Joel Snyder and I will be doing there. My portion of the talks will focus on email and file encryption. Australia is in the process of beefing up their privacy laws and creating a uniform code for the entire country that will necessitate deploying encryption for most business communications.

The trip comes almost ten years to the day that I started working on my book "Internet Messaging" with Marshall Rose, who was one of the inventors of the POP protocol, the underlying fabric of what every Internet email product uses today. So I thought it would be worthwhile to see where we have come in the last ten years with corporate email.

Ten years is a couple of lifetimes in the tech world, but it is interesting how much hasn't changed in the corporate email universe.

Sure, some products have left the landscape: Netscape Messenger and CompuServe's WinCIM have been replaced by Google's Gmail and other Web-based emailers. Microsoft Exchange has taken plenty of market share from Notes, now firmly part of IBM's software product line and Groupwise is nearly extinct. The notion of primarily LAN-based email, such as cc:Mail and MHS, is also gone.

Ten years ago, we had spotty Internet connectivity and unreliable gateways. Now it is taken for granted, intrinsic to any real email product, and no one would roll out email in their organization without it. Email used to be part of a secure perimeter of services that a corporation could protect and defend. As the level of Internet integration has increased, the perimeter is no more, and now corporations are trying to implement endpoint security measures.

Many businesses are running Internet-only email products such as Communigate, which works with Microsoft Outlook and Internet clients. Ten years ago, cell phones were still used mostly for voice calls: now texting and IM'ing from a phone predominates, and applications such as Twitter make it easy for people to communicate their doings in real time to a mass audience.

Speaking of Instant Messaging, it has become firmly rooted in many corporate cultures, largely because the email traffic has ballooned beyond control and because people want immediate real-time answers from their co-workers. And as corporate teams have become more distributed, IM can connect them in ways that email never could.

Ten years ago, we were careful about putting personal information online, because for many people it was still a pretty new experience, and because people who participated in Usenet discussions knew their words would be recorded for posterity. Now Usenet is the province of spammers, porn and peer file stealing services, replaced by Facebook and other social networks. And nowadays we have become careless and give out routinely this information, especially as teens and college students dominate in these applications. We have already seen some privacy implications and more are on their way.

Today we see situations where our IP address, our online purchase history, our postal address, and various account numbers are included in email messages that anyone can easily read with the right tools and time and determination. The proposed Australian laws, as an example, are making collecting customer information more of a liability than an asset for corporations that want to do business inside their country.

Rich email – the ability to send a message with clickable links and graphics – has become de rigueur, but spammers and phishers have made it less desirable by embedding their malware into these links.

Speaking of spam, that hasn't changed much in ten years, only just more of the mail stream than ever. There are dozens of tools to try to block and cleanse this junk, but it still is a war of attrition and an arms race to stay ahead of spammers.

Another thing that hasn't changed much in ten years is email encryption. PGP Corporation has gone through several transformations of its own in the past ten years, and now has a wider product line, including its Universal product and other tools to manage the crypto infrastructure. Companies such as IronPort (now a part of the growing Cisco family), Tumbleweed, and Voltage Security are making a good living selling corporate solutions that offer some form of encryption products.

Despite all of these products being far better than they were ten years ago, for the most encrypted email is still nowhere to be found, and is still implemented only in the rarest of circumstances. I think I can count on one hand the number of people who I regularly correspond with encrypted emails, and that is probably being generous.

In the ideal world, email encryption would be available for communication anytime and from any machine, not just the PCs that are running specialized software tools. It would work across different products with some level of confidence. A product would allow its users to provision themselves without having to call in IT support or someone who could wade through all the numerous options. It would be easily managed by thinning IT staffs or outsourced to competent staffs, and available at low cost too. None of these statements were true ten years ago, and they still are largely unrealized today.

Finally, one thing that remains constant is how email is the universal notification system for so many applications that we now use. Most of the social networks can be set up to send you email when a friend joins your network, or adds you to theirs. Everything from shared document services to Internet faxing to common calendars to CRM tools makes use of email messaging infrastructure in some fashion.

No comments:

About Me

My photo
David Strom has looked at hundreds of computer products over a more than 20 year career in IT and computer journalism. He was the founding editor-in-chief of Network Computing magazine, and now writes for Baseline, Information Security, Tom's Hardware, and the New York Times.