The American Management Institute (AMA) and the ePolicy Institute recently conducted an interesting survey of email and instant messaging usage. Here we quote some of the results.

Note that most responses came from small and medium size organizations. Many the issues raised don’t apply to large organizations, who are better prepared.

Survey Demographics

840 U.S. businesses participated in the 2004 Workplace email and instant messaging survey. Many responses are from small or medium sized organizations. Respondents came from many industries, with the following numbers of employees:

• 100 or fewer- 26.4%
• 101–500 -24.8%
• 501–1000- 11.8%
• 1001–2500- 10.2%
• 2501–5000- 7.7%
• More than 5000- 19.1%

Selected Results

Litigation & Regulation. One in five respondents (20%) has had employee email and IM subpoenaed in the course of a lawsuit or regulatory investigation. This shows that many employers remain largely ill-prepared to manage email and instant messaging risks.

Retention & Deletion. The business community’s failure to retain email and IM according to written retention and deletion policies is alarming. Merely 6% of organizations retain and archive business record IM, and only 35% have an email retention policy in place—a mere 1% increase over the 34% reported in 2003.

Employee Education. 54% of organizations conduct email policy training vs. 48% in 2003 and 24% in 2001.

Email & IM Policies. Only 79% of employers have implemented a written email policy, versus 75% in 2003 and 81% in 2001. Unfortunately, only 20% have adopted a policy governing IM use and content.

Policy Enforcement & Monitoring. Only 11% of organizations employ IM gateway/management software to monitor, purge, retain and otherwise control IM risks and use. 60% use software to monitor external (incoming and outgoing) email, versus 90% in 2003 and 47% in 2001. But only 27% take advantage of technology tools to monitor internal email conversations that take place between employees versus 19% in 2003.

Policy Violations. Survey respondents report sending and receiving the following types of inappropriate and potentially damaging IM content: attachments (19%); jokes, gossip, rumors, or disparaging remarks (16%); confidential information about the company, a co-worker, or client (9%); sexual, romantic or pornographic content (6%).

Compliance & Employee Discipline. Employers are getting tougher about email policy compliance, with 25% of 2004 respondents terminating an employee for violating email policy, versus 22% in 2003 and 17% in 2001.

Email & Productivity. 10% spend more than half the workday (4-plus hours) on email, vs 8% in 2003. 86% engage in personal email correspondence. 12% report that more than half the email they receive at work is spam.

Reference

http://www.amanet.org/research/pdfs/IM_2004_Summary.pdf

-- Ashish Gupta, Author

Vendor Name: Sunbelt Software
Date of This Document: March 24, 2005
Authors: David Ferris, Richi Jennings
Source of Information: Alex Eckelberry, President, alexe@sunbelt-software.com
Quick Summary of Firm’s Offerings. Anti-spyware software, Windows administrator tools.

Company Statistics

· # Full-Time Staff: 94 in US, 6 in India. A loosely-affiliated firm in Paris has 45 staff in Paris and London
· # Full-Time Product Development Staff. 30
· Stock Market Status: Private
· Revenues: Calendar 2005 project $22M in US, $17M in Europe. Calendar 2004 was $16.6M in US, $15M overseas.
· Profitability: Recently have achieved profitability. Self-financed, firm has used profits to fund growth.
· # Live Paying Customer Seats: Counterspy Enterprise has at least 100,000 seats. It’s ramping up rapidly.
· # Live Customer Organizations: Counterspy has about 750 organizational customers; says it’s adding 40 to 50 a week.

CounterSpy Enterprise

Product Name: CounterSpy Enterprise
Product Functionality:
· Policy based spyware management. Eg, policies can be defined for individual users or groups of users; scans can be scheduled; specific threats can be allowed or disallowed.
· Centralized notifications and reporting.
Platforms: Windows
V1 Launch Date: December 15, 2004
Competition: Main competitors in the enterprise market are Webroot SpySweeper Enterprise, CA PestPatrol, McAfee AntiSpyware (a plug-in to its anti-virus offering), Tenebril SpyCatcher Enterprise and Intermute SpySubtract. Other more visible anti-spyware products include Symantec’s product line, SpyBot S&D, Lavasoft AdAware, but these are generally not focused on the enterprise market, being more suitable for individual consumers. Note: Symantec has announced enterprise spyware support in an upcoming offering but nothing has been shipped yet.
Pricing: Client starts at $25/seat, goes down to $5/seat for 20,000 to 50,000 seats; 25%-of-list per client after first year for database subscription. Discounts available for educational and government users.
Main Plans--Next 12 Months:
· Move to anti-virus and firewall protection
· Improve scalability for customers with 150,000 seat+.
Vendor’s Perception of its Top Competitive Strengths:
· Centralized management
· Catch more spyware than others due to quality of database
· Has broad support for keyloggers
For Further Information. http://www.sunbelt-software.com.

Ferris Research Comments

· Spyware’s become a hot topic over the last couple of months. Most companies have poor controls in place at the moment. A year from now, most will have good controls in place. The enterprise anti-spyware market is growing rapidly. Growth is much faster than the anti-virus market experienced, due to the faster spread of this type of malware.
· As this marketplace settles down, leading anti-virus vendors (eg, Symantec, McAfee, Trend) will offer good spyware control.
· Expect some acquisitions of spyware control solutions by large anti-virus vendors. Microsoft’s acquisition of Giant Software illustrates this. Sunbelt co-authored their anti-spyware engine with Giant, and so the Microsoft AntiSpyware engine is broadly the same engine inside CounterSpy. The Giant engine has enjoyed a consistently strong reputation for accuracy and completeness, which bodes well for Sunbelt. Sunbelt claims that it tunes the ruleset for its version of the engine to be slightly more aggressive than Microsoft’s.
· All spyware solutions will expand their security capabilities. Virus control will be a common first step. The boundary between anti-spyware and anti-virus will contine to blur, which will quickly become a challenge for vendors who only address one or the other.
· Sunbelt is a Microsoft Gold Certified partner and the two companies have had a strong and friendly partnership for a number of years. The current relationship includes the shared ownership of spyware definition files until July of 2007.

How can legitimate direct marketers get their messages through more reliably? How can they avoid being branded as a "spammer" by over-enthusiastic spam vigilanties?

We wrote about this problem before. See [1] and [2]. This is the first of an irregular series of blog posts where we’ll examine some additional ideas.

Continue reading ‘How not to be a spammer [3]: the DNS is your friend’

Vendor Name: InterMute
Date of Publication: March 7, 2005
Authors: David Ferris, Richi Jennings
Source of Information: Andy Ostrom, Marketing Director
Quick Summary of Firm’s Offerings. InterMute offers various types of security software. Here we focus on its enterprise anti-spyware solutions.

Company Statistics

· # Full-Time Staff: 40
· # Full-Time Product Development Staff. 20
· Stock Market Status: Private
· Revenues: Not disclosed
· Profitability: Profitable in 2004
· # Live Paying Customer Seats: Enterprise product shipping for six weeks, 5,000 to 10,000 paying seats deployed.
· Other: Firm says its anti-Spyware revenues have doubled every quarter for the last three quarters, as of 1Q04.

SpySubtract Enterprise Edition

Product Name: SpySubtract Enterprise Edition
Product Functionality:
· Centrally managed anti-spyware solution
· Detects and removes spyware
· Spyware transfer detected in web browser channels
Platforms: Client runs on Windows NT, 2000, XP (Home or Professional), or Server 2003. Server runs on Windows 2000 (server or Professional), XP (professional), or Server 2003.
Competition: Top Three: Webroot, Sunbelt, Computer Associates. These compete in the enterprise space. There are other competitors but mainly in the consumer space.
Release Date: January 2005.
Pricing: At 25 seats, about $30/seat. At 10,000 seats, about $12/seat. This is for first year. The annual renewal price is about 50%.
Main Plans--Next 12 Months:
· Add advertisement blocking
· More ways that the client and console can communicate. Currently need a Microsoft Domain Server, in future customers will be able to use IP as a transport
· Extend the places where we monitor for spyware. E.g. today product looks at certain common OS entry points, ActiveX controls and JavaScript, browser helper objects, and registry entries. Further monitoring points will be added
· Enhanced Reporting.
Special Characteristics Claimed by Vendor: The vendor emphasizes strengths in the following areas:
· Console is Web browser-based so easier to use, plus can centrally manage many sites. Competitors use a native MS Windows interface
· Automatic priority management of scanning, so impact on end user minimized
· Based on MySQL database so can scale to many thousands of clients easily.
· Recently acquired CWShredder. This is a very powerful tool to suppress some of the most difficult and tenacious forms of spyware. InterMute claims this is the only commonly-agreed-upon way of suppressing browser highjackers like CoolWebSearch.
For Further Information. http://www.intermute.com.

Ferris Research Comments

· The anti-spyware market is in its early days, and is growing rapidly.
· Enterprises perceive the primary threat of spyware as the performance impact on their computers. Interestingly, they perceive the threat of the actual spying to be minimal, or even theoretical.
· Enterprise products need to be even more careful about false positives than do consumer products. For example, most anti-spyware products have historically flagged DoubleClick cookies as a threat, implying that the DoubleClick web advertising brokerage is delivering spyware, which it clearly is not. This is a feature of anti-spyware’s “hobbyist” roots. Enterprise products should ignore marginal threats such as these, and concentrate on eliminating high priority malware. The 80/20 rule applies.
· The enterprise product is new, but it’s based on an existing consumer scanning engine, which generally has a good reputation in the field.
· There’s a grey area between viruses/worms/trojans and spyware/adware. We blogged about the characteristics of spyware/adware recently.
· We doubt the firm’s claim that CWShredder. is the only commonly-agreed-upon way of suppressing browser highjackers.

As we noted last month, some uses for email will give way to blogs and RSS feeds. People are just starting to replace email newsletters with RSS or Atom feeds. They "pull" updated content via HTTP and XML, rather than have it "pushed" to them by SMTP. They read it in RSS readers or aggregators, rather than in traditional mail clients.

As well as newsletters, we’ll start to see see B2C transactional communication offered in personalized feeds (suitably authenticated and encrypted, of course). Not to mention replacing the ubiquitous "family round-robin" emails with blogs.

We’ll see this trend get much bigger in 2005/6. But there’s a problem…

Continue reading ‘RSS replacing email for some tasks?’

During a recent customer call with a large financial institution, the retention and privacy of instant messaging traffic was discussed. The focus of the call was less on technical aspects but more on  legal and regulatory aspects.

In short :

-To date, we have found no legal regulations in any country that explicitly require instant messaging traffic be retained. Similarly, the privacy of instant messaging has not yet been explicitly addressed.

- In the absence of explicit regulations,  an instant messaging system can be viewed in two different ways:  like a phone system or like an email system. There are explicit and internationally harmonized regulations covering the retention of phone records, specifying requirements to capture and retain: phone numbers, duration, caller and callee identity, proof of authentication, and in some cases a recording of the conversation.  There are also explicit, regulations covering the retention of email messages, but they are much less precise, and vary considerably from country to country.

-It appears that some countries like the USA, Luxembourg, Switzerland, Liechtenstein, Singapore, Malaysia, and some South American countries have stricter rules for email retention than do others. For privacy Germany is in a leading role.

- There is an emerging consensus that instant messaging systems should be treated like email  systems with respect to retention requirements.

A recent study by the University of St. Gallen, Switzerland, Intrado and the ITU (International Telecommunication Union) in Geneva reported that more than 80% of all mobile phone users have received SMS SPAM.

Over the next two years, SMS SPAM is expected to  increase and some carriers are already thinking about SPAM filters for SMS.

Vendor Name: QUALCOMM
Date of Publication: March 3, 2005
Author: David Ferris
Source of Information: Bill Ganon, VP, Eudora Products Group, QUALCOMM
Summary of Offering. Eudora makes desktop email clients, and mail server software. Here we focus on its new email software for mobile devices

Company Statistics

· # Full-Time Staff: 7,600 in the whole of QUALCOMM.
· # Full-Time Product Development Staff. 10 people across several groups in partner companies have developed and maintain Eudora2go
· Stock Market Status: Public, QCOM
· Revenues: Qualcomm overall has revenues as follows: FYE 9/26/04: $4.9B; FYE 9/28/03: $4.0B; FYE 9/28/02: $3.0B.
· # Live Paying Customer Seats: Product being launched March23, so no current customers.

Eudora2Go

Product Name: Eudora2go
Product Functionality:
· Email client software running on various cellphones
· Initially available through Verizon
· Aimed at individual consumers, SOHO, and small business users
· Eudora2go easily downloaded over the air
· Email package with address book
· User has email address like david.ferris@eudora2go.net. Ie, user picks the left hand side of address, no choice of right hand side
· Anti-spam and anti-virus built-in
· Email normally pushed to mobile device. Push can be configured for all messages, selected messages, or for no messages.
· 100MB quota on message store
· Message store can also be accessed using IMAP, eg, via Eudora desktop or Outlook.
· SSL encrypted communications between server and handheld, and also to desktop if appropriate.
· You can forward email to this email.
Platforms: BREW platforms. Handsets include LG VX-8000, LG VX-7000, LG VX-6100, LG VX-6000, Samsung A890, Audiovox CDM8940
Competition: Main competition is the RIM Blackberry, and carriers’ own proprietary email offerings. Other competitors are other BREW clients, notably Email Executive, SodaPop Mail, and Remo; and the mobile phone access options of AOL and MSN.
Release Date: March 23, 2005.
Pricing: The initial offering is through Verizon. Here, users may pay $6/month (actual price confidential until commercial launch)
Main Plans--Next 12 Months:
· Eudora2go will be sold via additional carriers. As noted above, initially it’s sold through Verizon
· It will be made to work with Eudora Worldmail, Eudora’s mail server software for Windows-based mail servers.
· The following enhancements are being considered: placing on additional development platforms, such as Java; better filtering intelligence and more flexible definition of a preferred sender; improved attachment management.
Special Characteristics Claimed by Vendor:
· Eudora2go is a wireless push system suitable for the mass-market. This is unlike the RIM Blackberry which is hard to set up, proprietary, and expensive.
· It’s much easier to configure than other wireless handhelds. Configuration can be done by ordinary consumers.
For Further Information. http://www.eudora.com/eudora2go/.

Ferris Research Comments

· Hitherto, the use of email on cellphones has been limited, despite plenty of publicity. This has been mainly due to configuration problems, unwieldy user interfaces, and slow data rates. Eudora2Go appears to be one of the first really practical implementations. It should do well, assuming it performs more or less as represented.
· All in all, we think email on mobile phones is about to go mainstream, in the sense that a significant number of users will start to adopt the technology. We think Eudora2go tends to validate this notion.
· Data rates on cellphones today are typically around 1-2KB/sec. Much higher speed data rates are now becoming available, eg with UMTS in GSM countries, and EVDO in North America. UMTS is delivering effective data transfer rates of around 20-25KB/sec, and Verizon’s is typically 30-40KB/sec. With EVDO, data rates increase to 1 Mb/sec on the forward link and 1.8 Mb/sec on the reverse link. The faster data rates will help email take off for cellphones.
· Eudora2go’s ease of setup is extremely important. Most email-on-cellphones is too hard to set up for ordinary consumers. The way it works with Verizon illustrates its ease of setup. The user selects the "GetItNow" service. They can then choose from various email applications, of which Eudora2go is one. This is then automatically downloaded over the air and stored on the cellphone. It’s a 500KB download. In the first screen, the user defines their username and password. Done.
· This offering will mainly appeal to consumers, small businesses, and SOHO users. Larger businesses will usually be prepared to pay for a higher level of higher level of integration with their internal email systems, and invest the higher level of technical resources necessary.
· Carriers’ own proprietary email offerings have been very poorly received and few people use them. Email implementations in WAP are simply awful.
· Many users will want to connect their pre-existing email account, eg davidferris1234@hotmail.com, to their Eudora2go account, eg david.ferris@eudora2go.net. For example, people will want to have email sent to their main email address, forwarded to their Eudora2go address. One way and another, this type of connection will probably be messier than one might hope.
· Eudora2go is a collaborative effort between several vendors. Rockliffe provides the server code, and hosts the server. Intellisync provides the handset code.
· The BREW platform is a layer of software by QUALCOMM that lets applications run on many handsets. It also has back end billing, a porting kit for OEM integration, and the ability to customize the carrier UI.
· The way revenues are divided is as follows. The developer writes its application, and enters into a distribution agreement with BREW. The application is then posted to a secure extranet, and BREW-enabled wireless carriers can select an application to put on their user catalog. Meantime, the developer and the carrier negotiate a wholesale price (the "DAP", or developer application price). The developer gets 80% of the DAP. The remaining 20% is split between BREW and the carrier. The carrier can also add a further margin if it wishes. Eg, if Eudora2go sells for $7/month, then a DAP might be something like $5-6. Of that amount, $4-$4.80 goes back to the developer and the remaining $1-$1.20 is split between BREW and the carrier.

Ferris Research Consulting

Ferris Research offers consulting on this product. Specifically, we can assist with product competitive evaluation, pricing negotiation, and best practices. For further information, contact sales@ferris.com.