Think your internal network is secure?

The Fourth Fallacy of Enterprise Computing is "the network is secure". Too many people trust that communication that travels across the wire, particularly the internal network, is somehow protected from prying eyes. This Shark Tank story, although not an exact match, sort of proves otherwise:

    Hey, if you can’t trust IT, who CAN you trust?

    CEO decides that his company is getting too much spam, so word comes down to this pilot fish in IT: Find a better spam filter and get it working pronto.

    "This I duly do," says fish, "and I get the latest all-singing, all-dancing heuristic-learning spam filter that can constantly adapt to new types of spam as they appear.

    "But first it has to be trained. This requires me to read all the e-mails coming into the server and train the spam filter for a period of time."

    There are meetings. There are presentations. Finally, top management decides to go ahead. And for the next two months, it’s fish’s job to read the mail.

    And fish takes pains to make sure everyone understands what’s going to happen. "Announcements are made throughout the company of what is to take place," fish says. "Our Internet policy is rewritten and agreed to by all employees so I am allowed to perform this necessary service for this period.

    "On Day 1 of the start of the learning process, one of the first e-mails I read is from the (married) CEO’s lover, very saucy and totally non-unreadable.

    "By the end of the first week, I’ve learned who is gay, who is having affairs, who is running their own business on company time, who is sending out resumes and who hates who.

    "I also learned that the CEO is planning to move the company 50 miles away and sell it in six months’ time."

    At the end of the first week, fish is called into a management meeting for an update on progress of the spam-filter project. He reports that the filter has already reached 96% efficiency.

    And he does it with a straight face. "I have to force myself not to grin knowingly at various people I now see in a new light," says fish.

    "It’s written in our ISO procedure documents that all e-mails, incoming and outgoing, are archived for five years. But I guess people don’t read those.

    "I look forward to next week’s e-mails."

So what’s in YOUR email server?