C2C reduces security risk to confidential mailboxes.

22nd August 2002

Reading, UK - August 22nd 2002 - C2C Systems, a developer of E-mail Life Cycle Management solutions for Microsoft email, is offering an answer to accidental unauthorized access to Microsoft Outlook mailboxes and folders. Confidential mailboxes and Outlook public folders can be open to access from unauthorized users due to lack of attention to mailbox security during system administration. Frequent new hires, temporary staff, leavers and departmental moves increase the probability of a mistake. In response, C2C is launching the Exchange Security Risk Auditor - 'ESRA' - to audit and prevent potential security breaches within the Microsoft Exchange system.

Users who gain accidental access to other mailboxes and secure folders are termed 'shadow users' by C2C. Shadow users who might gain access to the mailboxes of members of departments with the most sensitive information, such as Finance or Human Resources, can have an effect on company secrecy, data protection and non-disclosure, particularly within listed companies. ESRA can be used to detect shadow users and incorrect mailbox security during both routine systems maintenance eg when a user leaves an organization, and for regular audits as part of security procedures.

"ESRA can contribute to maintaining company privacy within large organizations where there may be high numbers of internal moves, new hires and temporary staff," said Kevin McCuistion, product manager for Exchange at Microsoft Corp. "Using tools such as ESRA to audit results of in-place company maintenance procedures ensures those procedures are producing the expected results."

"Organizations should be aware of the threat of Shadow users to their email. Shadow users can take advantage when busy IT teams make occasional errors in setting up mailbox/folder access or when systems change and users move over time. The resulting risk to sensitive data in emails, folders, and attachments can lead to financial loss, embarrassment, and legal actions in many cases," according to Dave Hunt, CEO of C2C.

Technical Information - Exchange Security Risk Auditor:

Exchange Security Risk Auditor (ESRA) allows the monitoring and controlling of permissions in an Exchange system. ESRA acts according to flexible, user-definable rules across the organization to find and resolve any permissions discrepancies. It corrects multiple accounts quickly and efficiently, which is of great value to large Exchange implementations, particularly with multiple sites. Additionally, ESRA checks the users of Public Folders, to ensure that there is no risk of curious people accessing, changing, or even deleting these.
Three permissions areas are checked by ESRA:
· Mailbox Access Permissions - Checks which Exchange users have access to which mailboxes.
· Send On Behalf Of Permissions (SOBO)- Shows which user can send mail on behalf of another.
· NT rights associated with mailboxes - Illustrates which users have NT rights allowing them to enter other mailboxes.
http://www.c2c.com/products/ESRA/default.htm

About C2C
C2C Systems www.c2c.com is a leading provider of email life cycle management solutions for Exchange. Established in 1992, the company has provided software to 3 million users at 3000+ customers. C2C products include the MaX Compression suite for auto-zipping email attachments; Archive One for email retention; Active Folders Content Manager for policing of email content; and Exchange Security Risk Auditor for security of mailbox access. A privately held company, C2C's headquarters are in Reading, UK with US headquarters in Springfield, MA and distribution world-wide. All Trademarks acknowledged.

Legal & Privacy