Thanks to recent disclosures about accounting irregularities at Enron and WorldCom, corporate e-mail confidentiality and retention policies are enjoying a moment in the IT spotlight.
It is more and more common for e-mail to be used to send highly sensitive and confidential data, but most companies do not actively manage the trail of electronic documents and the threats to company security. San Francisco-based Omniva Policy Systems this week releases Omniva Policy Manager Enterprise Edition, a secure e-mail policy server designed for Microsoft Exchange message environments. The company, like several of its competitors, is trying to emphasize the dangers of unprotected e-mail messages.
Founded in 1999, Omniva has raised about $20 million in three rounds from lead investors Kleiner Perkins Caufield & Byers, Red Rock Ventures, JP Morgan Ventures and Mitsui & Co Venture Partners. Partners include Microsoft, Check Point Software, Zantaz and RIM.
Omniva claims to make it easy and simple to maintain control over proprietary information, keep customer information private and comply with federal document retention regulations. The company's Omniva Policy Manager Enterprise Edition works in Microsoft Exchange 5.5 and Exchange 2000 environments, employing 128-bit encryption algorithms to enforce policies for retaining or destroying electronic documents.
E-mail messages are encrypted and sent in HTML format with enclosed policies. When the message is received, the HTML is rendered and a call is made to an Omniva server to fetch the key that decrypts the message. The sender can control how long the key will be made available before it's destroyed. Support for IBM/Lotus Domino is expected later this year.
A separate product, Omniva Wireless Gateway, adds support for wireless BlackBerry devices – which don't support HTML. The gateway renders the HTML messages on behalf of the device, gets the key, decrypts the message and sends it along to the BlackBerry.
Policy Manager also lets administrators assign email rights and restrictions across an organization, with employees granted different sets of privileges. Designations for individual messages include 'company confidential,' which means the e-mail cannot be forwarded to the outside world, and 'do not forward,' which means the e-mail cannot be shared with anyone who is not on the address list.
Omniva Policy Manager works with NT and Active Directory. In a marked improvement over traditional alternatives, Exchange Server doesn't need to be touched during installation of the product. Client installation usually involves an update of the Windows Installer and the installation of a Microsoft Outlook add-in that adds policy buttons to the toolbar.
Pricing for Policy Manager 3.0 starts at $15,000 per server and $150 per client. Wireless Gateway is $15,000 per server and $75 per client.
Omniva is fairly realistic about its opportunities. In order to get the system adopted, the company was careful to not place an extra burden on the end user or the IT staff, said Kumar Sreekanti, Omniva president and chief executive officer. Previous e-mail security schemes have failed because their deployment and rules implementation have been troublesome for the network executive, and the exchange of email has been an intrusive process for the sender and recipient.
We don't think that Policy Manager is completely foolproof, but companies employing Omniva's Policy Manager will be happy to have some form of protection.
Omniva faces direct competition from companies such as Infraworks and Authentica. Omniva's secure e-mail policy solutions are also only a short step away in concept from schemes such as Microsoft's Palladium and the more general digital rights management (DRM) software. With the rise of mobile computing, simple devices like MP3 players are being integrated into personal digital assistants that are always online, allowing online authentication and authorization to unlock the cryptographically protected digital content.
Much like Omniva's secure e-mail policy approach, DRM technology secures content such as HTML, PDF and MP3 files by creating a digital wrapper, which includes an algorithm to decrypt the information. Some DRM applications can recall e-mails or files, depending on the rules assigned by the content owner. But for the time being at least, the advantage Omniva and email policy solutions have over DRM, such as that from InterTrust, is that DRM systems are difficult to install. DRM systems tend to take months to integrate into a digital distribution system.
Omniva is currently pursuing a direct sales model. Longer term, we would expect it to receive traction with OEM relationships.
the451 (www.the451.com) is an analyst firm that provides timely, detailed and independent analysis of news in technology, communications and media. To evaluate the service click here.