It is often said that outsourcing of services is an increasing trend among companies, but if we stop to think for a moment, this is something that has been going on for a long time, albeit under another name. Office cleaning, electrical maintenance or the supply of drinking water, for example, have almost always been contracted out to other companies, as they require specialized personnel and in many cases, such as the supply of water, they are services that a company can simply not provide for itself.
And what do we demand from the company supplying water? Simply that the water is drinkable, the supply is continuous and that there is adequate water pressure. But what is asked of an ISP? That it provides broadband connection without interruptions in the service. Interestingly, comparisons can be made between the services offered by water companies and those provided by ISPs: we expect our ISP to have good servers, just as we expect the water company to have adequate water tanks; whereas we can ask our ISP to host our web pages, we can ask our water company to provide water coolers for fresh drinking water.
It’s all very similar, except for one important difference: whereas the water companies are required to provide potable water, the ISPs are not subject to the equivalent demands. There is no concern for the quality of content arriving through our communication lines; as long as IP packets arrive at the right speed and communication does not fail, we are seemingly happy.
Meanwhile, among the kilobytes or megabytes of information that reach our servers there are large quantities of malware, spam or fraudulent emails, but as long as they keep arriving, we’re happy. Yet the minute our water has the slightest tinge of brown, or smells a bit too much of chlorine, we are on to the water company straightaway. And even though there may be no real health risk, we want our water to arrive in perfect conditions.
Who has ever asked an ISP to clean Internet traffic of malware? No one would argue that the Internet doesn’t have risks, and users are generally aware that when they connect to the Internet and receive email they could be receiving a variety of malware, spam, fraudulent messages… But why should all this reach internal mail servers?
Internet service providers have a huge responsibility with respect to the content of the information that they provide to their clients. The water companies have certain commitments (tacit and contractual) and ensure that the water supply meets certain standards. Clients would not accept an inadequately filtered water supply in their companies, so why accept email saturated with adverts for strange pills to boost one’s sexual appetite?
The solution is simple. If an ISP offers some type of clean mail service, take them up on the offer. But don’t ask them to indiscriminately delete attachments simply ‘because they are dangerous’. Messages should be analyzed conscientiously, and not just in search of the typical dangers of viruses, but also any form of malicious code which should be detected even if it is unknown.
Once you have contracted this service, you will notice a new sense of calm about your internal mail server, and network users will see how their email is clean, and free from threats or risks. You will then be able to open your email with the same peace of mind that you have when you drink a glass of water.
Fernando de la Cuadra
International Technical Editor
Panda Security (https://www.pandasecurity.com)