cfo.com

Print this article | Return to Article | Return to CFO.com

Seek and/or Destroy

Plus, companies get the instant-message; all quiet on the IT budget front; and software that covers your assets.
Alix Stuart and Scott Leibs, CFO Magazine
July 1, 2002

There are two problems with e-mail: how to lose what you want to hide and how to find what you need to retrieve. Merrill Lynch's Henry Blodget and Andersen's Nancy Temple can attest to the hazards of the former, after discoveries of their E-memos led to federal prosecution. Untold numbers of less notorious but equally harried employees have complained about the latter when forced to rifle through dozens of irrelevant messages in search of the one that holds a critical nugget of information.

Many companies have policies requiring employees to delete E-mail messages, but such policies are often ignored. And deleting a message, it turns out, is much tougher than it seems. Simply hitting the "delete" key rarely does the trick, since copies may still reside on the sender's or recipient's hard drive, or with anyone to whom the sender or recipient may have forwarded the message. Experts in forensic computing have proved adept at recovering E-mail messages that employees thought they had vaporized.

One potential solution comes from software that can "expire" both sent and received E-mail, or restrict a recipient's ability to forward or print the material. Products from such companies as Atabok, Authentica, Omniva Policy Systems, and Tumbleweed Communications let senders encrypt outgoing E-mail and then provide recipients with conditional access to the decryptor key, which stays on the sender's server. "We have no notion of where someone might have stored an E-mail or on what servers copies might be residing," says Jim Hickey, vice president of marketing for Authentica. "But our product gives you an opportunity to expire the key at the server, so it doesn't matter."

That means, in theory, that everything from personal notes to top-secret product specs can be deleted after a specified time. With most products, a company can set global deletion rules based on sender or recipient characteristics, or keywords. Some, like Authentica, let senders themselves decide, and even revoke a recipient's viewing privileges ad hoc, should a relationship change. The products can also be set to delete E-mail received internally, based on company-specified rules and keywords, although this leaves untouched copies the sender keeps or sends to others.

Not For Everyone
Unfortunately, these software products are not panaceas. "There is absolutely a need for them, but they're a hassle to implement," says David Ferris of Ferris Research, a San Francisco­based market research firm. It takes significant upfront work to configure a system to filter all E-mail and automatically delete certain types, he says. Permitting employees to individually determine expirations requires absolute confidence in employee compliance, and can be time-consuming. Further-more, recipients of encrypted E-mail may need to have special software installed to read the messages, or may have to access them via a third-party Web site. Even Authentica's Hickey admits, "This is not something you'd put on everyone's desktop." Nor does he suggest all E-mail be encrypted for future control. "Probably 10 to 15 percent of correspondence would merit this."

But the software is useful for protecting obviously sensitive documents that are carried in E-mail, such as sales strategies, business plans, and due-diligence information pertaining to an acquisition. Matthew Kovar, director of Security Solutions & Services at the Yankee Group, expects "secure content delivery" technologies and services to be an $800 million market this year, more than quadruple what it was just two years ago. The market may get an additional boost as vendors make the products easier to use. This month Omniva will launch a new product that can be integrated into the corporate E-mail directory and gives companies more control over who can and can't receive certain E-mail. Recent privacy legislation, such as Gramm-Leach-Bliley in the financial-services sector and HIPAA in health care, has also prompted companies to take a look at E-mail management tools.

Should it Stay or Should it Go?
Costs for such software vary widely. Authentica charges between $30,000 and $50,000 for a perpetual license for the first 1,000 users. Tumbleweed, which charges on a per-CPU basis, says its average deal is around $500,000. Buyers need to be cautious when selecting a vendor, since many of them are new and attempting to establish themselves at a time when most companies are watching every penny. Tumbleweed, one of the few public companies in this space, has yet to turn a profit; it lost more than $114 million last year as revenues dropped 22 percent.

For companies not subject to industry regulations, retaining E-mail for long periods of time is probably not necessary, says Michael Overly, an attorney with Foley & Lardner, and the author of Document Retention in the Electronic Workplace. Two-thirds of companies have a formal E-mail management policy, which sometimes includes parameters for deletion, if only to save storage space and keep system response times high.

However, he cautions that companies should be ready to suspend deletion activity as soon as litigation looms. "At times, destroying E-mail, even if it contains nothing damaging, can lead to legal problems," he says. For example, says Overly, Hughes Aircraft was once held liable for $90,000 for destruction of evidence, partially as a result of accidentally overwriting E-mail relevant to the case after the former employee's lawyer had notified them.


But it may be the "save" key rather than the "delete" key that poses the biggest problems. E-mail archives often act as a handy filing system, until you have to find a piece of information buried in a particular message. Bellevue, Wash.-based Applied Discovery Inc. is one of several companies (others include Fios, Electronic Evidence Discovery, and Tumbleweed) that help clients find the needle in the E-mail haystack. The company categorizes, manages, searches, and reviews electronic data (E-mail, documents, and other "unstructured" data) from clients via a secure online "reading room."

Applied Discovery is helping Enron organize its electronic files, including E-mail, into a central, searchable repository for the plethora of lawyers and regulatory bodies looking to build their cases. "This way, Enron has to process the information only once," says Applied Discovery CEO Michael Weaver. A customer typically ends up paying about 20 cents per page for information managed this way, as opposed to $1.30 for the traditional method of coding and scanning.

Laurel, Del.-based KVS Inc., which sells an E-mail search agent for Microsoft Exchange, says calls from investment houses and energy companies have kept its phone "ringing off the hook" in recent months--presumably the one form of non-E-mail contact the company embraces.

Instant Success
Even as companies grapple with the billions of E-mail messages they generate each year, a new form of communication is competing for corporate mindshare and dollars. Instant messaging, which began as an enhanced way for consumers to chat on AOL, has taken hold in the business world at an astounding pace: Ferris Research estimates there are 100 million users worldwide. Jupiter Media Metrix estimates that 16.9 million U.S. business users were IM'ing, as it's known, since this past April. More significant than the actual number is the growth: dozens of companies now offer IM software and services, and analysts expect IM to be as ubiquitous as E-mail within a few years.

IM comprises several functions, but the two most useful are the ability to have a real-time E-mail conversation in a pop-up window and to see at a glance who else is "present"; that is, at their PC and available to IM.

IM often comes into companies through the back door, as savvy employees simply download free software from AOL or Yahoo. But the many private companies vying to become leaders in IM argue that the bare-bones IM functionality that can be plucked from the Internet for free poses major security and privacy risks, and doesn't include a host of administrative capabilities essential to managing the growing volume of IM content. As IM becomes a popular way both for employees to chat and for companies to talk to customers and suppliers, these purveyors argue that today's freebie will ultimately exact a high price. "But the free versions are actually good for us," says Ryan Alexander, president and COO of Omnipod Inc., which sells a suite of IM and file-sharing software, "because the security concerns prompt companies to suspend its use, but employees balk, so companies decide to buy products that meet their needs."

Alexander says IM will soon become a commodity, so he and other newer vendors are in a race to bundle it with other services and capabilities. Given that competitors include Microsoft and Lotus, smaller firms have plenty of motivation to innovate. --Scott Leibs

IT Spending

Same Budget, Different Day
For IT budgets, tomorrow is still a day away. New surveys from Morgan Stanley, Meta Group, and Gartner/Goldman Sachs find scant evidence of a second-half rebound in tech spending. The surveys do suggest that further belt-tightening is unlikely, but none found much reason to expect a significant uptick--even if the economy rebounds. CIOs must now rival New Hampshire voters as the most intensely polled group in the country; as bellwethers of economic recovery, they give little reason for cheer.

The economic doldrums are just one factor at play. Another is overcapacity. Companies have licensed more software than they are actually using, and until they fully tap what they have, they are unlikely to sign on for more. The absence of any major new product or innovation in technology infrastructure also hurts. "We've always had some form of dramatic change," says Charles Phillips, managing director at Morgan Stanley, whether from hierarchical to relational databases or from client/server to Internet architectures. But now, with Internet standards reasonably stable, most companies would probably focus on absorbing what they've bought even if the economy weren't making that their only option.

Phillips believes that the worst is over, and that, based on his monthly poll of 200-plus CIOs, there will be gradual improvement in spending for the rest of 2002, and additional improvement in 2003. Meta Group's more informal survey of approximately 70 CIOs saw less indication that budgets will increase, prompting the company to declare that "there is no immediate end to the worst IT industry recession [in history]." Gartner surveyed 369 IT managers in May and found that while 89 percent believe the world economy will show signs of recovery in the second half of 2002, 78 percent say it won't affect their technology spending, which is expected to drop by almost half a percent.


The surveys found that companies do plan to spend more on security and on Internet applications and connectivity. That means something else has to give. Morgan Stanley found that the deployment of big-ticket applications is one such area: three-quarters of respondents had yet to roll out any "major" packaged applications this year (as of April), although companies that have already deployed ERP and CRM were likely to move ahead on upgrades, which have small up-front costs and leverage existing IT staff. Meta Group found that services such as systems integration, consulting, and outsourcing were likely to be cut back as companies assess whether bringing projects back in-house can save money. -- S.L.

Back to Basics

Top IT spending priorities

Source: Morgan Stanley, March 2002

Go TEAM?

Given the current mantra to "do more with what you've got," one might expect a ready market for software that aids that effort. And in fact Enterprise Asset Management (EAM) software, which helps companies manage the maintenance, repair, and other expenses associated with shop-floor equipment and similar assets, racked up $1.2 billion in sales last year and will reach $1.8 billion by 2006, according to ARC Advisory Group.

But that's only a 5.3 percent compound annual growth rate, sluggish by any standard. Why the slow uptake? Houghton LeRoy, director of consulting at ARC, says the current market is too fragmented: some companies specialize in factory equipment, others in IT gear (a sizable market not included in the figures above), still others on just one part of the lifecycle, such as procurement.

Some software suppliers have begun to morph from EAM to TEAM (Total Enterprise Asset Management). These firms believe that whether through acquisitions or partnerships, growth depends on offering a broader array of asset-management software and services, and hope that by doing so they can sell to top-level executives rather than middle managers.

William Keyworth, vice president of product management at Peregrine Systems Inc., has his doubts. He says that extracting maximum value from a piece of factory equipment designed to last 30 years is a different challenge from efficiently deploying, say, desktop computers, which may last only 3. Peregrine, which concentrates on IT assets, prefers the term "infrastructure management," and says that just because various problems can be classified as "asset management," doesn't mean the same solution--or company--can solve them all. Gartner estimates that fewer than 25 percent of companies have an IT asset-management program, and that without one, companies spend $560 to $800 more per worker than they need to. Whether EAM and infrastructure management firms team up or mine their respective niches, they face competition from ERP vendors, which see asset management as a growth market. --S.L.




CFO Publishing Corporation 2009. All rights reserved.