News

E-Mail 'Biggest' Security Risk, Microsoft Says

An organization's security has a lot to do with its E-mail system, a top security official at Microsoft suggested.

"Messaging is fraught with a lot of challenges," said J.G. Chirapurath, Microsoft's senior director for identity and security, in a phone interview. "It comes down to the integrity of the information and who is seeing it. It's all about secure messaging because when you examine the world we live in, e-mail really is the biggest attack vector, as well as the biggest leak vector."

Microsoft's big news on Monday was the release of Exchange 2010. However, the company simultaneously released a security solution for the new e-mail server called Forefront Protection 2010 for Exchange. Forefront is Microsoft's general brand for a family of enterprise software security products. 

Microsoft officials have been saying that Forefront Protection 2010 for Exchange offers faster malware detection rates, even while it uses multiple antimalware engines simultaneously. In addition, they claim that spam protection is at 99 percent, with about one spam message per 250,000 getting through.

Microsoft's literature suggests that the solution can provide protection anywhere through "identity aware security." IT pros can adjust security levels based on access assignments and system parameters. In addition, the product's management system can help identify critical process owners and implement security measures accordingly.

The focus on enterprise-level security for Exchange has a lot to do with the threat landscape, which has been changing.

"The attacks on the OS are devolving, and [attacks] now happen at the application or workload layers," Chirapurath explained. "So the old paradigms of security and old ways of security need to evolve. Deep integration with Exchange is important, and this is integrated with a platform."

And when it comes to e-mail, everyone is subject to attacks -- even Microsoft security officials.

"I carry a laptop and compute within Microsoft where I know I'm protected," Chirapurath said. "But a lot of the time, I also go sit in a coffee shop and view confidential information; use someone else's network. I open attachments from outside. I use mobile devices and I'm not necessarily immune."

Given such scenarios, Chirapurath said, it's important to have a "business-ready security" strategy in place.

About the Author

Jabulani Leffall is an award-winning journalist whose work has appeared in the Financial Times of London, Investor's Business Daily, The Economist and CFO Magazine, among others.

Featured

  • Microsoft Offers Support Extensions for Exchange 2016 and 2019

    Microsoft has introduced a paid Extended Security Update (ESU) program for on-premises Exchange Server 2016 and 2019, offering a crucial safety cushion as both versions near their Oct. 14, 2025 end-of-support date.

  • An image of planes flying around a globe

    2025 Microsoft Conference Calendar: For Partners, IT Pros and Developers

    Here's your guide to all the IT training sessions, partner meet-ups and annual Microsoft conferences you won't want to miss.

  • Notebook

    Microsoft Centers AI, Security and Partner Dogfooding at MCAPS

    Microsoft's second annual MCAPS for Partners event took place Tuesday, delivering a volley of updates and directives for its partners for fiscal 2026.

  • Microsoft Layoffs: AI Is the Obvious Elephant in the Room

    As Microsoft doubles down on an $80 billion bet on AI this fiscal year, its workforce reductions are drawing scrutiny over whether AI's ascent is quietly reshaping its human capital strategy, even as official messaging avoids drawing a direct line.