There is a hidden menace lurking at the heart of many large organisations today. It can lie dormant for many years and senior managers may be blissfully unaware of its presence. Major enterprises have evolved complex email architectures that frequently connect to a web of applications stretching back decades. It's a highly delicate ecosystem and so any changes to it - like moving part of your email backbone to the cloud for example - can trigger serious unforeseen consequences. In extreme cases it unleashes an e-mailstorm, a tidal wave of e-mails that swamp the company's network leaving untold damage to systems and reputations in its wake.
We have all heard about "bots" - networks of compromised unmanned processors that cyber criminals have hijacked to produce phenomenal quantities of spam or phishing e-mails. What's not so well documented is that all major organisations typically have thousands of potentially friendly "bots" inside their ERP, CRM or marketing applications with as many as 30,000 machines legitimately e-mailing information in the form of alerts, updates or status reports.
In the normal run of business this obviously isn't a problem. But large enterprises are full of legacy applications where ownership and knowledge is spread across a small number of users, or in some cases lost completely. It's when minor changes are made to these applications that unintended knock-on effects can occur. Suddenly the sleeping giant is awake and starts generating large volumes of e-mail that swamp your systems without warning. Thankfully it doesn't happen that often but when it does it can bring a corporate e-mail system to its knees and wreak reputational havoc in the process.
I have witnessed cases where major banks had to be taken offline because inexperienced people were testing modifications to major operational systems and, due to lack of knowledge or oversight, have ended up generating spurious rogue messages that ultimately brought down the e-mail system for a number of hours. You have to ask yourself if your company could afford to be hit by such event.
To avoid this ever happening to you, you should first adopt a four-phase approach, namely
• Identification - establish all applications that are generating e-mails within your organisation,
• Registration - log what these applications are, what they are doing, what they are allowed to do and who owns them
• Monitoring - track that the applications are compliant with their registered profiles
• Control - where non-compliance is found throttle and manage the use of resources in line with their registration
and second it's worth having enterprise e-mail experts on hand to make sure any planned e-mail system changes go without a hitch.