When Glenview, IL-based Illinois Tool Works (ITW), a Fortune 200 diversified manufacturer, decided to implement an enterprisewide virtual private network (VPN) for its more than 600 business units around the world, it realized that there was a gaping hole in its secure environment. With over 52,000 employees operating in 43 countries, the $9.3 billion company prided itself in the autonomy it afforded its decentralized business units. But this autonomy was about to come back and bite the company. What executives soon discovered was that it was pretty self-defeating if—having gone to all the trouble of installing a highly secure VPN—the company left the backdoor open by allowing third-party providers to host its enterprise e-mail services.

“Some of our larger units had their own messaging platforms—like a Lotus Notes or an Exchange server,” explained Marc Palano, IT director for ITW. “That was fine with us. But there were also many units using third-party companies to host their mail or provide them e-mail services.” The challenge for ITW was to figure out how to secure this diversified messaging environment over the company’s VPN when the messages weren’t originating on the internal platform.

After investigating its options, ITW concluded that it would install its own dedicated message hosting system at corporate headquarters. This would give its business units an in-house alternative that they could secure over the company’s VPN. Now the trick was to choose a platform that could accommodate the spectrum of sophisticated technology among its business units. “We realized very quickly that some units are moving to wireless mobility, deskless workers, and sales forces,” says Palano. “So we had to have a solution that appealed to a wide variety of units, or it wouldn’t have been a success.”

Mirapoint beats Microsoft Exchange cost of ownership 3 to 1
The search for the right messaging platform quickly narrowed to two: the Message Server M4000 from Sunnyvale, CA-based Mirapoint and Microsoft Exchange. Though corporate headquarters was already using Microsoft Exchange, the cost of ownership for all the features ITW wanted to include in its platform—virus scanning, spam filtering, etc.—was three times higher than it would be with the all-inclusive Mirapoint platform. “We went through all the licensing costs for each option and, basically, the per-user cost was about $4 a month for Mirapoint vs. between $12 and $13 a month for Exchange,” reports Palano. As adoption of the Mirapoint platform spreads throughout ITW’s enterprise, this cost difference could potentially exceed $5 million a year.

Centralized platform offers autonomy without compromising security
In addition to lowering costs, maintaining business unit autonomy was another important factor in choosing the Mirapoint solution. According to Palano, the system easily hosts multiple domains, while allowing system administrators of each business unit to manage their own domain. “The Mirapoint system satisfies our need for security while still giving our business units a sense of independence, which ITW doesn’t want to lose,” says Palano.

Mirapoint lets users define spam for themselves
Another valuable feature of the Mirapoint platform was the MD400 Message Director. This tool allows corporate headquarters to scan e-mails for viruses and filter for spam and content before disseminating e-mails over the VPN to the designated business units. “Spam is costing our business units a lot of time,” says Palano. “Thousands of users spend half their day sorting through junk e-mail.” By putting the spam filtering in at the message director level, Palano estimates that ITW reduces spam by at least 90 percent before users even see the mail.

In keeping with its philosophy of autonomy—and understanding that one man’s junk mail is another man’s treasure—ITW also lets individual users set up their own white and black lists to control the flow of messages to their mailboxes. Palano reports that users appreciate the individualization and are finding the instances of false positive spam identification very infrequent with the Mirapoint system.

Jeff Brainard, product marketing manager for Mirapoint, credits the successful screening to the superior design of the platform’s anti-spam features, a mixture of content filtering and smart heuristic rules. Not only does Mirapoint’s message director analyze words and word patterns in a message, it looks for significant combinations like the word “unsubscribe” at the end of an e-mail combined with the use of capital words and HTML attachments. “Companies don’t want to have a riot on their hands when users start finding that some of their important personal or marketing-type mail is being filtered out as spam,” says Brainard. “So Mirapoint provides a way to let users self-manage what they’re getting as junk mail.”

Bilingual interface complements multinational operations
As with any multinational corporation, ITW was especially sensitive to the needs of its international community. To successfully roll out a messaging platform in other countries, ITW needed a technology that could easily integrate non-English speaking users. “Mirapoint’s bilingual interface on the Web client was very attractive to us,” says Palano. Users can log on, click the appropriate language interface, and the entire site is presented in that language. Allowing users to handle e-mail in their native language is helping ITW facilitate global adoption of its Mirapoint platform.

Ensuring offsite user security
Because ITW business units often exchange sensitive financial and human resources information via e-mail, it was important for ITW to make the Mirapoint messaging platform internal to its secure VPN. But management also realized that there were going to be times when employees were offsite and didn’t have access to a secure VPN client to send and receive e-mail. With the help of its implementation partner, Prescient Development, ITW deployed Mirapoint with SSL (secure socket layer) technology—sophisticated authentication and encryption features such as you’d find on an online shopping site. In this way, users could still gain access to their e-mail over a secure link even if they were logging on at a kiosk at the airport, a desktop at a customer site, or even from home.

Providing uptime in the five-nines range
One of the common complaints voiced by ITW business units using third-party messaging providers was erratic uptime. Like most large corporations growing evermore dependant on e-mail communication, “Reliability was very important to us,” says Palano. “We needed something that was literally five nines uptime (99.999 percent).” Gary Anton, vice president of strategic sourcing for ITW, concurred. “The Mirapoint platform is a strong, reliable system,” states Anton. “It’s easy to deploy, provides lots of capabilities for our end users, and is a very well-managed system for us.”

Providing an audit trail for litigation
With growing concern for the new legal requirements placed on companies regarding the dissemination of e-mail, routing enterprise messaging through the Mirapoint system gives ITW a measure of confidence that it will be able to archive and retrieve correspondences as needed. “We’re currently reviewing the company’s position and policy on the retention of e-mail,” explains Anton. “But having the option to maintain a central storage point through the Mirapoint platform, where we can potentially capture and retain e-mail for all 600 of our business units worldwide, gives us important leverage.” Currently, if litigators need to see e-mail correspondence relating to a particular ITW business unit, they would have to go back to the individual unit to retrieve any archived communications.

Roll out begins with North America
When ITW began deploying its Mirapoint messaging solution, its first priority was to bring in-house the dozen or so business units that were getting going-out-of-business notices from their e-mail providers. The conversion process was relatively quick—a simple matter of entering user names and changing the mail records.

The next phase was targeted at some 6,000 users in North America, which ITW identified were using third-party hosting services for their e-mail and were willing to move to the corporate-hosted platform. “Currently, we have about 35 domains on the Mirapoint system,” reports Palano. “That’s about 5,000 users so far. But another 40 or 50 business units are already in the queue waiting to migrate from their current platform to Mirapoint.”

What surprised ITW was the volume of business units eager to take advantage of the new technology. “What we hadn’t anticipated,” says Palano, “was how many units who were staying on their current messaging platforms were lining up to use the Mirapoint messaging director for virus and spam filtering. It’s really opening up the advantages of the Mirapoint technology to all facets of e-mail users out there in the ITW enterprise.”

Typically, it takes ITW about two weeks to bring a business unit onto the Mirapoint system. “We could do a unit overnight, if we had to,” claims Palano, “But we have a process we like to follow to make sure that everything is set up properly with our VPN.” By properly, he means establishing access control lists and user-level criteria, and sending out training materials to new users who haven’t had the luxury of spam filtering before. “We want to make sure that we answer all their questions prior to moving them over, so that it’s not a culture shock,” explains Palano.

ITW’s next objective is to have all 335 business units in North America going through the Mirapoint system for virus and content filtering, a goal the company feels it can easily reach within the next two years.