It used to be the case that internally created and internally transmitted messages (the oldest form of e-mail) were of little threat to the security posture of an organization. That was before we actually started monitoring what went on behind closed doors, so to speak.
Organizations started paying a little more attention to internal messages once compliance and legal requirements made it more important to do so. But the focus for e-mail protection has always been on incoming messages, and more recently, outbound messages. But there is still a heck of a lot of messaging going on behind the firewall, and security and compliance vendors have only recently begun to address it.Compliance with internal policies and external regulations might be a driver but it isn't the only reason to monitor internal messages. With all the mobile devices that divide their time on and off the corporate network, it's becoming easier for malware to slip into the organization via someone's briefcase. Message attachments don't have to pass through a firewall if they ride in on portable media or get stored as a file and duplicated before a device is synched up with a server.
The good news is that you no longer have to purchase and manage separate control systems to monitor inbound/outbound and internal message traffic. For Exchange servers, Nemx just brought out a new version of its SecurExchange product that monitors what Nemx president John Young calls the four critical levels of security: Inbound threats; outbound policy violations, internal monitoring for enforcing compliance and acceptable use policies; and after-the-fact scanning to locate violations in existing message stores.
That's a step in the right direction. Expect more and more vendors to do something similar. But those with appliance-based systems that sit at the perimeter will have to work up a new way to include internal protection.