Email Security, If Only There Was a Better Way
Email has been around for decades, and remains the mainstay of enterprise communications. Despite efforts within companies to introduce collaborative solutions that reduce reliance on email, Radicati Group reports that the average number of business emails sent and received per employee will actually grow from today through 2019.
These emails, of course, often contain sensitive text information as well as attached documents, and despite the rise in cloud- and premises-based collaboration software that might account for that drop in sent emails, that practice is likely to continue. It’s simple and easy to attach a document and send it, after all—no logging into a different system to move files, or take other steps to share information. Users will always take the easiest path.
As security and compliance concerns continue to rise across industries, businesses are not only looking for new ways to keep sensitive data safe, but also to cut costs. As a result, many organizations are migrating some or all of their email users to the cloud, marking a fundamental change in the way that email and email-related services such as archiving and encryption are managed.
As this shift is occurring, there are two other factors also in play:
- Lines of business are becoming increasingly more influential in determining a company’s encryption strategy, while the influence of IT is dropping, according to a recent report from Ponemon Institute. According to the report, respondents from three countries—the United States, the UK and France—actually chose their organization’s lines of business management as being more influential than its IT group in terms of determining the company’s security posture.
- Breaches are becoming more public and more costly. Compliance with privacy and data security requirements is a big driver of encryption, not only in expected vertical markets, but across the board in all industries.
Cost and Simplicity
Businesses are migrating email to the cloud for a variety of reasons, according to a recent report from Osterman Research, but the key driver for the use of cloud-based email—cited by more than half of all respondents (52 percent)—is reducing the cost of delivering services. Also on the costs side, gaining certainty over costs was listed as a key driver by 40 percent of respondents.
Businesses are also looking for simplicity in their move to the cloud; 44 percent of respondent said cloud-based email would help streamline IT operations and 35 percent said it would enable agility in a changing user environment. Interestingly, only one-third of respondents (34 percent) listed improving organizational communications as a key factor, and 39 percent sought to drive user productivity by migrating email to the cloud.
Although the majority of respondents 43 percent said they would prefer on-premises virtualized servers as the hardware/delivery platform of choice, nearly one-third indicated a cloud-based system operated by a third party would also be a viable option. To meet the goals of cost reduction and control, many businesses will likely find that a hybrid solution—a customized blend of on-site services and off-site cloud-managed services, with different resources available to different users—will offer the best of both worlds. With many users now working remotely—either permanently as telecommuters or temporarily on mobile devices, on-premises solutions just can’t offer the flexibility of the cloud.
The big concern, of course, is security, and believe it or not, regardless of whether email is hosted in the cloud or on-premises, careless employees are a company’s worst security threat. One out of every four corporate emails contain attachments that include sensitive personal or business data. The majority of emails are openly sent without any form of encryption; 61 percent of employees admit sending confidential information through open email channel. According to the Ponemon study, 52 percent of respondents cited employee error as the most significant threat to sensitive or confidential data. Thirty percent chose system or process malfunction as the biggest threat, and 28 percent selected hackers. The fact that the top two findings on threats relate to mistakes or errors, despite recent headline-grabbing targeted threats, is significant. Ironically, that gaping hole in a company’s security posture can be quite simple to fix with the right encryption solution.
However, many companies are struggling to do just that. According to the Ponemon report, 57 percent of respondents say the biggest challenge to encryption deployment is discovering where sensitive data resides in the organization. Ponemon indicates this isn’t a surprise, and we agree; there’s more data, more endpoint devices and more use of the cloud. In addition, neatly half of all respondents (49 percent) cite initially deploying encryption technology as a significant challenge.
It’s an interesting paradox—the industry is approaching the issue of data leaks caused by employee error by offering solutions that employees will likely ignore because they are too difficult to use. If only there was a better way…
The additional content listed below may be of interest.
- Download our REPORT | How Much Do You Trust Email?
- Read our TECH BRIEF | Encryption Delivery Methods Overview
By Chris Peel, Vice President Engineering, Echoworx