Information Security & Governance with MxHero

Alex Panagides
8 min readNov 8, 2018

MxHero combines the power of leading cloud content management (CCM) platforms with the ubiquity of email to solve many of the challenges specific to information security & governance. Here’s how…

The last several years have seen the rapid rise of powerful cloud content management (CCM) and collaboration platforms like Box. These platforms represent new possibilities for securing, governing and collaborating over critical content. Email-based content, which is by some estimates 40% or more of all unstructured content within an organization, is not automatically captured by any leading EFSS or CCM provider.

Lost opportunity: Forty percent of unstructured data (email) isn’t auto-captured by modern CCM platforms

For many organizations, this is a major challenge and lost opportunity, as email is arguably among the most important and regulated content, while at the same time, among the most vulnerable and difficult to govern. MxHero’s Mail2Cloud platform is a purpose-built technology designed to fill in the CCM/Email content gap. In this How-To, we will explore the different ways in which mxHero can be used to bridge the email and CCM divide specific to content-based information security and governance.

Email attachment security


According to the Business Continuity Institute cyber-attack and data breach are the top two business continuity concerns of organizations for the last 3 years running (BCI, 2018).

Source: BCI Horizon Scan Report 2018

Unfortunately, email is one of the primary technologies responsible for exposing critical corporate content. Standard email provides no protections for attached files and attempts to deploy widespread adoption of email-based encryption has largely failed in the market. One viable solution to improving attachment security is to have attachments delivered as secure content links (Example: a secure URL-based content link within the email in place of the actual attachments). A content link is in continuous control of the organization or sender even after delivery of the message. However, the challenge is how to get users to adopt a new habit of always using secure content links and when they do, to ensure they set the correct security profile (e.g. organization access only, auto-expiring, view only, etc.). When security around email-based content is based solely on the elective use by the end-user, gaps in the security system will occur and it’s not always malicious. There must be a better way.


MxHero’s Intelligent Platform (Mail2Cloud) solution solves for the above challenges by automatically replacing email attachments with secure CCM links. Not only are attachments replaced with secure links, but the security level of those links can be pre-determined appropriately based on sender/recipient and content of the message and/or attachment (e.g. they can be set to auto-expire after X days, they can be set for internal only, they can be set for view only with no download, etc.).

MxHero: automatic replacement of email attachments w/ secure CCM (e.g. Box) links

The best part is that there is nothing that the end user needs to do. In other words, no adoption challenges. No software or training is required and mxHero can act on all emails regardless of device (laptop, mobile phone, etc.). End-users send/receive email along with its associated attachments the way they’ve always done it. With mxHero’s Intelligent Mail2Cloud Platform, the content is auto-captured, meta-data defined, and the payload uploaded into the targeted CCM platform folder with its associated and pre-defined security overlays. Recipients receive a controlled link to the content. Problem solved!

Meeting regulatory compliance


Many industries face the enormous challenge of getting users to comply with required regulations, especially when compliance requires changes in long held workflows. Email represents one of those challenges. Many regulations including HIPAA, FINRA, GDPR, etc. specifically call out and concern email. Many CIOs and compliance officers struggle to get their users to adopt to new workflows such as using a secure portal or by inserting secure links to content when sending personal health information (PHI) instead of email. The reality is users don’t adopt readily and the company has a constant risk profile due to non-compliance.


CCM (e.g. Box) + mxHero end-to-end encrypted delivery of PHI via email

MxHero solves this problem by allowing central IT to automatically ensure the email content is delivered as compliant, controlled and secure CCM links. For example, attachments delivered as encrypted Box links satisfy HIPAA requirements around secure delivery. Best of all, no change management is needed. Users send emails as they have always done and from any device. All content is secured in-flight and in real-time. The company is compliant and users are not burdened with yet another process.

Data sprawl containment


A company with 1,000 employees will expose a stunning 13,833,000 files as unprotected email attachments in the course of only a year (read more). CIOs and CISOs are locked in a lost cause effort to contain the ever growing sprawl of company content caused by email.

The uncontrollable sprawl of data caused by email


The aforementioned ability of mxHero’s Intelligent Mail2Cloud Platform to replace email attachments with secure and controlled CCM links eliminates the proliferation of files sent unprotected through email. Emails no longer carry files. All files sent are moved to the company’s CCM platform (e.g. Box). Shared CCM links deliver files with advanced encryption, can require access authentication, track access and can be automatically expired (for example 14 days). As such, a breached email server no longer renders years of attachment content.

MxHero contains data sprawl by eliminating email attachments w/ secure & controlled CCM urls

With the “flip of a switch” the organization is no longer exposing vital content as unprotected email attachments.

Message & Attachment tracking


More than unprotected, email messages and their attachments provide no means of tracking delivery and access to their contents. The ability to confirm delivery and chain of custody of email content is vital to many types of correspondence, including time sensitive documents like regulatory notifications, project plans, sales proposals, contracts, IP instruments, etc. Furthermore, the ability to provide evidence of notification can be important during litigation and audits.


MxHero CCM links provide detailed tracking & audit capabilities that can't be circumnavigated

MxHero can be configured to add tracking to email messages and attachments. In the case of file attachments, converting attachments into CCM links ensures that tracking is obtained unlike standard email “notification requests” that are often ignored. The associated link tracking can provide organizations of tomorrow with data intelligence and insights around their email-based content payloads that today are not visible.

Saving business records from email retention deletion


Given the risks associated with over retention, many companies are implementing email retention limits; for example, all emails over two years of age are deleted. While email is not a formalized system of record, many important business records are sent through email, such as, contracts as file attachments or even email messages with written agreements. The challenge is how does an organization get this content out of the email system before it is deleted?

Baby with the bathwater: retention policies may result in email-based content record destruction


MxHero’s Mail2Cloud email-synchronization feature can extract business records in messages and attachments from email archives and inboxes, and automatically move those vital records to the company’s CCM platform before the email messages are deleted. Furthermore, mxHero can automatically file extracted content into target folders (example: contracts auto-filed to corresponding client folders).

MxHero captures important business record before email retention deletion

Anti-phishing & virus protection


Email is the number one threat vector for cyber-attack (source). Despite significant investment by companies and a large email security industry ($7 billion annually by some estimates), email breaches continue to be commonplace. Email attachment payloads are especially dangerous as they are commonly opened locally on an end-user’s device and thereby used to release viruses within an organization’s firewalls.

Attachments are a key vector for virus attacks


What if an organization could provide a layer of protection between the end user and the inbound email attachments in such a way as to allow users to preview the email attachments “before” downloading them to their local device? With mxHero’s “attachment preview only” option, organizations have exactly this option. All attachments are received within the end-user’s email as secure CCM preview links only. The end user can first preview attachments, away from their device, before downloading. This option works uniformly for every device, whether desktop, laptop or mobile (read more). The threat vector reduction is therefore significant.

CCM (e.g. Box) preview of attachments for secure, remote view

Resilience against email breaches


Email breaches are unfortunately a common theme in the news cycle. The true risk of email resides not with messages in transmission but with the email-based content at rest. An email archive or server typically contains years if not decades of sensitive communications and files. A single breach into these repositories yields an enormous amount of valuable data for hackers.


MxHero’s Intelligent Mail2Cloud platform can automatically scan email servers and archives for sensitive content and move that content automatically to the company’s secure CCM platform. This option allows companies to move email attachments into the company’s CCM solution directly from messages contained within end user mailboxes with minimal disruption. The attachments are replaced with secure CCM links ensuring that the user still has access to the information right from their email account while making that information inaccessible to a hacker in the event the user is compromised, accidentally forwards a message or misplaces a device.

Email was purposely built for communications. It was not built to handle the content payloads we’ve currently placed upon it. By extracting the payloads, we reduce the threat surface, improve collaboration and workflows, and drive enhanced value upon the investments organizations are making with their cloud-based enterprise content management strategies.