A New Era for Email Security & Governance As Cloud Storage Services Move From Storing To Understanding Data
The new direction of leading cloud and hybrid content management platforms present a compelling solution to the long-standing challenge of Email security & governance
Somehow the opposition legal team was always one step ahead. This morning it became clear why. An email with internal documents was sent by a paralegal to an external address. An automated system deployed by IT dropped a “tracking beacon” on the message, triggered by the email’s sensitive content and suspect destination. The alert message shows a Google Map with a location marker on the home of an opposition lawyer.
Here in Silicon Valley and elsewhere, leading content providers, like Egnyte, Box and ShareFile are adding increasingly powerful capabilities to their offerings that promise to bring greater structure to the unstructured content of today's enterprise. Content of all types, whether documents or media files, will be automatically analyzed, classified and tagged. Although the initial focus is on content at rest, to MxHero — a company that straddles email and content management platforms — the opportunity of bringing order to the general chaos of corporate email communications is immense.
For decades email has reigned supreme as the business communication medium of choice. Unfortunately, email has also reigned supreme as an ungovernable technology that continues to be incredibly hard to secure without breaking the very ease of use that sits at the cornerstone of its ubiquitous adoption. Most CIOs and CISO (Chief Information Security Officers) have little clue as to what is coming in or going out over email. When they do, it is usually after the fact — a breach or some vital content has been leaked.
Email content is hard to secure and govern because email is both widely disseminated and largely opaque, i.e. its content unknown. Email poses a perennial data sprawl challenge because it’s embedded with the Internet’s original design goal of survivability in mind. Emails are sent as full copies to each recipient, which though great for ensuring that at least one copy survives a nuclear strike, also drives unfortunate and widespread data sprawl. Furthermore, today’s email infrastructure is dedicated to the high volume and mission critical task of reception and delivery of messages. As such, providing no efficient means for analyzing email content for anything, whether of security concern, regulatory compliance or anything else. Most companies have greater insight into how their Twitter messages are trending than what is going on with their internal and external email-based exchanges.
The advent of powerful content management platforms like Box, Egnyte, Citrix ShareFile or Microsoft OneDrive present a new opportunity for email security & governance. What started off as products or platforms mainly offering an easier way to share and collaborate file content, have blossomed into powerful platforms for the security and governance of unstructured data. The current direction of the industry is to go beyond the storage of content, and towards the understanding of content. Only through an understanding of content can one hope to surface valuable information while in tandem addressing security and governance aims. In large part, these platforms are leveraging efficient access to data so as to bring structure to the unstructured. Technologies like artificial intelligence, machine learning, advanced pattern matching and sentiment analysis are all being marshaled to analyze and categorize digital content — or put another way, understand the digital context. Once understood, organizations will not only be able to more rapidly surface relevant content when needed through search improvements, but also to better secure themselves from breaches, internal and external, and to improve monitoring of risks specific to regulatory non-compliance.
Technologies from leading content management providers Egnyte and Box, respectively, are capable of analyzing files across the organization. Leveraging knowledge of the different regulatory requirements, ex. GDPR, HIPAA, etc. Egnyte Protect is able to determine which documents represent regulatory risks. For example, a document with a social security number somewhere in the third paragraph presents a risk as it contains personal information. By leveraging access to all the information stores in a company, Egnyte Protect not only provides a better understanding of that content, but what that content looks like through a regulatory lens. Box’s forthcoming product, Box Skills, adds powerful Artificial Intelligence, image recognition and sentiment analysis to documents and media files allowing, among other feats, images to be automatically classified. Photographs of a product prototype can now be effectively monitored from accidental leakage. Similar capabilities are being added to Citrix ShareFile and Microsoft OneDrive.
Once content is understood and classified, content sent across email can be more efficiently secured and governed. By extending technologies, like Box Skills and Egnyte Protect, to the email paradigm, email and its data can be protected at rest and in motion. Now when an employee unwittingly attaches a document with personal information and sends it out of the company, that document can be instantly quarantined before a regulatory violation occurs. Perhaps a document is part of an internal study, which upon being sent out, the policy is to track its delivery in order to discover potential sources of leakage. Whether tracking, quarantining or simply logging movement of key content, only when content is understood can we better secure and govern our email-centric communications.
Although the advances of cloud and hybrid content management platforms on the surface seem to be relevant only to uploaded files, email comprises on average about 40% of an organizations unstructured content. These technologies will eventually impact and benefit from all content in the organization, including one of the most critical, your email.