- Nearly half (45%) of employees have accidentally included banking information in email sent to an unintended recipient outside the organization, a new study found.
- According to Verizon’s 2017 Data Breach Investigations Report, hackers delivered two-thirds of all successful malware (penetrated the victim’s network) during 2016 via malicious email attachments
- Ponemon Institute estimates a 27% probability that a U.S. company will experience a breach in the next 24 months that costs them between $1.1M and $3.8M
Email is insecure. Decades of effort to secure content in email have failed. It’s time to get content out of email in a way that doesn’t impact how the user works.
It’s time we rethink email security. Despite more than 40 years and a $7B information security industry, the near continuous news of email related breaches, is a clear sign that the email security problem has not been solved. It is time we accept that email can not be secured and consider a different strategy.
The email security problem hasn’t been solved for two very good reasons. One is that since its inception, email’s design has been to deliver a full copy of its content (message & attachments) to each recipient. The second is that measures to protect the content sent over email have never been adopted by users. As a result, email - the primary communication medium of organizations globally, is a medium that widely disseminates sensitive data while providing no data protection.
No wonder email is such a security risk.
Despite its risk, email usage is on the rise. By 2020 it is predicted to grow another 6% or in absolute number, 214 million new accounts [Radicati, 2017]. So what is a CIO to do? Email is a classic “you can’t live with it, can’t live without it,” conundrum. A CIO could decide to stop using email, but something would need to be put in its place. Indeed, many organization have taken this route by adopting communication platforms like Slack or Facebook’s Workplace, but these platforms are inward facing and don’t address the risks of external communications. The holy grail remains a solution that provides information security to email without requiring end user effort. But if content can’t be secured in email, then we have only one option — get content out of email, yet make it accessible from email. Fortunately, with the rise of powerful cloud content platforms over the last decade, a viable solution has emerged, providing security to content sent through email without end user disruption.
The emergence of cloud storage (cloud content platforms like Box, Egnyte, Google Drive & MS OneDrive), opens the way to secure email without disruption in a way that wasn’t before possible. Cloud storage services are purpose built technologies for the secure sharing of content inside and outside of the organization’s walls. These technologies have only begun gaining market traction in the last several years and are quickly becoming the new paradigm for information collaboration. To a large degree, cloud storage overlaps in function with email with regards to sharing content. The difference is that cloud storage file collaboration is based on sharing links to files and not the files themselves, allowing much greater security, in the form of access controls, access tracking and containment of data sprawl — since copies are not necessarily delivered to each recipient.
Despite the greater security of content collaboration via cloud storage, email is still the default medium in which people communicate and therefore ultimately collaborate. If we could merge cloud storage’s secure delivery of content with email’s ubiquity as a collaboration medium, an ideal solution would result. Indeed, companies that have adopted cloud storage often mandate that all files be shared as links pasted in emails. Alas, old habits die hard and more often than not, end users continue to send email attachments as they have always done. Furthermore, there are many situations for which cloud storage links can not easily be created, for example, emails received from others or sent from devices that don’t facilitate cloud storage integration. Sending a file as an cloud storage link from a mobile phone app can be a cumbersome process of copy and paste across multiple mobile applications.
To solve the challenge of securing email content with cloud storage while avoiding the difficulties of changing user behavior, MxHero developed Mail2Cloud. MxHero’s Mail2Cloud platform was first deployed in 2015 and integrates with any email platform to automatically move email messages & attachments to secure cloud storage. Over the intervening years, MxHero and its clients have observed that this is a viable strategy for securing information in email. The experience has been that within 30 minutes, organizations can ensure that all files sent through email are delivered from their secure cloud storage. One organization is a US Defense contractor that deployed Mail2Cloud with the specific aim of securing classified communications over email. Furthermore, the observed end user impact has been minimal. Being a server-side solution, no software needed to be installed by end users, nor was there any change to how email was used. A CIO of a leading technology company deployed mxHero to nearly 2000 users with, in his words, “no change management.”
Merging email with cloud storage with a server side solution has created benefits beyond just email security. Users were able to send & receive large emails, 20Mb or larger, with their existing email client. By moving the content in to a central cloud repository, the organization was better able to govern and control content flowing through email. Finally, advanced, real-time classification of content provided by mxHero was able to organize emails and attachments into meaningful folders in the company’s cloud storage, ex. all communications with clients in per client folders.
Ironically, once we accept that email can’t be secured can we craft solutions that secure communications over email. The solution presented here and being used by innovative organizations globally, is to get sensitive content out of email and into secure cloud storage without disrupting how users work. By leveraging leading cloud content platforms, server-side solutions can implement a strategy that utilizes the superior security and governance of this emerging category to solve email’s long standing security deficiencies without end user impact. In doing so, enterprises of tomorrow will drive the ‘Future of Work’ towards more secure, collaborative and workflow enabled solutions around their most vital enterprise content, approximately half of which today, unfortunately resides in email. There is a better way!
MxHero’s products and services gives companies, service providers and end users powerful new ways to control, use and analyze email-based content. Apps developed for MxHero’s platform work with any email management program, including Gmail and Microsoft Exchange. MxHero is the 2016 Box Elite Partner of the Year, has partnered with Canon USA for go to market, and provides solutions mapped to the world’s foremost cloud and hybrid content management platforms including Box, Egnyte, Citrix Sharefile, Microsoft OneDrive and Google. Information on all of their Mail2Cloud product line can be found at http://www.mail2cloud.io. More than 3,500 companies with over 1 million users have added MxHero to their email. To learn more about MxHero visit http://www.mxhero.com. Find MxHero on Twitter: @mxheronet and Facebook: MxHero.net