In our previous blog we spoke about how to extend cloud data protection to storage that was hosted off-premise. Storage is one of the primary applications for cloud storage. It’s easy for individuals to sign up for without detection or permission from system administrators, and thus it’s easy for end users to abuse cloud storage in turn, either unknowingly or on purpose.Aside from storage, however, there’s another area that’s rapidly transitioning to the cloud, an area where users can also abuse lax privileges—cloud email.
Cloud email, or webmail, is an area where companies are expanding, moving from hosted clients like Outlook and Thunderbird to web-based offerings such as Gmail or Office 365. According to Gartner, 13 percent of public companies(from a survey of 40,000 institutions) have adopted cloud email, with most users coming from the SMB category. Although 13 percent is a low number, it’s definitely growing. After cloud hosting, cloud email is the second most popular cloud technology.
One of the main problems with email exchange, of both cloud and hosted varieties, is that it is far and away the most popular vector for cyber attacks. Attackers can steal the credentials to an email account and eavesdrop on internal and external communications. They can impersonate legitimate users and send documents that contain a hidden malware payload. They don’t even necessarily need to employ malicious software—one attacker obtained the payroll data of 700 Seagate employees by impersonating their CEO.
Endpoint protection might be able to soak up some malware attacks, but there are relatively few solutions that guard against social engineering and credential theft. IT admins might use governance controls to prevent end users from taking certain steps. They might limit the size of the attachments that their end-users can send, in an attempt to limit the amount of data that might be lost to a phishing scam. To prevent a more serious breach, they might restrict certain accounts to only sending emails to internal domains.
An administrator might also use encryption to guard against credential theft. For example, while using PGP, a sender can ensure that recipients are unable to receive emails unless they also download a copy of the program and receive the sender’s public key. Even if an attacker is able to intercept sent mail, or can view the user’s email client, they won’t be able to decipher any messages.
These are all features that either exist natively in on-premise email clients, or can be added to hosted email clients using additional security tools. These tools can also be applied to cloud email. In any event, the governance solutions for both cloud email and hosted email have a certain commonality—they’re rather inconvenient for both senders and recipients. Security features are also applied inconsistently—you might not be able to find a solution that provides encryption, secure storage, and virus scanning in a single package, for example. You may also find that encryption and anti-virus tools that are built into webmail clients are inadequate for your particular needs.
Safe-T provides a unified solution that extends data protection to cloud and hosted email platforms. The Safe-T secure email exchange solution stores all sent emails and attachments in a secure server. To receive these attachments, the recipient simply clicks a link in an email, which is then sent alongside a secure one-time password. Safe-T automatically scans outgoing emails to protect against data loss, applies encryption, and requests authentication, and scans incoming emails for malicious software.
Secure email doesn’t even necessarily need to impinge upon a sender’s email routine, as Safe-T offers both a standalone webmail client, and a convenient Outlook plugin. Safe-T is also available as an iOS or Android mobile app.