7 Hot Advances In Email Security
Despite gaping security holes, email is too entrenched in business communications to go away. Consider these 7 ways to bolster email security and help IT admins sleep easier at night.
![](https://eu-images.contentstack.com/v3/assets/blt69509c9116440be8/blte379d7d59ee31a45/64cb4f8b39b67582e6984791/1-intro.jpg?width=700&auto=webp&quality=80&disable=upscale)
Email was never designed to be secure.
Instead, it was coded to be a quick and dirty communications method for use on the Internet at a time when data security was rarely even thought about. And thanks to its incredibly wide adoption, email continues to be a critical communications tool for enterprise environments. Quite simply, there is no rival. Many of us would even consider email a more important communications tool than the telephone.
Yet, because email was architected so long ago, and with very few security measures built in, IT systems and security administrators are having a tough time securing it.
In most enterprises, email should never be considered a secure form of communications. There are gaping security holes everywhere you look, including how email is secured on end devices, how it's stored within email servers, and how messages are delivered though corporate networks and the Internet. Daily phishing and other malware assaults on our corporate inboxes are a growing nuisance. The increased sophistication of email hacks is on the rise, fooling even the most tech-savvy users.
[Read more about those programming languages that lost their edge.]
Don't despair. We'll look at a number of recent advancements in email security that may help IT admins rest easier at night. Some advances attempt to take on email spoofing so you can be confident that an email actually came from the sender. Others look at ways to improve end-to-end encryption, with options to make it easy to use, and even mandatory. Last, there are several advances that seek to reduce and eliminate phishing, malware, and other undesirable messages.
The email system as we know it is at a crossroads. Either the technology (and those of us who manage it) must rapidly adopt security measures that protect email data at rest and in motion, or we must move on to a new solution that is built around a security framework.
Considering how entrenched email is in our daily lives, we need to at least give email security a chance before it's tossed into the dustbin of tech history.
Once you've reviewed the email advances we've got our eyes on, tell us in the comments section below which ones you think are promising -- or if you think we should abandon email altogether and find a new corporate communications platform.
Graymail is a term to describe mail that's not quite spam because the recipient agrees or "opts-in" to receive the messages. Because of this, graymail skirts spam filters and ends up in most inboxes. Worse yet, when you click the "unsubscribe" button to be removed from various marketing and bulk emails, your address may be stored and then sold to hackers to be used for future phishing/malware attempts. New graymail detection and mitigation tools, such as those recently announced for Cisco's Email Security Appliance (ESA), assist in identifying and safely unsubscribing from graymail on your behalf.
The National Institute of Standards and Technology (NSIT) recently released a draft for a DNS-based Authentication of Named Entities (DANE) for email systems. The concept behind DANE is to provide tools to encrypt email messages (using transport layer security, or TLS) between mail servers. Then, end users would have the ability to digitally sign and encrypt outgoing messages, while also being able to obtain and verify certificates from senders in order to decrypt mail sent to them.
Google recently made headlines by releasing a new Chrome plugin that allows a Gmail user to set a time limit after which a sent email can't be read. The method used will encrypt messages sent using the Dmail plugin. Once the timer expires, or if the sender manually destroys the ability to read the email, the recipient no longer has the keys to decrypt the message, rendering it unreadable.
Wouldn't it be nice if malware and phishing links were automatically removed well before a message hit your mail server? That's part of what cloud-based malware analysis services do. The concept is to filter email through an advanced threat detection system in the cloud that can analyze and identify suspicious emails on a completely independent network. The best part is these services utilize global intelligence to detect malware attacks in other parts of the world and stop them before they reach your inbox.
Email encryption has been around forever, yet very few actually use it. In the past, it's been difficult to set up, and required the recipient to either install software on their side or to jump through hoops that make the encryption/decryption process feel cumbersome. But as email becomes increasingly web-based, signs of real hope are emerging. For example, Yahoo recently announced an end-to-end encryption email plugin for its email service. Yahoo went on to suggest that other mail providers build compatible solutions so we can, once and for all, have end-to-end encryption without the hassle.
In an attempt to better secure desktop and mobile device operating systems, manufacturers are beginning to force users and their email providers to use increasingly stringent security measures in order to protect data residing on a device. Apple, for example recently required that mail servers use higher-grade encryption mechanisms to fix a known vulnerability. And if you didn't bother to upgrade, your email server stopped receiving outbound messages from Apple iOS and OS X operating systems.
Ultimately, our current email architecture was never meant to be secure. And sometimes, it's better to simply start over from scratch to achieve what we want. That's essentially what messaging services such as Apple's iMessage, Facebook's chat, Microsoft's Skype, and Silent Circle have done. They've reinvented the email wheel to provide baked-in security, as opposed to bolting it on after the fact.
The latest email security advances are promising, but they can be expensive, time consuming to implement, and ultimately require backing by enterprise decision makers. Considering how hot the topic of corporate data security is these days, it shouldn't be too difficult to receive sufficient funding and support, once the technologies are ready for enterprise consumption.
The latest email security advances are promising, but they can be expensive, time consuming to implement, and ultimately require backing by enterprise decision makers. Considering how hot the topic of corporate data security is these days, it shouldn't be too difficult to receive sufficient funding and support, once the technologies are ready for enterprise consumption.
-
About the Author(s)
You May Also Like