Email is the number one means of information sharing inside and outside the enterprise. Unfortunately, it’s also one of the main causes of enterprise data leaks. Enterprise security leaders confirmed this troubling development, with 96% of respondents for a recent study by Enterprise Management Associates (EMA), Samsung Next, and the Center for Democracy and Technology acknowledging some form of inappropriate sharing of sensitive data occurs with 56% indicating it occurs very often or often. An enterprise security operations center leader hit the nail on the head: “Most controls are designed to protect the data from external threats, leaving it vulnerable to careless or malicious insiders.”
The shortcomings stemming from legacy email protection are a key contributor to this improper sharing. As cloud migration and collaboration needs accelerate, existing email protections no longer meet the requirements of the modern enterprise. The consequences are severe. Data loss results in lost intellectual property that weakens an enterprise’s competitive standing and negatively impacts revenue streams, and brand reputation damage that erodes your customer base.
Meanwhile, governments issue new privacy laws nearly every year that make navigating the thicket of regulatory requirements that much more challenging for security leaders. For example, security teams have been grappling with how to prepare their security infrastructure and practices for GDPR, a major privacy regulation from the EU that goes into effect in May 2018. Under GDPR, enterprises that improperly handle personal data face incredible steep fines (either €20M or 4% of annual turnover, whichever is higher).
As these stakes get higher and higher, organizations must adopt email protections that shield critical business data and offer flexible controls that meet modern information-sharing requirements. But that’s not enough; organizations need to also support extremely usable workflows for end users, administrators, and recipients.
The Must-Have Features of Effective Email Protection
Seamless user experience, end-to-end security, audit and access control, internal sharing controls, and painless administration are foundational building blocks of an effective email protection platform.
Seamless User Experience
It’s essential that email protection programs fit into modern enterprise workflows with a seamless user experience that ensures adoption. Email encryption should support, not inhibit, secure collaboration between senders and recipients. External recipients should be able to access emails with existing applications and credentials, not separate applications that require new accounts and passwords. Also, email encryption solutions should come with rich customization features to brand the recipient workflow so emails are never confused with phishing attacks. And encryption should be on-demand and as simple as flipping a switch, making it extremely easy for users to protect data and help prevent data breaches.
A seamless user experience supports the collaboration between content creators and content consumers. Secure content needs to be easy to share with anyone inside or outside the enterprise, yet easily revoked if it falls in the wrong hands.
Email encryption platforms should protect data from unauthorized access wherever it travels and never require blind trust in third parties storing unencrypted data. Encryption should be applied directly within the email client for end-to-end protection that secures content as soon as senders start drafting emails. Also, best practices for enterprise security employ a split-key architecture that separates content from the encryption keys that secure it, preventing unauthorized access. Furthermore, modern enterprises should have the option to host and manage their own keys so they have absolute ownership and control over their data.
Audit and Access Control
With the move to the cloud and the increasing need to share with customers and third parties, organizations must maintain visibility and control over sensitive information. This allows the enterprise to understand who can view or forward sensitive content and alter access permissions in real time as the context changes, while logging activity for a comprehensive audit trail. Control capabilities should be available to both administrators and end-users so senders can also proactively implement controls that keep data secure.
Internal Sharing Controls
Controls that prevent unauthorized insider access are also a must. DLP policies need to go beyond just protecting content shared externally and also prevent employees from sharing privileged internal information like salaries and M&A plans with other unauthorized employees. These internal sharing controls should be readily accessible so that employees don’t look for workarounds that put confidential data in the wrong hands.
Email encryption tools won’t help fight improper sharing and prevent data breaches if their administration is painstakingly complex. Modern enterprises need a solution that is easy to deploy and offers quick time-to-value and low ongoing maintenance costs, with straightforward implementation and a streamlined administration experience. And the burden of DLP shouldn’t fall solely on administrators; end-users should also be empowered with control features so that risk is decentralized and support costs are curtailed.
Email is the predominant way enterprises share information, and it’s safe to say it will remain that way for the foreseeable future. Organizations must look beyond legacy email protection solutions and overcome the limitations that leave their crucial information vulnerable. Enterprises need to focus on email encryption that offers a fresh, easier, and more secure way to protect their data.
Ready to learn more about how Virtru can help your organization? Let’s chat.