CHANGING DYNAMICS OF EMAIL SECURITY
Surprisingly the email security solutions have re-emerged in its new AVATAR from the ashes of phoenix of late 1990s again. Till early 1980 to 1990s the space was over occupied by email firewalls which were the central to the control and management of email services that operated in corporate network.
In today’s world the challenges are more dynamic and so are the solutions. With the rising adoption of Exchange and Notes as messaging servers has lead to revolutionary change in the whole email security ecosystem. Enterprises in today world are looking for more simplified solutions in term making this corporate communication mechanism more agile and efficient.Email Security managers are getting forced to think of security strategies which are more apt to the changing business dynamics. The triple threat of viruses, spam and regulatory controls for emails has now become parcel of consolidated offering and email firewalls are becoming technologies of the past.
Enterprises are becoming mobile so are technologies supporting these enterprises. Access to emails is no more restricted to a single device or computer. But with rising agility in the business environment Email, is becoming more open and becoming more prone to attacks. Nov 2014 hack of Sony Pictures Entertainment hack is a classic example of rising attacks on email networks.
“Sony Pictures Entertainment email hacks which lead to release of confidential employee data is one of the recent example. The loss was substantial leading to a loss of 100 terabytes of data from Sony”
With changing dynamics at present emails are compromised at various points. The more common ways are:
On the recipient device( s)
The first and the last points are easy attacks points and more related with user security. You might be using password and lock screen to protect on your devices but that is no enough .Devices get more exposed where your favorite email apps and email clients are installed leading to increased vulnerability. This potential attack lead to rise of authentication technologies to give user an extra layer of security at the point of contact other than the regular user id and password which always protected traditional email accesses.
With recent advancement in the two factor and multifactor authentication technologies have not only made user access to email more secure but ergonomically more friendly. Modern businesses run on Google Apps and Microsoft 360 already having the inbuilt authentication mechanism to make them robust.
Multi factor authentication is actually the latest the kid in the block. It combines two or more independent credentials to validate the email user. Other than the regular authentication technologies which is based on two factors:
What the users knows (generally user id and password)?
What the users have (like a hard token)?
Multifactor generally uses a third factor also called the Inherence factors which are generally part of the user’s biometric data profile.Authshield Multifactor authentication uses voice and facial biometric data to validate user’s login making emails more secure, robust and ergonomically suited for smart usage.
The other related vulnerability is relating to networks and email server which is again changing the game of email security largely. Servers are machines at your email providers or ISP that physically store email. If the attackers crack your email password would not require your devices to steal the data on email. They can log into your email providers server to access the critical information. This is leading to rise of security challenges relating to how messages can be made more secured at the level where it is stored and while they are getting transmitted across networks. Here encryption technology implemented at message and network level is making a change a new change how things are being handled at this level.
These trends of changing business environment which is leading to a dynamic change in the how security is viewed for internet’s one of the oldest innovation i.e., email is seeing a drastic evolution making security researchers and email managers to re-think the strategy to secure critical business information.
Originally published at http://blog.auth-shield.com/changing-dynamics-of-email-security