Author Dan Kruger, EVP and Chief Architect at Absio Corporation
Is Email Your Organizations Biggest Information Control Problem?
Email is used every day to deliver and discuss confidential information – financial data, business plans, trade secrets, sales targets, personally identifiable information (PII), etc. In fact, research shows that email is the primary method for sending files within and outside an organization. Ironically, organizations use email to intentionally let outsiders in and allow insiders to send nearly anything out.
Perimeter security is irrelevant to email. High walls designed to keep bad guys out are meaningless when anyone can email a link or attachment, which if opened lets bad guys invade your network. Walls make no difference when our employees use email to discuss sensitive topics and share files outside our networks as part of their job.
Executives aware of these core problems with email are trying to find some way to gain control over the data they receive and share. But the inherent risk of email can’t be eliminated by simply trying to implement better security. It requires control of messages and attachments wherever they are.
So, what do we really need to control email?
Limit our inbox to contacts we know and trust: This inbox would be free of spam and would be very difficult to phish, because unknown users can’t get to it.
Make our email stop: We need to be able to send emails with constraints on how each message and its attachments can be used by the recipients. We need to be able to say, “This email is sensitive, I want it to go to Sally and Bob and no further” and make it stick.
Give our trusted contacts the same degree of control: Anyone who chooses to trust us ought to be able to send us email with certainty that we are the only ones who can read it.
Stop depending on our email service provider’s security: There is a big difference between “I promise not to read your email” and “I cannot read your email”. We need an email service provider that can store, forward, backup, and synchronize email across all our devices with no ability to read it. Because if they can read it, so can anyone who has access to or hacks into their system.
Make device ownership irrelevant to control: We need to know that we have control of all corporate email on any device our employees use—the ones we provide or their own. Our employees also need to know that we can’t access their personal email on either kind of device.
Prevent device loss from leading to information leak: We need to know that every individual email on every device is undecipherable to anyone except the device owner, so that even a sophisticated thief cannot read the emails on a lost or stolen device.
Make control easy: Easily controlled email equals actually controlled email. The only decisions we want our employees to make is who an email goes to and what the recipients can do with it. In other words, we want control by default.
Many organizations have started to selectively implement technologies to address part of the problem, but unless we address all aspects of control, email will remain an information control problem. There is no gray area—some control equals no control.
What’s are you doing to take control of your email?
Daniel Kruger -
EVP and Chief Architect at Absio Corporation -- Dan Kruger has been involved with software-enabled collaboration for over 30 years. He has worked with companies in manufacturing, banking, finance, telecommunications and healthcare to improve their performance through a combination of senior leadership consulting, teamwork, communication, sales, and process engineering training, as well as the design and application of collaboration software.