May 16, 2018|
Encryption #eFail: It’s time to get serious about email security
For better or worse, email is the most universal platform for sharing information today. People willingly trust email enough to share some of their most confidential thoughts and ideas, intellectual property, and more, without fully understanding the risks.
Last month’s PGP and S/MIME’s security flaw, dubbed eFail, reminds us all why we need to rethink the risks associated with email and email security. Email is the foundation of every organization’s collaboration, productivity and character. That’s why email leaks aren’t just data loss events; they’re attacks on your brand and reputation.
Security keeps evolving but not around email.
Mobile apps like Signal, iMessage, Wickr and Threema have all provided simple methods for end-to-end encrypted communications directly from our phones, yet there’s still a significant amount of difficulty associated with email encryption when it comes to scale.
For the last decade, PGP has been the gold-standard for encrypted email, but remember: 10 years ago, it was also the only option, which led to the rise of PGP as a household security tool. At the same time it also fueled a new breed of email encryption solution providers including ProtonMail, Zix and more.
Fast forward to today and a majority of businesses have still ignored or downplayed the importance of email security because its overly cumbersome to scale and manage. Therefore, companies today are still using PGP, which is why it’s no surprise that roughly 35% of security professionals feel equipped to defend against email based attacks.
It’s 2018, we can do better.
Regardless of whether or not eFail was a concern at your organization, the vulnerability demonstrates that individuals utilizing basic encryption, or solutions built on these standards, are still at risk.
Being proactive about your email security is key to ensuring that sensitive data is safe under any circumstances. That’s why we built Vera for Mail, the first and only email security solution that protects sensitive communications throughout its lifecycle: from the moment you hit Send, after they’ve been accessed, and even while they’re in-use.
Built on the same data-centric platform powering Vera for Files, Vera for Mail provides always-on and dynamic security for emails and attachments and works seamlessly across any email application for collaboration. Specific to eFail, Vera stores individual encryption keys separately, which makes a Vera-secured file, or email message, nearly impossible to decrypt.
Must be magic, right? Here’s how it works:
- Each Vera secured file or email communication is encrypted with a unique key that is secured within the Vera Cloud Platform.
- These keys are transmitted securely via TLS/SSL to the clients which form a trusted key space on the end user’s device.
- Audit logs for every successful and unsuccessful access request to a document are also recorded.
- Keys are not stored locally on the endpoint unless the policy owner specifically grants that privilege for offline or time-bound access.
Vera for Mail
Email security can be extremely helpful to keep information safe as it traverses in and beyond corporate networks. As a result of eFail, I’m hopeful we’ll see more companies focus on better, smarter email security standards and adopt modern solutions to meet your organization’s needs.
Get in touch with us today to learn more about Vera for Mail or email me personally at email@example.com
NOTE: eFail happened May 14th