/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBANGALORE, INDIA: Email today has become a basic necessity and the most widely used medium to collaborate with people within and out side the organization. Every statistic on email volume is mind boggling.
Present estimates are between 250 to 300 Billion messages per day. The volumes of data exchanged through emails has surpassed any other medium of communication. With emails now being available on smart phones and tablets, it will continue to be the most dominant medium of communication.
Two of the largest challenges faced by organizations in the context of emails is SPAM ( frequently expanded to Stupid, Pointless Annoying Message ) and Security. The topic of SPAM has been very often discussed but security of emails remains largely unattended to.
Because of its availability and ease of use, email has become a method of sharing sensitive information within and outside of the organization. This information in the wrong hands, intentionally or otherwise could be a source of reputation, financial and legal risks for enterprises.
There are several email "encryption" technologies from various companies. The modus operandi in an email encryption technology is very simple i.e.
1. The sender encrypts the email message using a "key"
2. The "key" is pre-provided to the intended recipients by some method.
3. The recipient uses the "key" to decrypt the message and view it.
The basic risk that email encryption technologies address are "man-in-the-middle" risks i.e. unauthorized recipients including network spoof-ers, email server administrators gaining access to emails.
The big questions that arise in today's context are "Where are risks associated with email security arising from ?" and "Are the present system sufficient ?"
To understand this better, lets look at the entire lifecycle of an email.
The life-cycle begins with email creation (by sender) -> email in transit (senders network, senders email server, transit servers, receivers email servers, ...) -> email consumption/use (by receiver) -> email archival -> and finally email deletion by the receiver.
Security of email is required through out this lifecycle. If security is only required when the email is in transit so that "man-in-middle" attacks can be thwarted then encryption technologies like the ones mentioned above are sufficient. However, if security is throughout the lifecycle then enterprises need to go beyond encryption.
If one looks at the threats arising out of email usage then a significant part of the threat arises from authorized and intended recipients misusing the information after receipt. This misuse may arise from lack of appreciate of security or willful malice.
What is required is a method by which security of emails can be provided throughout the life-cycle of the email such that :
1. Unintended recipients cannot access the email AND
2. Intended recipients cannot misuse the email
Information Rights Management (IRM) technology provides a necessary AND sufficient method to achieve this goal.
Click here to continue reading...!
(The author is Co-founder / Head - Business Development at Seclore Technology)
(The views expressed in this article are that of the author and do not necessarily reflect the views or policies of CIOL)