From: E-Commerce Times
By John K. Higgins
Encryption of outbound email can create a false sense of security, said Michael Dayton, senior vice president of Axway. “Agencies spend a huge amount of money on data loss prevention solutions and email inspection gateways, but those products are rendered useless if they can’t inspect the content of an email after it has been encrypted on the desktop.”
How big is the U.S. government? It’s big enough that federal agencies transmit 1.89 billion email messages every day — an average of 47.3 million daily emails per agency. How confident are the agencies about protecting the sensitive content of those messages?
In a recent survey, federal email managers and IT security experts expressed mixed views about email protection — with a significant majority worried about future breaches. Just 25 percent of the 203 respondents would give their agency email security programs an A grade. Survey respondents said that email is the primary way unauthorized data, including classified and sensitive information, leaves federal agencies. The survey was conducted by MeriTalk, an online community of government and private-sector IT managers, with support from Axway, an IT services firm.
In the survey, MeriTalk presented respondents with six possible channels with a potential for unauthorized distribution of federal information. Of those six, standard work email was mentioned by 48 percent of respondents as a vulnerable channel — ranking first in the listings. The next most-vulnerable channel was agency-issued mobile devices, mentioned by 47 percent of respondents, followed by USB flash drives (40 percent); personal email (38 percent); personal mobile devices (33 percent) and Web-based work email (23 percent). Of the six channels, three involved some type of email system.
Email vulnerability “is particularly troubling given that 83 percent of federal agencies provide users with the ability to encrypt outbound email,” MeriTalk said in its report on the survey. Respondents to the survey registered differing views about the effectiveness of encryption. For example, the survey found that 84 percent of respondents believe that their communications are now safe, and that their email gateways support the inspection of desktop-encrypted email.
How big is the U.S. government? It’s big enough that federal agencies transmit 1.89 billion email messages every day — an average of 47.3 million daily emails per agency. How confident are the agencies about protecting the sensitive content of those messages?
In a recent survey, federal email managers and IT security experts expressed mixed views about email protection — with a significant majority worried about future breaches. Just 25 percent of the 203 respondents would give their agency email security programs an A grade. Survey respondents said that email is the primary way unauthorized data, including classified and sensitive information, leaves federal agencies. The survey was conducted by MeriTalk, an online community of government and private-sector IT managers, with support from Axway, an IT services firm.
In the survey, MeriTalk presented respondents with six possible channels with a potential for unauthorized distribution of federal information. Of those six, standard work email was mentioned by 48 percent of respondents as a vulnerable channel — ranking first in the listings. The next most-vulnerable channel was agency-issued mobile devices, mentioned by 47 percent of respondents, followed by USB flash drives (40 percent); personal email (38 percent); personal mobile devices (33 percent) and Web-based work email (23 percent). Of the six channels, three involved some type of email system.
Email vulnerability “is particularly troubling given that 83 percent of federal agencies provide users with the ability to encrypt outbound email,” MeriTalk said in its report on the survey. Respondents to the survey registered differing views about the effectiveness of encryption. For example, the survey found that 84 percent of respondents believe that their communications are now safe, and that their email gateways support the inspection of desktop-encrypted email.
Leave a Reply