Email continues to be the number one threat vector in cybersecurity both for threat protection and data loss. The problem is compounded with cloud-based business email – Microsoft Office 365 and Gmail from G Suite. Organizations have to solve for threats targeting user such as phishing attacks and malware. There are many solutions that solve for this and do it well. The area that lacks controls is data loss. In the world of heavy regulations such as GDPR, CCPA, PCI, HIPAA, etc. Data protection cannot be an afterthought. It must be front and center in the cyber security.
Data loss is currently being solved through legacy controls that tend to be cumbersome or insufficient;
- DLP in the cloud – Requires heavy DLP policies that creates friction with either block or allow policies
- Email encryption – Are high insufficient as they only protect against email being viewed in transit. The accidental recipient can view the email without a problem. The user controls require user controls.
- Data Rights Management – Legacy DRM solutions requires the recipient to be on the same domain, such as Active Directory or weak controls and key management.
All three options are not conducive to collaboration. Furthermore, to accomplish cloud based DLP and email encryption customers have to choose between 2-3 different solutions from 2-3 different vendors or use watered down checkbox security that is overpriced. The problem with both approaches is that they are expensive, require multiple policies, and don’t solve for the real problem to block data loss or provide a good solution to enable worry free collaboration.
The best way to secure cloud-based applications comes from the cloud security controls managed in Cloud Security Access Broker solutions. The problem with existing CASB solutions is they only protect against data loss after the fact by scanning the sent folder (data at rest). Only after the email is sent can they alert on a data breach. It’s time for a new approach.
The need is defense in depth across all cloud apps and email; SFDC, Slack, Box, G Suite and Office 365. The approach is to have a single policy for data protection in the cloud, centrally managed, that can protect data with advanced security controls without creating any unnecessary friction to the users.
CipherCloud CASB+ Platform introduces Email Security Gateway in the latest 1907 software release. To learn more, listen to this podcast interview with CipherCloud CTO, Sundaram Lakshmanan. The podcast addresses the challenges of email security and new security controls to protect against data loss while enabling collaboration across all cloud applications.