The Hidden Security Danger- Don't Let Email Be Your Downfall

Overwhelmingly, the evidence is pointing to the consumerisation of technology. The increasing use of technology in peoples personal life is making them aware of, and used to, what is possible, and they're bringing (demanding?) the same technology in their work life. iPhones and iPads are a case in point though our research shows email is becoming the new battleground.

Despite seeming like an age ago, InfoSecurity Europe has only just come and gone for another year... Boy this year is going fast! I took the opportunity at InfoSec to update my take on Generation Gmail- Why are corporate email users flocking to webmail to get their job done? Before you can answer that question, it's important to ask why that's even a relevant question?

  • It is believed around 80% of corporate Intellectual Property (IP) is contained within email- when it goes to personal webmail you lose control of this
  • If 80% of your corporate IP is in email- that means a lot of your trade secrets are in there too.
  • There are Data Protection and Data Sovereignty requirements to comply with, with legal bodies like The ICO, FSA etc to comply with.
  • Does Personal email comply with anti-malware requirements?
  • Password Policy?
  • Retention and audit policies to enable e-discovery?
  • Legal requirements- like disclaimers and notices (Company Number, VAT etc)
  • What about Data Leak Prevention?
  • Interception by third parties?

The answer, clearly is a resounding NO. And why should personal webmail providers comply? It's personal webmail - not intended for corporate use. This is creating a complete nightmare for corporate IT- and despite IT making individuals aware that this isn't allowed and the risks involved: they're still doing it....

What's driving this?

This represents a massive shift- is this the first time personal or consumer technology is driving the business technology agenda? Our Generation Gmail research suggests so- 65% of people say that home and work technology overlaps.

Yet despite this consumerisation- people keep saying "email is dead". New data I got yesterday from Neilsen (via Hubspot) shows that time spent using email on mobile phones leads almost any other mobile internet use by nearly 4x, at 38.5%. Social Networking is second at a paltry 10.7%.

Clearly email is not dead- it's the lifeblood of communication.

And with mobile shipments surpassing PC shipments for the first time ever this year it's going to continue it's ascendence.

What should companies do about it?

It's a complex answer, dependent on your particular technology situation, location and regulation you're subject to. There isn't a one size fit's all answer. Typically we've seen that email hasn't been a priority investment area through the last few years- with a lot of businesses remaining on Exchange 2003 and 2007 as a way to mitigate against the costs of migration. Users now feel like the corporate email doesn't compare favourably with consumer webmail- which is right, since the technology is nearly a decade old in some cases. That's why they're finding innovative ways to work around perceived obstacles and becoming "workaround workers".

Policies alone aren't enough to stop them- they have to feel like corporate email is a better alternative to personal email. They have to want to use corporate email.

So what can companies do? Typically the majority of migration costs aren't the Exchange piece- it's the environment that sits around it. Over the years IT has had to bolt on solutions such as Archiving, Security, Disclaimers, Secure delivery, etc. The list goes on. Managing this complexity through a migration adds to risk and complexity which creates cost. I think IT needs to put themselves in a position where they can migrate, when they're ready, because Exchange 2010 for example, is a big step up from 2003. Night and day different actually, especially if users are on Outlook 2000 or 2003 and make the move to Outlook 2010.

Don't let users put you on the back foot with personal email- start putting the steps in place today to get migration ready and get them wanting to use corporate email.

Here's the deck: