Peter Bauer

Mimecast Welcomes Email Privacy Act

by Peter Bauer - CEO and co-founder

Mimecast welcomes a new bill designed to protect emails and other electronic communications.   

Can you remember the world in 1986? Aliens, Top Gun and Labyrinth were on at the movies and brick phones weighed the same as a bag of sugar.

The Electronic Communications Privacy Act was also enacted by the United States Congress. This ancient legislation allows law enforcement to search through emails, instant messages and photos stored in the cloud once they are 180 days old.

Back then, emails stored on a third party server for six months were considered by the law to be abandoned. This allows law enforcement agencies to obtain the data with just a written statement certifying that the information is relevant to an investigation, without judicial review.

Thirty years later and business archiving requirements, cloud technology and public opinion has moved things on considerably.

Today, we are proud that approximately 16,200 organizations and millions of their employees from around the world have entrusted their email and data to Mimecast. We process more than 180 million emails per day and our customers look to us to protect them from cybercriminals, outage and unwarranted government snooping.

The new Email Privacy Act (H.R. 699), passed unanimously by the U.S. House of Representatives, will require the government to get a warrant from a judge before obtaining private communications and documents stored online.

Email has gone from being just a communication platform to probably the greatest single repository of corporate knowledge any organization holds. Almost all corporate activity, discussion or ideas touch email at some point.

Due process should apply in digital world now more than ever before.

Our customers use Mimecast to improve the security, reliability and archiving capabilities of their own email servers or primary cloud email service. We take our responsibility to protect their email and the petabytes of business information this includes very seriously.

Public opinion is on the side of fair and reasonable control of law enforcement and government in this regard to protect the right of the individual to privacy.

This is a clarion call for governments around the world to continue to modernise law-making in wake of the unstoppable rise of cloud computing services. Laws written in the analogue and desktop computing age need rethinking for the cloud era. 

Email is the bedrock of modern day communication and deserves up-to-date protection enshrined in legislation. This bill is a step in the right direction to further protect citizens’ private historical data held in the cloud from unreasonable intrusion.


I am in San Francisco this week for the annual security event, RSA Conference. This year, aside from the normal discussions about attacks and defense techniques and technology, the industry has returned again to a topic close to my heart:  Skills training and recruitment.

As we see the security threat grow, anyone that runs a security team or a company creating technology like I do at Mimecast, is acutely aware of the pressure to recruit the talent you need to keep up.

One of the speakers at the conference speculated that while we are worried today about the thousands of unfilled vacancies we see in the industry this will be dwarfed quickly by a predicted global shortage by 2020 in the millions.

So what can we do?

First, we can use technology to better automate security activity. Reduce the burden of more simple security tasks that require people right now.

But I think the real requirement is to motivate and inspire young people in particular about the opportunity to make a real difference to their community (global, national and local) through a career in IT security.

The world’s economy and public services now rely on technology. In many ways you could say it is data that makes the world go round not money.

Protecting the technology, data and services of the world’s organizations is vital work. Inspiring work. An important public service even.

The damage both economic and social that cyber-attacks cause is substantial. We have all read the headlines and with each year, the stories seem more stark and worrying. Attacks on critical infrastructure like electricity grids as seen in Ukraine last year. The theft of personal data from healthcare providers. The extortion of critical funds from public and private organizations who have become the victim of whaling or ransomware attacks.  All of these seem to be daily events now.

So, as young people in particular start out in work and are looking at their options to make a difference in the world, we need to tell them how a career in IT security ranks alongside other inspiring professions of vital public service like healthcare, law enforcement and education.

Money and training will only go so far in tackling our recruitment challenge – tomorrow’s workforce want and deserve more than that. They want to make a difference and for those with the necessary skills, a career in IT security gives them just the opportunity they are looking for. We just need to tell more of them about it in those inspiring terms.


Today, we launched our new Mimecast Business Email Threat Report 2016. The survey of 600 IT security professionals shows that while 64 percent see email as a major cyber-security threat to their business, 65 percent also feel ill-equipped or too out-of-date to reasonably defend against email-based attacks.

Email continues to be a critical technology in business and the threat of email hacks and data breaches loom large over IT security managers. Consequently, confidence and experience with previous data breaches and email hacks play key parts in determining an organization’s perceived level of preparedness against these threats. Alarmingly, one-third of survey respondents believe email is more vulnerable today than it was five years ago.

We depend on technology, and email in particular, in all aspects of our work and personal lives. So, it’s very disconcerting to see that while we might appreciate the danger, many companies are still taking too few measures to defend against email-based threats. Budget and C-suite involvement were the biggest gaps found between the most and least prepared respondents. Among the IT security managers who feel most prepared, it’s not a surprise to me that their C-suite is most engaged with email security. But the results show that the reality for a large number of them is that their C-suite is only somewhat engaged, not very engaged, or not engaged at all.

As the cyber threat becomes more potent, email attacks will become more common and more damaging. It’s essential that executives, the C-suite in particular, realize they may not be as safe as they think and take action. They need to get engaged with email security planning and preparation, and allocate time, focus and budget.

Those who feel better prepared to handle email-based threats also allocate higher percentages of their IT budgets to email security. We estimate from our research that security confidence is achieved when you assign over 10% of your IT budget to email security.

Finally our research report also identifies five distinct security ‘personas’ we can all learn from inspired by the data. We call them Vigilant, Equipped Veteran, Apprehensive, Nervous and Battle-Scarred. For more information on the differences between these personas – including budget allocations, levels of C-suite involvement and the top attack vectors they worry about, download our E-book summary of the research here.


It doesn't come as too much of a surprise because he’s a known quantity within Microsoft circles and has a proven track record of success in previous roles.  The Microsoft I’ve always known likes to promote from within. More than that, it sends a signal of where Microsoft sees the key battles being fought over the next five years or so.

Satya Nadella becomes the third CEO of Microsoft, having previously held the position of Executive Vice President of Microsoft’s Cloud and Enterprise group.

I was asked to share my views on the appointment of Satya Nadella as new Microsoft CEO with The IndependentThe Evening Standard and The New Zealand Herald so I thought I'd take the opportunity to expand on what I told them here.

Despite the success of Xbox, the acquisition of Nokia and other consumer-oriented initiatives, Microsoft's heartland is undoubtedly in the enterprise.  Microsoft is in the early stages of a major shift from the provision of on-premise licensed software to subscription-based Cloud services. The die is cast in terms of the steady shift of enterprise IT investment into the Cloud so it makes sense that Microsoft embraces this shift. But what makes it even more critical is that the Cloud is in Google's DNA not yet Microsoft's.

So the stage is set for a monumental battle for the hearts, minds and dollars of the world's enterprise CIOs.  Microsoft has the market share and the track record in serving this audience but Google is making inroads. For much of Microsoft and its partner network, this is a time of great creative change and opportunity.

Satya Nadella has shown that he’s able to grasp the nettles and drive the Cloud agenda at Microsoft. The stakes are high and Google, Apple and a raft of start-up organizations own significant Cloud mindshare now.

Will Microsoft succeed?  We believe it’ll win with apps and back-end business services because such a huge percentage of the enterprise base has been well served by Microsoft's technologies over the years, and the first choice for most of these organizations will be to migrate to the Microsoft Cloud with as little disruption to end users as possible.

Will it succeed with devices? I think it’ll need to pick its battles. Microsoft used to have a clear lead on the end user operating system and to the extent that its future strategy might rely on recreating this scenario it’ll certainly have a tough fight. Future work surfaces will be a diverse set of devices and it’s hard to imagine Microsoft evicting iOS and Android from these markets. So I think the front-end operating systems are going to need to be less important to Microsoft and perhaps that’s something that comes more naturally to Satya Nadella than it might have to Steve Ballmer.

But it won't be easy. One of Microsoft's advantages has traditionally been its extensive network of partners, both in terms of channel and software vendors like Mimecast.  It’s crucial, as Microsoft seeks to move its customer base to the Cloud, that it continues to partner in order to provide the best possible Cloud experience to demanding enterprise customers.

Certainly from our point of view we’re strongly backing the Microsoft horse and optimizing our services for Office 365, the company's Cloud version of Exchange. We’re looking to help customers and prospects build their short, mid and long-term plans to move all their email services to the Cloud.

Ultimately, Mr. Nadella's appointment is all about Microsoft's commitment to the Cloud. Given that Mimecast has been a catalyst for Cloud adoption since we started ten years ago, we’re very encouraged that Microsoft has appointed a CEO who shares our view on the future of IT.