Email Security

Businesses Find Protection in Integrated Cloud Email Security

Integrated cloud email security holds promise for businesses with less complex environments, which have been especially hard-pressed to secure their organizations from cyberattacks.

by Thom Bailey

Oct 18, 2022

Key Points

Skills shortages and budget shortfalls have kept businesses from rising to the cybersecurity challenge.
Many are now turning to an emerging category of solutions called integrated cloud email security, as a more manageable approach.
Businesses looking to take advantage of integrated cloud email security from Mimecast can pre-register for a free trial.

Small to midsize businesses (SMBs) face many of the same cyberattacks as large enterprises — most of them launched with malicious email. But stretched budgets and staffs leave SMBs little time or money to defend themselves. Now, the emergence of a solution known as cloud integrated email security is putting greater cyber protection within their reach.

SMB Cyber Defenses Come Up Short

Last year, nearly two-thirds of confirmed breaches were suffered by companies with fewer than 1,000 employees, according to the influential Data Breach Investigations Report.[1] We asked the same sized companies about their cyber risk in Mimecast’s State of Email Security survey, and 80% said it was likely or inevitable that they would suffer a negative business impact from an email-borne attack in 2022.

Yet about four in 10 of the IT and security professionals we surveyed said they lacked the budget to invest more in new cybersecurity staff they wanted to hire. And while most respondents use Microsoft 365 as the dominant productivity platform and rely on M365’s basic security hygiene, nearly all agreed that they need to do more.

What Is Cloud Integrated Email Security?

A category of email security solutions is emerging to fill the gap for SMBs. It is variously referred to as “integrated cloud email security,” “gateway-less email security,” “cloud email security supplements” (CESS), “integrated email security supplements” (IESS) and “cloud-native, API-enabled email security” (CAPES).

Until now, the best in this new breed of cloud integrated email security solutions have operated like this:

They connect via an API to reinspect emails that have already passed through the M365 email gateway and been scanned by Microsoft’s email security defenses.
They then apply artificial intelligence, such as machine learning trained on user activity and threat intelligence, to identify any dangerous patterns and anomalous behavior.
Cloud integrated email security solutions can block all types of email threats but are especially good at detecting phishing emails and business email compromise (BEC) that Microsoft might miss.
They incorporate out-of-the-box policies based on best practice and supply real-time information on the threats they’ve blocked and why.
End-users are empowered with email warning banners.
Threats can be remediated in a single click.

Now, Mimecast is rolling out a cloud integrated email security solution that builds on these capabilities with its 20 years of advanced detection technology, crowdsourced behavioral analysis, and threat intelligence derived from serving a customer base of 40,000 companies. Mimecast Email Security, Cloud Integrated (CI) shares the same cloud platform — using the same scanning technology for the same high level of protection — as Mimecast’s award-winning Secure Email Gateway, which typically serves more complex environments.

Cloud Integrated Email Security Promises Ease of Use

Cloud integrated email security solutions, including Mimecast Email Security CI, are also relatively easy to use. For example:

They take little time to set up, relying on a simple install wizard.
There’s no need for a mail exchange (MX) record change.
They don’t require rules-based configuration.
But they can be adjusted with the click of a button to meet user and administration needs.

Who Uses Cloud Integrated Email Security?

Cloud integrated email security is a good fit for less complex organizations and lean IT/security teams that use Microsoft 365 in the cloud and:

Have a fairly simple email environment (i.e., single tenant, even with multiple domains).
Want simplified administration (e.g., out-of-the-box settings, one-click remediation).
Require little to no policy customization.
Don’t want to redirect their MX record.
Want to leverage Microsoft’s native security.

Larger, more complex organizations are more likely to require a higher level of policy customization and integration of their “classic” email security gateways into security ecosystems of several to many point security tools.

What’s at Stake?

As Mimecast’s SOES 2022 survey showed, most SMBs are facing an increasing variety, volume, and sophistication of email security challenges as their use of email has also grown. Those attacked by ransomware experienced downtime of up to eight days. In addition to business disruption, SMBs said cyberattacks had caused lower employee productivity, data loss, financial loss, and reputational harm.

But for companies using the types of artificial intelligence found in cloud integrated email security, the benefits reported include increased accuracy of threat detection, faster remediation, and a reduced workload for their cybersecurity team.

The Bottom Line

Small to midsize businesses face undiminished cyber risk, on the one hand, and limited staff and resources to contain it, on the other. An emerging category of cloud integrated email security solutions that protect email, the No. 1 delivery vehicle for cyberattacks, may be a good fit for many SMBs, enabling rapid setup, simplified administration, and state-of-the-art security. Pre-register for a free trial of Mimecast’s cloud integrated email solution.

[1] “2022 Data Breach Investigations Report,” Verizon