All Change Please. Updating UK Government Email Domains

The UK Government has recently announced the end to email domains with ‘.gsi’ in them. This move will also see the Government move away from the proprietary legacy infrastructure (Government Secure Internet) these domains were tied to. The rationale is based on improving flexibility, cost efficiencies and trust in Government-to-citizen communications. But how will this play out, what opportunities will it create and what risks to email security could it introduce?

Technology and the cyber threat landscape have changed dramatically in the 20 years since these legacy domains and infrastructure were introduced to improve the security and reliability of Government agency communications. One of the biggest changes has been the rise of cloud computing, including the delivery of email SaaS services. The ‘Cloud First’ policy for public sector IT could well be a key driver for this change. Add to that the highly advanced email security cloud services now readily available and you can easily see why this move is being mandated – mirroring the commercial worlds move from on-premises to cloud systems.

Microsoft Office 365 could be an option, but departments and agencies will need to assess the security offered by Microsoft and whether a wraparound enhanced cloud security service is needed. This could extend beyond security to include data protection and resilience as well as business continuity – demonstrated by technology customers that identified a need for multiple layers of security and resilience.

Government departments and local authorities will be able to select and start using their own chosen domains and their email service and security provider. It is hoped that better security practices and authentication mechanisms like SPF, DKIM, and DMARC will improve the trust in their communications. Defending against the rise in impersonation attacks including Government domain spoofing is a key area of focus, but it is far from straightforward and could prove very expensive. DNS authentication checks like DMARC can be effective against exact domain spoofing but don’t go far enough to tackle lookalike spoofing, where attackers register and use a similar domain to the agency they are looking to masquerade as.

More comprehensive impersonation defenses are needed, especially if attackers look to take advantage of the changeover period – e.g. using the confusion with unseen domains to spoof Government email and trick citizens. A solution that offers robust impersonation protection while being easier and more cost effective to roll out than DNS checks alone. Departments and councils should use the domain change as a driver to consider their best email security options.

Another challenge could come from the changeover itself, ensuring mail from multiple domains is directed to the correct recipients both outbound and inbound – without interruption. Dynamic and highly configurable mail routing options could make this switch more straightforward and lower risk.

Whether this change is motivated mainly by anticipated cost savings or not, it’s a great opportunity for UK Government to evaluate their email gateway and security options. 

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

You may also like:

The Mimecast Email Security Risk Assessment – December Release

December ESRA reports show a rise in imp…

December ESRA reports show a rise in impersonation attacks. … Read More >

Matthew Gardiner

by Matthew Gardiner

Director of Product Marketing

Posted Dec 18, 2017

Mime Wars: Rogue User

A long time ago in an office far, far aw…

A long time ago in an office far, far away… *horns – Ba-da-d… Read More >

Bob Adams

by Bob Adams

Product Marketing Manager - Security

Posted Dec 12, 2017

Trending in e-mailbeveiliging: december 2017

Missed the latest news in today’s email …

Missed the latest news in today’s email security world?&nbsp… Read More >

Jamie Laliberte Whalen

by Jamie Laliberte Whalen

Senior Manager, Digital Content and Social Media

Posted Dec 18, 2017