Following on from our recent post about business continuity solutions, another topic worth following in 2017 is email security.
So just how important is it?
Well, according to email research from the Radicati Group, the number of business emails sent and received per day in 2017 will number 120.4 billion. By 2019, it will be nearer 129 billion.
And this unrelenting growth is one of the factors driving a huge increase in email-borne cyber-threats. In fact, in the first quarter of 2016 alone, according to this piece in Infosecurity Magazine, there was an 800% increase in email-borne threats over the previous year!
What, then, should you be looking out for to protect your business (or your customers’ businesses, if you’re a security reseller or service provider) against this onslaught?
Choosing email security
We’ve identified some specific features that we believe are critical to effective email security in 2017’s threat-laden world.
1. Ease of use for SMEs
But SMEs also include many businesses that have little or no in-house IT or security expertise - so complex on-premise email security just won’t work for them.
Instead, look out for cloud-delivered, as-a-service solutions that major on ease of use (that means, amongst other things, no-maintenance deployment, with 24 x 7 updates, patches and hot-fixes delivered automatically by the vendor).
This kind of solution has the added benefit that it can filter email inline and scan it prior to it reaching the recipient, so threats are intercepted before they touch the business’s network.
Nothing to remediate, no spam to archive, nothing to clean up – good news for resource-starved small businesses.
2. Email clients – cloud’s a must!
Smaller businesses in particular are also turning to hosted email clients like Office 365 and Google Apps, with research showing that nearly two-thirds of small business owners already have an average of three cloud solutions in place.
Combine this with the knowledge that Office 365 has known issues with its ability to detect insecure document content, though, and it’s not enough to just go with a cloud-based email security solution. You also need to choose one that is good at dealing with cloud-based email client vulnerabilities.
Get the last bit wrong and you’re still behind the SME security curve.
3. Threat coverage and awareness
Spam, malware, spyware, phishing and inappropriate content are all known risks that must of course be protected against.
But the underlying question is how the solution’s knowledge of the threat landscape evolves, since it is this process that ultimately protects users against emerging threats like zero-day exploits.
Big data and machine learning algorithms are the key features to look for in this respect, but many vendors are now jumping on this bandwagon, so look at the hard numbers to sort the aspirational from the credible.
Take Trend Micro’s Hosted Email Security (HES) as just one example: over 50 billion website URLs, email sources, and files scanned, correlated, and filtered, with over 7 terabytes of new threat data processed - daily.
That leaves little doubt (and the latest features in Trend Micro HES make convincing reading, too).
4. GDPR compliance
GDPR is never far away from our discussions thesedays, and any cloud-delivered service is now under the microscope with regard to how it protects the privacy of the data that it holds.
Look for a solution backed by data centres that have reached the most stringent privacy certifications - in Europe, these are generally considered to be ISO 9001, ISO 27001, OHSAS18001 (LHR1) and SAS 70 Type II.
5. Ease of partner management
For security partners, there is an added dimension to a choice of security solution: the ease with which they can manage it!
Solutions that are difficult to provision and manage burn through administration resource and gnaw at margins – making them potentially unprofitable.
This will enable you, for example, to automate monthly usage and reporting management, proactively analyse emerging security threats, and provision new solutions and services more rapidly – without signing into and logging out of multiple systems and tools.
Email security in 2017 – as-a-service solutions to a growing challenge
As long as businesses keep sending and receiving emails, the bad guys will keep using them to try and attack the soft underbelly of businesses.
But to do that, the emails have to get there in the first place – and if they’re getting caught by security in the cloud first, they won’t.
Definitely one to watch for 2017.