SlideShare a Scribd company logo

Voltage security-adventures-in-secure-mobile-email

David Strom
David Strom
Technology
1 of 5
Download to read offline
Whitepaper Adventures in Secure Mobile Email By David Strom
Adventures in Secure Mobile Email A Voltage Whitepaper Sending and receiving encrypted email with sensitive data should be a lot easier to do. But it ends up being something painful, and as a result we tend to avoid this protection. Haven’t we all been schooled that sending emails in plain text is like having a post card plastered to the wall of your local coffee bar? Haven’t all the various exploits with stolen credit cards and hackers breaking into various Web-based email services been warning enough? Apparently not. Oddly, this summer marks the eleventh year anniversary of identity-based message encryption with more than a billion secure messages being exchanged annually. But that still pales in comparison to the many insecure messages containing sensitive data being exchanged in the clear. Certainly encrypted email still isn’t very common practice, despite this impressive statistic. In the many years since encrypted email was first invented in the mid-1990s, we have seen a lot of progress, at least from the technology side of the house. We have some standards, we have some multi-vendor interoperability, and we have some products that don’t require a PhD in cryptography to install and use. There are some terrific products that make encrypting and decrypting emails almost effortless, and relatively inexpensive to widely deploy across small and large enterprises. Obstacles to Widespread Encrypted Email Use But despite these improvements, using secure email is still not widely adopted. There are several reasons why: First, as we all know, unencrypted emails are very easy to send and encryption can add extra steps. Some certificate-based systems are too complex: most end users don’t even know what a public key certificate is or how to use it. Second, many IT admins are still under the mistaken impression that securing their email is either expensive, cumbersome, or requires a symmetric key solution for both recipients and senders. None of these are true today, although they were for many years. Maybe someone should send these IT managers a message! Some products even have Outlook plug-ins to make the whole process even easier for the user, and the latest identity-based encryption products are simple to use without compromising on security. Third, many businesses have to comply with ever-present regulations around communication of sensitive data, and the processes that support it, like legal e-discovery and archiving. The latter can be a big deal. Companies even resort to sending sensitive data on media via snail mail with all the risks that come with it, unaware that technologies like identity-based messaging can solve both problems. Finally, there is the biggest obstacle yet: more people are using mobile devices that don’t have very good email encryption experiences. Let’s take a closer look at this. 2
Adventures in Secure Mobile Email A Voltage Whitepaper The Mobile Encryption Experience Today’s knowledge worker isn’t just using their Windows or Mac desktops, but a variety of iOS, Android and BlackBerry mobile phones and tablets to communicate. Indeed, in many organizations the iPad has become the defacto executive dashboard, and many people have moved to using their mobile device as their exclusive communications tool. Gartner predicts that worldwide tablet sales will reach 119 million units by the end of this year1 and that enterprise tablets will compromise more than a third of total tablet sales in 2015. As one example, many school districts are buying them for all of their students to facilitate homework completion and communication after school hours. This represents yet another reason to encrypt emails with sensitive data. Most end users think of their mobiles devices as their own, even if they were purchased with the company’s credit cards. They think nothing of using them to transmit sensitive corporate data or to just making whatever copies they need of business documents to take along. But they are a corporate asset, and need to be protected accordingly. That is a challenge. Given that a smartphone is lost or stolen every 15 seconds, that is a lot of data that is just ripe for the picking. We don’t think what would happen if our mobile phone or tablet is lost or stolen, and whether our corporate email traffic is saved on it. To make matters worse, about half of business users don’t even protect their devices with a simple four-digit power-on PIN2. On top of these issues, the secure email world has lagged behind this influx of tablet purchasing. If we wanted to use encryption we have to go through multiple steps to make it happen on a mobile device. We have inconsistent delivery methods and clunky workflows to compose, send, and receive encrypted emails. We have to use a Web-based email solution, or add a special proxy server, or handle certificates that bring us back to the mid-1990s before identity-based encryption was commercially available. The native iOS and Android email clients don’t support much in the way of encryption outside of a SSL connection which only protects the data from the mobile to the server, not before or after. iOS email app has basic S/MIME PKI support but it’s just too complicated to use, especially for ad-hoc secure messaging which is typical in today’s on-demand socially connected world. And most of the third-party mobile email clients don’t do much to add any security to the attachments or messages accessed by a tablet or a smartphone. Finally, one additional challenge: many enterprises are encouraging their customers and partners to use their mobiles to communicate with their brands, making it more difficult to keep private information secure on non-corporate owned devices too. Mobile Data Security Options To truly protect your email and data from getting hacked, you need an approach that looks at the entire end-to-end process and protects all of the various components, including the message body, the header, the attachments and any replies. This needs to be secured 1 http://www.gartner.com/it/page.jsp?id=1980115 2 http://www.cioinsight.com/c/a/Latest-News/Identity-Fraud-Victims-are-Smartphone-Social-Media-Users-Report-187247/ 3
Adventures in Secure Mobile Email A Voltage Whitepaper wherever the email goes – including desktops, applications and mobile devices. The intended recipient should be the sole entity that can decrypt any of these components. Let’s look at three different intended solutions: mobile device managers, cloud-based file sharing services, and Web email clients. Each falls short of this goal when it comes to protecting the entire email data chain. There are over a dozen different mobile device managers available today. These are tools that provide a secure container to protect files and data on the mobile device. That is great, but what happens if emails or sensitive data is saved to your phone outside that container? What if you send an email from the container to an external recipient that doesn’t have the same set up? And while many MDMs are great at deactivating a lost or stolen phone, they do add a layer of complexity and detract from the overall ease of use of the native email experience. They are also ineffective when it comes to protecting the email end-to end in your smartphones and tablets. Another solution is to use of more than a dozen different cloud-based file sharing services that are designed for consumers. These tools are extremely easy to use and were originally developed to get around file attachment size limitations of older email products, but have since mushroomed. A recent report shows these services represent about 15 percent of total network bandwidth consumed and their use is growing faster than any other application category. At least one browser-based file sharing application was detected on 89 percent of the participating organizations’ networks, and an average of 13 different file sharing apps were found on each customer’s network3. Cloud file sharing services aren’t easy to manage from an enterprise perspective. Many of these services have other hidden limitations. Even when IT is aware of their use, the services generally lack transaction logging, which makes document control problematic. And some of these services aren’t as secure as their vendors advertise, or have questionable privacy policies. That’s a red flag to a compliance officer. A third solution is to use the Web-client options of many email encryption products. While these will work with mobile browsers, they still aren’t as easy to use as the native email apps that come with iOS or Android operating systems. Some of these products can only read and not compose encrypted messages, and some still make use of the older and cumbersome symmetric key solutions. Voltage’s Mobile Email Security Solution What is needed is a special app for mobile devices that can secure emails, but do so with the involvement of centralized authentication and message management policies that can be easy to maintain by IT staffers, where granular security policies can be created and enforced. That’s where Voltage’s SecureMail Mobile Edition comes into play. The app has several advantages over other mobile encryption products. First, it is dirt simple to use: a few taps or clicks and you can be sending emails securely. Secure messages are received 3 http://www.paloaltonetworks.com/aur 4
Adventures in Secure Mobile Email A Voltage Whitepaper in the native email applications and opened with the Voltage app. The software mirrors the same user interface that is native to the particular mobile device, so an iPad or Android user is comfortable using the Voltage email application with the same familiar controls and integration with the mobile’s existing contact list. There is no certificate management or downloading cumbersome attachments to be read in the mobile’s Web browser, and it makes use of identity- based encryption to simplify the process to communicate among correspondents who have never used encryption software before on desktops or mobile devices. It also integrates into the existing iOS or Android address books too. The app can be found on the Apple iTunes Store or Google Play, so it is easy for end users to download, provision themselves and register the app to securely correspond with enterprises enabled with Voltage SecureMail The mobile edition is another extension of the Voltage SecureMail family of products that have been around for several years and deployed by millions of end users and thousands of enterprises. The Mobile Edition works with the existing security and centralized policy enforcement and compliance settings too. The management console is a clean Web-based interface that has added a new series of menus for handling the mobile client: you can disable all mobile access with the click of one button, force end users to re-authenticate periodically, and set up new mobile-oriented encryption policies. For example, IT managers can create policies to block forwarding emails to non-trusted domains, or require certain compliance actions such as forwarding a copy of all mobile emails to the original sender. The Voltage SecureMail Mobile Edition satisfies the most stringent security requirements. All traffic is encrypted in transit and on the mobile device itself, so no worries if an email falls into the wrong hands. You can require users to re-authenticate themselves periodically as part of an overall IT policy enforcement. Files from email attachments that are stored in the mobile device inbox are also encrypted. Documents can be shared with external users outside your corporate domain with another global policy setting, and specific users’ email IDs can be whitelisted or blacklisted, depending on circumstances. We have come a long way in the many years since encrypted emails have been possible, and Voltage with its mobile software represents the next step in this evolution towards making it easier and part of the normal messaging workflow. About the Author David is a world-known expert on networking and communications technologies. Whether you got your first PC at age 60 or grew up with an Apple in your crib, Strom can help you understand how to use your computers, keep them secure, and understand how to create and deploy a variety of Internet applications and services. He has worked extensively in the Information Technology end-user computing industry and has managed editorial operations for trade publications in the network computing, electronics components, computer enthusiast, reseller channel and security markets. Voltage Security, Inc. w w w.voltage.com

Recommended

Computer
Computer Computer
Computer mona199323
 
Self charging mobiles
Self charging mobilesSelf charging mobiles
Self charging mobilesKrishna Chaitanya Bhagavatha
 
Mobile detector grp9
Mobile detector grp9Mobile detector grp9
Mobile detector grp9Prabhakar Nath
 
Mobile Power Bank
Mobile Power BankMobile Power Bank
Mobile Power Bankbingo India
 
Portable mobile charger
Portable mobile chargerPortable mobile charger
Portable mobile chargerHimanshu Phatnani
 
Portable Mobile Charger
Portable Mobile ChargerPortable Mobile Charger
Portable Mobile ChargerMalik Armughan
 
Materials in-making-a-power-bank
Materials in-making-a-power-bankMaterials in-making-a-power-bank
Materials in-making-a-power-bankJason Cortel
 
Led Ppt
Led PptLed Ppt
Led PptKen Yang
 

Recommended

Computer
Computer Computer
Computer mona199323
 
Self charging mobiles
Self charging mobilesSelf charging mobiles
Self charging mobilesKrishna Chaitanya Bhagavatha
 
Mobile detector grp9
Mobile detector grp9Mobile detector grp9
Mobile detector grp9Prabhakar Nath
 
Mobile Power Bank
Mobile Power BankMobile Power Bank
Mobile Power Bankbingo India
 
Portable mobile charger
Portable mobile chargerPortable mobile charger
Portable mobile chargerHimanshu Phatnani
 
Portable Mobile Charger
Portable Mobile ChargerPortable Mobile Charger
Portable Mobile ChargerMalik Armughan
 
Materials in-making-a-power-bank
Materials in-making-a-power-bankMaterials in-making-a-power-bank
Materials in-making-a-power-bankJason Cortel
 
Led Ppt
Led PptLed Ppt
Led PptKen Yang
 
Spark Twitter fails Mar2023
Spark Twitter fails Mar2023Spark Twitter fails Mar2023
Spark Twitter fails Mar2023David Strom
 
Getting Your First Cybersecurity Job
Getting Your First Cybersecurity JobGetting Your First Cybersecurity Job
Getting Your First Cybersecurity JobDavid Strom
 
Understanding passwordless technologies
Understanding passwordless technologiesUnderstanding passwordless technologies
Understanding passwordless technologiesDavid Strom
 
What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?David Strom
 
Fears and fulfillment with IT security
Fears and fulfillment with IT securityFears and fulfillment with IT security
Fears and fulfillment with IT securityDavid Strom
 
Protecting your digital and online privacy
Protecting your digital and online privacyProtecting your digital and online privacy
Protecting your digital and online privacyDavid Strom
 
AI and cyber security: new directions, old fears
AI and cyber security: new directions, old fearsAI and cyber security: new directions, old fears
AI and cyber security: new directions, old fearsDavid Strom
 
The legalities of hacking back
The legalities of hacking backThe legalities of hacking back
The legalities of hacking backDavid Strom
 
How to market your book in today's social media world
How to market your book in today's social media worldHow to market your book in today's social media world
How to market your book in today's social media worldDavid Strom
 
​Understanding the Internet of Things
​Understanding the Internet of Things​Understanding the Internet of Things
​Understanding the Internet of ThingsDavid Strom
 
How to make your mobile phone safe from hackers
How to make your mobile phone safe from hackersHow to make your mobile phone safe from hackers
How to make your mobile phone safe from hackersDavid Strom
 
Implications and response to large security breaches
Implications and response to large security breaches Implications and response to large security breaches
Implications and response to large security breaches David Strom
 
Using social networks to find your next job (2017)
Using social networks to find your next job (2017)Using social networks to find your next job (2017)
Using social networks to find your next job (2017)David Strom
 
Security v. Privacy: the great debate
Security v. Privacy: the great debateSecurity v. Privacy: the great debate
Security v. Privacy: the great debateDavid Strom
 
Using OpenStack to Control VM Chaos
Using OpenStack to Control VM ChaosUsing OpenStack to Control VM Chaos
Using OpenStack to Control VM ChaosDavid Strom
 
Notable Twitter fails
Notable Twitter failsNotable Twitter fails
Notable Twitter failsDavid Strom
 
How to make the move towards hybrid cloud computing
How to make the move towards hybrid cloud computingHow to make the move towards hybrid cloud computing
How to make the move towards hybrid cloud computingDavid Strom
 
Listen to Your Customers: How IT Can Provide Better Support
Listen to Your Customers: How IT Can Provide Better SupportListen to Your Customers: How IT Can Provide Better Support
Listen to Your Customers: How IT Can Provide Better SupportDavid Strom
 
Network security practice: then and now
Network security practice: then and nowNetwork security practice: then and now
Network security practice: then and nowDavid Strom
 
Biggest startup mistakes
Biggest startup mistakesBiggest startup mistakes
Biggest startup mistakesDavid Strom
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 

More Related Content

More from David Strom

Spark Twitter fails Mar2023
Spark Twitter fails Mar2023Spark Twitter fails Mar2023
Spark Twitter fails Mar2023David Strom
 
Getting Your First Cybersecurity Job
Getting Your First Cybersecurity JobGetting Your First Cybersecurity Job
Getting Your First Cybersecurity JobDavid Strom
 
Understanding passwordless technologies
Understanding passwordless technologiesUnderstanding passwordless technologies
Understanding passwordless technologiesDavid Strom
 
What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?David Strom
 
Fears and fulfillment with IT security
Fears and fulfillment with IT securityFears and fulfillment with IT security
Fears and fulfillment with IT securityDavid Strom
 
Protecting your digital and online privacy
Protecting your digital and online privacyProtecting your digital and online privacy
Protecting your digital and online privacyDavid Strom
 
AI and cyber security: new directions, old fears
AI and cyber security: new directions, old fearsAI and cyber security: new directions, old fears
AI and cyber security: new directions, old fearsDavid Strom
 
The legalities of hacking back
The legalities of hacking backThe legalities of hacking back
The legalities of hacking backDavid Strom
 
How to market your book in today's social media world
How to market your book in today's social media worldHow to market your book in today's social media world
How to market your book in today's social media worldDavid Strom
 
​Understanding the Internet of Things
​Understanding the Internet of Things​Understanding the Internet of Things
​Understanding the Internet of ThingsDavid Strom
 
How to make your mobile phone safe from hackers
How to make your mobile phone safe from hackersHow to make your mobile phone safe from hackers
How to make your mobile phone safe from hackersDavid Strom
 
Implications and response to large security breaches
Implications and response to large security breaches Implications and response to large security breaches
Implications and response to large security breaches David Strom
 
Using social networks to find your next job (2017)
Using social networks to find your next job (2017)Using social networks to find your next job (2017)
Using social networks to find your next job (2017)David Strom
 
Security v. Privacy: the great debate
Security v. Privacy: the great debateSecurity v. Privacy: the great debate
Security v. Privacy: the great debateDavid Strom
 
Using OpenStack to Control VM Chaos
Using OpenStack to Control VM ChaosUsing OpenStack to Control VM Chaos
Using OpenStack to Control VM ChaosDavid Strom
 
Notable Twitter fails
Notable Twitter failsNotable Twitter fails
Notable Twitter failsDavid Strom
 
How to make the move towards hybrid cloud computing
How to make the move towards hybrid cloud computingHow to make the move towards hybrid cloud computing
How to make the move towards hybrid cloud computingDavid Strom
 
Listen to Your Customers: How IT Can Provide Better Support
Listen to Your Customers: How IT Can Provide Better SupportListen to Your Customers: How IT Can Provide Better Support
Listen to Your Customers: How IT Can Provide Better SupportDavid Strom
 
Network security practice: then and now
Network security practice: then and nowNetwork security practice: then and now
Network security practice: then and nowDavid Strom
 
Biggest startup mistakes
Biggest startup mistakesBiggest startup mistakes
Biggest startup mistakesDavid Strom
 

More from David Strom (20)

Spark Twitter fails Mar2023
Spark Twitter fails Mar2023Spark Twitter fails Mar2023
Spark Twitter fails Mar2023
 
Getting Your First Cybersecurity Job
Getting Your First Cybersecurity JobGetting Your First Cybersecurity Job
Getting Your First Cybersecurity Job
 
Understanding passwordless technologies
Understanding passwordless technologiesUnderstanding passwordless technologies
Understanding passwordless technologies
 
What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?What endpoint protection solutions are available on the market today?
What endpoint protection solutions are available on the market today?
 
Fears and fulfillment with IT security
Fears and fulfillment with IT securityFears and fulfillment with IT security
Fears and fulfillment with IT security
 
Protecting your digital and online privacy
Protecting your digital and online privacyProtecting your digital and online privacy
Protecting your digital and online privacy
 
AI and cyber security: new directions, old fears
AI and cyber security: new directions, old fearsAI and cyber security: new directions, old fears
AI and cyber security: new directions, old fears
 
The legalities of hacking back
The legalities of hacking backThe legalities of hacking back
The legalities of hacking back
 
How to market your book in today's social media world
How to market your book in today's social media worldHow to market your book in today's social media world
How to market your book in today's social media world
 
​Understanding the Internet of Things
​Understanding the Internet of Things​Understanding the Internet of Things
​Understanding the Internet of Things
 
How to make your mobile phone safe from hackers
How to make your mobile phone safe from hackersHow to make your mobile phone safe from hackers
How to make your mobile phone safe from hackers
 
Implications and response to large security breaches
Implications and response to large security breaches Implications and response to large security breaches
Implications and response to large security breaches
 
Using social networks to find your next job (2017)
Using social networks to find your next job (2017)Using social networks to find your next job (2017)
Using social networks to find your next job (2017)
 
Security v. Privacy: the great debate
Security v. Privacy: the great debateSecurity v. Privacy: the great debate
Security v. Privacy: the great debate
 
Using OpenStack to Control VM Chaos
Using OpenStack to Control VM ChaosUsing OpenStack to Control VM Chaos
Using OpenStack to Control VM Chaos
 
Notable Twitter fails
Notable Twitter failsNotable Twitter fails
Notable Twitter fails
 
How to make the move towards hybrid cloud computing
How to make the move towards hybrid cloud computingHow to make the move towards hybrid cloud computing
How to make the move towards hybrid cloud computing
 
Listen to Your Customers: How IT Can Provide Better Support
Listen to Your Customers: How IT Can Provide Better SupportListen to Your Customers: How IT Can Provide Better Support
Listen to Your Customers: How IT Can Provide Better Support
 
Network security practice: then and now
Network security practice: then and nowNetwork security practice: then and now
Network security practice: then and now
 
Biggest startup mistakes
Biggest startup mistakesBiggest startup mistakes
Biggest startup mistakes
 

Recently uploaded

Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 

Recently uploaded (20)

Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 

Voltage security-adventures-in-secure-mobile-email

  • 1. Whitepaper Adventures in Secure Mobile Email By David Strom
  • 2. Adventures in Secure Mobile Email A Voltage Whitepaper Sending and receiving encrypted email with sensitive data should be a lot easier to do. But it ends up being something painful, and as a result we tend to avoid this protection. Haven’t we all been schooled that sending emails in plain text is like having a post card plastered to the wall of your local coffee bar? Haven’t all the various exploits with stolen credit cards and hackers breaking into various Web-based email services been warning enough? Apparently not. Oddly, this summer marks the eleventh year anniversary of identity-based message encryption with more than a billion secure messages being exchanged annually. But that still pales in comparison to the many insecure messages containing sensitive data being exchanged in the clear. Certainly encrypted email still isn’t very common practice, despite this impressive statistic. In the many years since encrypted email was first invented in the mid-1990s, we have seen a lot of progress, at least from the technology side of the house. We have some standards, we have some multi-vendor interoperability, and we have some products that don’t require a PhD in cryptography to install and use. There are some terrific products that make encrypting and decrypting emails almost effortless, and relatively inexpensive to widely deploy across small and large enterprises. Obstacles to Widespread Encrypted Email Use But despite these improvements, using secure email is still not widely adopted. There are several reasons why: First, as we all know, unencrypted emails are very easy to send and encryption can add extra steps. Some certificate-based systems are too complex: most end users don’t even know what a public key certificate is or how to use it. Second, many IT admins are still under the mistaken impression that securing their email is either expensive, cumbersome, or requires a symmetric key solution for both recipients and senders. None of these are true today, although they were for many years. Maybe someone should send these IT managers a message! Some products even have Outlook plug-ins to make the whole process even easier for the user, and the latest identity-based encryption products are simple to use without compromising on security. Third, many businesses have to comply with ever-present regulations around communication of sensitive data, and the processes that support it, like legal e-discovery and archiving. The latter can be a big deal. Companies even resort to sending sensitive data on media via snail mail with all the risks that come with it, unaware that technologies like identity-based messaging can solve both problems. Finally, there is the biggest obstacle yet: more people are using mobile devices that don’t have very good email encryption experiences. Let’s take a closer look at this. 2
  • 3. Adventures in Secure Mobile Email A Voltage Whitepaper The Mobile Encryption Experience Today’s knowledge worker isn’t just using their Windows or Mac desktops, but a variety of iOS, Android and BlackBerry mobile phones and tablets to communicate. Indeed, in many organizations the iPad has become the defacto executive dashboard, and many people have moved to using their mobile device as their exclusive communications tool. Gartner predicts that worldwide tablet sales will reach 119 million units by the end of this year1 and that enterprise tablets will compromise more than a third of total tablet sales in 2015. As one example, many school districts are buying them for all of their students to facilitate homework completion and communication after school hours. This represents yet another reason to encrypt emails with sensitive data. Most end users think of their mobiles devices as their own, even if they were purchased with the company’s credit cards. They think nothing of using them to transmit sensitive corporate data or to just making whatever copies they need of business documents to take along. But they are a corporate asset, and need to be protected accordingly. That is a challenge. Given that a smartphone is lost or stolen every 15 seconds, that is a lot of data that is just ripe for the picking. We don’t think what would happen if our mobile phone or tablet is lost or stolen, and whether our corporate email traffic is saved on it. To make matters worse, about half of business users don’t even protect their devices with a simple four-digit power-on PIN2. On top of these issues, the secure email world has lagged behind this influx of tablet purchasing. If we wanted to use encryption we have to go through multiple steps to make it happen on a mobile device. We have inconsistent delivery methods and clunky workflows to compose, send, and receive encrypted emails. We have to use a Web-based email solution, or add a special proxy server, or handle certificates that bring us back to the mid-1990s before identity-based encryption was commercially available. The native iOS and Android email clients don’t support much in the way of encryption outside of a SSL connection which only protects the data from the mobile to the server, not before or after. iOS email app has basic S/MIME PKI support but it’s just too complicated to use, especially for ad-hoc secure messaging which is typical in today’s on-demand socially connected world. And most of the third-party mobile email clients don’t do much to add any security to the attachments or messages accessed by a tablet or a smartphone. Finally, one additional challenge: many enterprises are encouraging their customers and partners to use their mobiles to communicate with their brands, making it more difficult to keep private information secure on non-corporate owned devices too. Mobile Data Security Options To truly protect your email and data from getting hacked, you need an approach that looks at the entire end-to-end process and protects all of the various components, including the message body, the header, the attachments and any replies. This needs to be secured 1 http://www.gartner.com/it/page.jsp?id=1980115 2 http://www.cioinsight.com/c/a/Latest-News/Identity-Fraud-Victims-are-Smartphone-Social-Media-Users-Report-187247/ 3
  • 4. Adventures in Secure Mobile Email A Voltage Whitepaper wherever the email goes – including desktops, applications and mobile devices. The intended recipient should be the sole entity that can decrypt any of these components. Let’s look at three different intended solutions: mobile device managers, cloud-based file sharing services, and Web email clients. Each falls short of this goal when it comes to protecting the entire email data chain. There are over a dozen different mobile device managers available today. These are tools that provide a secure container to protect files and data on the mobile device. That is great, but what happens if emails or sensitive data is saved to your phone outside that container? What if you send an email from the container to an external recipient that doesn’t have the same set up? And while many MDMs are great at deactivating a lost or stolen phone, they do add a layer of complexity and detract from the overall ease of use of the native email experience. They are also ineffective when it comes to protecting the email end-to end in your smartphones and tablets. Another solution is to use of more than a dozen different cloud-based file sharing services that are designed for consumers. These tools are extremely easy to use and were originally developed to get around file attachment size limitations of older email products, but have since mushroomed. A recent report shows these services represent about 15 percent of total network bandwidth consumed and their use is growing faster than any other application category. At least one browser-based file sharing application was detected on 89 percent of the participating organizations’ networks, and an average of 13 different file sharing apps were found on each customer’s network3. Cloud file sharing services aren’t easy to manage from an enterprise perspective. Many of these services have other hidden limitations. Even when IT is aware of their use, the services generally lack transaction logging, which makes document control problematic. And some of these services aren’t as secure as their vendors advertise, or have questionable privacy policies. That’s a red flag to a compliance officer. A third solution is to use the Web-client options of many email encryption products. While these will work with mobile browsers, they still aren’t as easy to use as the native email apps that come with iOS or Android operating systems. Some of these products can only read and not compose encrypted messages, and some still make use of the older and cumbersome symmetric key solutions. Voltage’s Mobile Email Security Solution What is needed is a special app for mobile devices that can secure emails, but do so with the involvement of centralized authentication and message management policies that can be easy to maintain by IT staffers, where granular security policies can be created and enforced. That’s where Voltage’s SecureMail Mobile Edition comes into play. The app has several advantages over other mobile encryption products. First, it is dirt simple to use: a few taps or clicks and you can be sending emails securely. Secure messages are received 3 http://www.paloaltonetworks.com/aur 4
  • 5. Adventures in Secure Mobile Email A Voltage Whitepaper in the native email applications and opened with the Voltage app. The software mirrors the same user interface that is native to the particular mobile device, so an iPad or Android user is comfortable using the Voltage email application with the same familiar controls and integration with the mobile’s existing contact list. There is no certificate management or downloading cumbersome attachments to be read in the mobile’s Web browser, and it makes use of identity- based encryption to simplify the process to communicate among correspondents who have never used encryption software before on desktops or mobile devices. It also integrates into the existing iOS or Android address books too. The app can be found on the Apple iTunes Store or Google Play, so it is easy for end users to download, provision themselves and register the app to securely correspond with enterprises enabled with Voltage SecureMail The mobile edition is another extension of the Voltage SecureMail family of products that have been around for several years and deployed by millions of end users and thousands of enterprises. The Mobile Edition works with the existing security and centralized policy enforcement and compliance settings too. The management console is a clean Web-based interface that has added a new series of menus for handling the mobile client: you can disable all mobile access with the click of one button, force end users to re-authenticate periodically, and set up new mobile-oriented encryption policies. For example, IT managers can create policies to block forwarding emails to non-trusted domains, or require certain compliance actions such as forwarding a copy of all mobile emails to the original sender. The Voltage SecureMail Mobile Edition satisfies the most stringent security requirements. All traffic is encrypted in transit and on the mobile device itself, so no worries if an email falls into the wrong hands. You can require users to re-authenticate themselves periodically as part of an overall IT policy enforcement. Files from email attachments that are stored in the mobile device inbox are also encrypted. Documents can be shared with external users outside your corporate domain with another global policy setting, and specific users’ email IDs can be whitelisted or blacklisted, depending on circumstances. We have come a long way in the many years since encrypted emails have been possible, and Voltage with its mobile software represents the next step in this evolution towards making it easier and part of the normal messaging workflow. About the Author David is a world-known expert on networking and communications technologies. Whether you got your first PC at age 60 or grew up with an Apple in your crib, Strom can help you understand how to use your computers, keep them secure, and understand how to create and deploy a variety of Internet applications and services. He has worked extensively in the Information Technology end-user computing industry and has managed editorial operations for trade publications in the network computing, electronics components, computer enthusiast, reseller channel and security markets. Voltage Security, Inc. w w w.voltage.com