Firstly, apologies for the title, I personally cannot stand those condescending blogs or articles that try to explain what something is because you’re far too unintelligent to work it out yourself. The good news is however, that this isn’t one of those.

Email Security is a term so widely interpreted by vendors and the industry that it needs further clarification to identify the topic to be discussed or worse implemented. A colleague recently mentioned in conversation that someone he knew was in “email security”. I enquired as to what said person actually did, and the reality was that neither of us had a clue of which part of Email Security it was.

The same goes for vendors and technology. Pop the term ‘email security’ into Google and you’ll see a whole heap of vendors, some complimentary others not even related in the slightest! The reason for this is that email operates on many different levels: it’s read and written by humans, it can contain other data and attachments – sometimes malicious – and emails are delivered across networks by machines.

Let us start at the transport layer then; perhaps Email Security is about securing the delivery of email? Relaying it over encrypted channels such that it is not susceptible to interference or interception? Or that the recipient and sender are both valid and it is acceptable to send communication between one another? That the data within the email isn’t malicious, containing executable attachments or originating at a source known to be dangerous?

Email Security also can of course be Data Loss Prevention (DLP) related, the original integrated DLP vendors were email gateways, capable of understanding the data within attachments or the body, subject or anywhere else and making decisions as to where it can be sent.

Or if perhaps the data should be wrapped in additional layers of security? Delivered by another platform rather than SMTP. Or controlling what can be done at the recipient end once they’ve read it, to stop them from printing or forwarding to other domains for example.

Supposedly, phishing attacks account for 90% of initial attack vectors. Phishing must be it, spotting those and preventing your employees from being phished. Phishing itself is so hard to spot as it’s no more than words on a page attempting to trick a human into performing an action or responding with some information.

Spam? Maybe Email Security is keeping the junk from our inboxes (sidenote: spam was so much better in the 2000s).

Or is it user education?

The brutal reality is that all of these things are equally as important as one another and because email is deployed and interacted with by humans and across system networks and servers it must be protected adequately and often independently at each stage.

HANDD work with vendors that help manage all of the aforementioned threats and a has a team of security specialists who can advise on the best technology to assist your organisation.  If you’d like to discuss this further, call us on +44 (0) 845 643 4063 or email us at info@handd.co.uk

Written by Sam Malkin,
Lead Solutions Architect at HANDD Business Solutions

Further Reading

• Read how one client landed a phishing defence solution to protect staff from malicious email
• The importance of Email Security