Last year we were speaking to some distinguished analysts in the email space and they had a hunch.
A hunch that end users were using their personal email to work around corporate email systems.
He believed this was because of growth of Social Networks and the blurring of Personal and Work technology. But he didn’t know. This is the guy that sets email strategy for most of the Fortune 1000.
So we wanted to know WHY? Why are users using personal email? Why are they working around their Corporate email systems?
Enter Generation Gmail. An independent survey and report by Loudhouse research comissioned by Mimecast into the usage of personal email for work.
Breaking the Kubernetes Kill Chain: Host Path Mount
The Hidden Security Danger – Don’t Let Email Be Your Downfall
1. The Hidden Security Danger –
Don’t Let Email Be Your Downfall
Justin Pirie
@justinpirie
blog.mimecast.com
jpirie@mimecast.com
Infosecurity Europe
April 19th 2011
nccarf_au
66. Thanks!
Feel free to contact me:
Justin Pirie
@justinpirie
blog.mimecast.com
jpirie@mimecast.com
Infosecurity Europe
April 19th 2011
nccarf_au
Hinweis der Redaktion
Hi My name’s Justin Pirie
I’m the Cloud Strategist here at Mimecast but I’m best known as an Analyst Blogger in the SaaS and Cloud space.
Security
Continutity
Archive
How did this all start?
Last year we were speaking to some distinguished analysts in the email space and they had a hunch. A hunch that end users were using their personal email to work around corporate email systems.
He believed this was because of growth of Social Networks and the blurring of Personal and Work technology. But he didn’t know. This is the guy that sets email strategy for most of the Fortune 1000.
So we wanted to know WHY? Why are users using personal email? Why are they working around their Corporate email systems?
Enter Generation Gmail. An independent survey and report by Loudhouse research comissioned by Mimecast into the usage of personal email for work.
Before I deep dive into the report- I just want to set the context: Why does it matter? I don’t think I need to spell out the risks to a room full of infosec professionals, but please humor me!
Over the years various analysts have estimated there is up to 80% of Corporate IP contained within email. Think of how you transfer files between colleagues. Hands up who sends files through email?
Think about what that means: Client Details, Corporate Secrets and Infrastructure details. Not stuff you want to be losing.
But beyond the obvious- Does personal email meet Data Protection and Data Sovereignty requirements?
What about anti-malware requirements?
Your Password Policy?
Corporate retention and audit policies? Does it enable e-discovery?
Legal requirements?- Corporate information VAT, Company No, Disclaimers etc
Data Leak Prevention- PCI compliance, end point protection
Prevent Interception- keyloggers and public access (wifi etc)
http://www.flickr.com/photos/hukuzatuna/246057418/sizes/o/in/photostream/
Of course not! It’s free consumer email.
http://www.flickr.com/photos/bstabler/770416963/sizes/z/in/photostream/
Nightmare! All the years and experience that goes into securing corporate email is going down the toilet!
Why is this happening? I believe it is part of the broader context- the so called consumerisation of Technology.
The infiltration of technology in our personal lives is now reversing back into our corporate lives.
What’s interesting is that the research highlights that home and work technology overlaps for 65% of people. Certainly mine does. I want one inbox to deal with in my life. I hate SMS and Voicemail because they don’t get delivered to my email inbox.
Yet at the same time people keep saying Email is dead. How do those facebook notifications get to your inbox I wonder?
What is happening is a change in how people communicate.
Communication is simultaneously becoming more important and easier.
It started with Text Messaging and Blackberries and is now Facebook and Twitter.
What makes us productive at home we now want at work.
But the problem for most corporates is that their email systems haven’t kept up with the rapidly changing pace of communications. Email hasn’t been a priority investment area- it’s dead- remember?
We keep hearing that email is dead- but research shows that email is still alive and kicking! Nathaniel is so fed up of people saying its dead!
Over 30 percent of people remain on Exchange 2003, released when Mark Zuckerberg was 19 and still at college! Microsoft are already two versions ahead but people haven’t kept pace.
It’s not therefore surprising that users used to using Facebook, Twitter and Gmail rebel against out of date email systems.
For example- who has a smartphone?
And who has a smartphone for work?
Who can receive their work email on a Smartphone?
Who uses their personal email for work?
The survey showed 85% of under 25’s use personal email for work
1 in 5 on a regular basis
They now know better than ever before- people have on average 3 email accounts including work. 52% of under 25’s think their personal mailbox is better than their corporate mailbox.
And I’m not alone in that either- 66% of people say that email is their preferred communication vehicle at work.
Why? It’s because email is the easiest, most non-obtrusive way to manage work and personal communications.
79% of people send work emails from their personal accounts- 1 in 5 on a regular basis.
There’s a disconnect here
The big question was WHY?
And in terms of storage- people have been trained to think of storage as unlimited. Despite the limitations of traditional email systems.
Anyone who’s tried to manage mailbox sizes on Exchange 2003 understands that storage isn’t unlimited- at least without a significant cost.
Not surprising that 56% of people have mailbox frustrations and 39% over the size of their mailboxes.
Or is it that in order to remain productive and flexible this generation “workaround” security policies?
The restrictive policies that IT has put into place for “security” have been foiled by these workaround workers, and they’re potentially damaging the Enterprise.
I don’t think this is a problem we can ignore any more.
SO what’s the solution?
I think there are other answers to protect the organisations value.
But IT aren’t entirely to blame- they’re struggling to find a balance between employee empowerment and control.
But the problem is that the perimiter is gone. You can’t trust your own network anymore.
Force Can’t Solve All Problems-
"The more you tighten your grip… the more star systems will slip through your fingers.” -- Princess Leia
We need to enable them to use corporate systems, not because they have to, but because they prefer to.
What can we do today to extend the corporate email environment to try and give users the empowerment they want while retaining control for the enterprise?
Offloading historical mailbox storage into the cloud- a cloud archive is an excellent way to simultaneously get control over mailbox sizes on premise while enabling users to have unlimited storage.
And the research backs it up- 40% of people would be less likely to workaround corporate systems if they had an unlimited mailbox. A significant security uplift.
Let’s not forget about uptime either. 86% consider it essential that email is problem free.
Cloud Continuity- DR/BC much cheaper and easier in the Cloud