Alexandria, Va., October 9, 2012 – Email encryption is designed to keep sensitive information safe but Federal information security and email management professionals say standard email is the number one way unauthorized data leaves an agency. A new study by MeriTalk and sponsored by Axway, titled “The Encryption Enigma,” looks at how Federal information security and email management professionals view email security and encryption issues.
A single Federal agency sends and receives an average of 47.3 million emails each day, averaging 1.89 billion emails per day for the Federal government overall. While 79 percent of Federal information security and email management professionals say cyber security is a top priority, only one in four give the security of their current email solution an “A.”
This is particularly troubling given that 83 percent of Federal agencies provide users with the ability to encrypt outbound email. Email is the number one way unauthorized data, including classified and sensitive information, leaves Federal agencies followed by agency-issued mobile devices and USB flash drives. In a number of cases, the very encryption that may be used to ensure the security of information becomes the tool for hiding sensitive information as it leaves through the email gateway.
Most agencies (84 percent) believe that they are safe and support the inspection of desktop-encrypted email. However, to effectively support the inspection of desktop-encrypted emails, agencies must:
- Validate all email users;
- Have proper email polices in place; and
- Ensure users must follow correct email policies.
Currently, 47 percent of agencies cite the need for better email policies and 45 percent report that employees do not follow these policies. In fact, even if these three conditions are met, agencies may be unable to enforce email policies unless their email gateways explicitly decrypt and scan desktop-encrypted email.
“Email encryption is an important tool for protecting sensitive information, but agencies must be sure that encryption is not making outbound emails so opaque that sensitive information can pass through without detection,” said Michael Dayton, senior vice president, security solutions group, Axway. “Agencies themselves may be providing the tools by which Federal workers are leaking critical information – intentionally or not.”
Email encryption is a growing issue with 51 percent of information security professionals seeing email encryption becoming a more significant problem for Federal agencies in the next five years. In addition, 80 percent of information security managers are concerned about the possibility of data loss prevention violations encrypted in emails and 58 percent believe encryption makes it harder to detect when valuable or sensitive data is leaving the agency.
Furthermore, file sharing through email is another collaboration tool that needs to be secure, especially when the files being shared contain critical data. The ability to enforce encryption of certain documents in an automated way and also provide Federal agencies with the ability to decrypt files is key to ensuring secure file sharing through email.
Federal information security and email management professionals say the top barriers to securing Federal email are:
- Lack of budget (46 percent);
- Lack of employees adhering to security policies (45 percent);
- The rise of mobile technologies (30 percent); and
- Lack of training (29 percent).
To overcome these challenges, 55 percent of survey respondents suggest improved end-user training and 54 percent suggest advanced email security technology.
“The Encryption Enigma” is based on an online survey of 203 Federal government information security and email management professionals in June and July 2012. To download the full study, please visit http://www.meritalk.com/encryption-enigma.
The voice of tomorrow’s government today, MeriTalk is an online community and go-to resource for government IT. Focusing on government’s hot-button issues, MeriTalk hosts Data Center Exchange, Cyber Security Exchange, and Cloud Computing Exchange – platforms dedicated to supporting public-private dialogue and collaboration. MeriTalk connects with an audience of 85,000 government community contacts. For more information, visit www.meritalk.com
or follow us on Twitter, @meritalk.
Axway (NYSE Euronext: AXW.PA), the Business Interaction Networks company, is a software company with more than 11,000 customers in 100 countries. For more than a decade, Axway has provided leading organizations around the world with proven technology solutions that integrate, manage, secure and govern the business-critical interactions that accelerate enterprise performance. Our award-winning solutions span business-to-business integration, managed file transfer, business operations monitoring, process management, and email and identity security – offered on premise or in the Cloud with professional and managed services. Axway is registered in France with headquarters in the United States and offices around the globe. More information is available at www.axway.com.